HoyleCohen Cybersecurity
Symposium Summary





By Mark Delfino, MBA

CEO & Senior Managing Director

Cybersecurity is a timely and important topic that we take very seriously. HoyleCohen held cybersecurity symposiums for our clients in Sacramento, Santa Monica and San Diego last week. Noted industry expert John O’Connor covered a wide range of topics and offered practical advice to the more than 300 people who attended. What follows are highlights of the event and what HoyleCohen is doing with regards to cybersecurity. We also provide a link to an informative white paper written by John O’Connor on the topic.

Symposium Highlights

John addressed the topic by identifying who the adversary is, how they do what they do, and what we can do to better protect ourselves. While nation-states like Russia may get the headlines, the enemies of average citizens are economic criminals not agents of foreign governments. John described various approaches for cyber-fraud, the most common of which involves stealing user IDs and log-in credentials by putting key-logging ‘malware’ on our devices when we click on an infected link or ad.

Unfortunately, our use of social media (e.g., Facebook) and networking sites (e.g., Linked-In) have made it easier to deceive us. Long gone are the days of generic, misspelled emails from Nigeria. According to John, today’s successful fraudsters buy profile data on us first so they know our primary affiliations and interests, allowing them to craft emails that look like those coming from common, trusted sources.

John spent most of the time discussing how to better protect against online fraud. For those who did not attend a symposium, I strongly suggest you read John’s white paper which summarizes most of the primary actions you should consider. Click here for access to John’s article.

John also covered some topics not mentioned in the article:

  • Managing Your Digital Footprint. More information about us, where we live, what we own, is becoming easier to access online. Once it’s out there, it can often be difficult to remove. John suggested that everyone be aware of what information is out there about them. One easy test is to Google your name, addresses of owned properties, companies/business entities, etc., to see what you find. If you find potentially damaging or inappropriate information, John said there are services that can help remove it for a fee.
  • Residential Property & Help. John strongly suggested that everyone understand and use their home security systems. In addition to being good practice, social media is making it easier for us to unknowingly telegraph our travels by posting pictures and messages from far-and-distant places. He also suggested that we make sure anyone with access to our homes and properties are properly vetted. These people represent a large portion of residential theft and John is always surprised by how many wealthy people know so little about those who have access to their homes.
  • International Travel. John suggested that anyone travelling or living abroad enroll in the State Department’s Smart Traveler Enrollment Program (STEP). STEP is a free service whereby you provide your trip itinerary and contact information to the nearest U.S. Embassies or Consulates. This allows them to send you important information about safety conditions as well as being able to contact you in the event of a natural or manmade emergency. Our foreign embassies exist in large part to protect U.S. citizens abroad and this helps them do that effectively. In addition, John suggested that foreign travelers consider temporary medical evacuation insurance for extra protection against unforeseen illness, injury or emergencies. John said premiums tend to be a few hundred dollars and vary based on factors like duration, coverage, and age of the insured. While not endorsing any providers, he mentioned Global Rescue and International SOS as two providers he has used.
  • Elder Abuse. John touched on our aging society and the growing problem of individuals taking advantage of our elderly, particularly those with dementia or Alzheimer’s. Sadly, the majority of this type of fraud is perpetrated by relatives and care givers. John suggested that accounts be set up so that another trusted family member or individual have view-only access to financial accounts to help detect any fraud that might be occurring.


Cybersecurity and HoyleCohen

Cybersecurity is one of our highest priorities. Below is a brief summary of what we at HoyleCohen are doing to address it. First, we have 24/7 (around the clock) monitoring of our systems by our IT provider, we do daily anti-virus scans and software updates, and we regularly test our back-up servers in the event of a disaster to ensure business continuity and data redundancy.

Second, we have outside consultants who perform independent reviews of our cybersecurity infrastructure and our policies and procedures to help identify and prevent potential incidents. In 2017, we conducted two types of technical cybersecurity tests. We did a ‘vulnerability scan’ to assess the security strength of our systems and a ‘penetration test’ which involved paying a third-party to try to penetrate (or ‘hack’ into) our systems. We are pleased to report that they were not able to penetrate our systems and we received high marks on both tests with no critical issues or risks identified.

Third, we do extensive staff training that includes cybersecurity topics, role playing and actual examples of fraud attempts. These topics are highlighted because most breaches still involve people being ‘tricked’ by fraudsters. As part of this month’s training, John spent two hours with our staff in each of our three offices to further enrich our awareness of these risks.

Fourth, we’ve created redundancies and extra checks and balances in our processes to help ensure validation and authentication, particularly when facilitating financial transactions for clients. One recent change was requiring two staff members to confirm any disbursement of funds from any HoyleCohen account to a new account or a third-party account to prevent fraud. We know clients sometimes get frustrated with the extra calls or red tape, but we believe it is worth the enhanced protection.

Fifth, we vet and review the cybersecurity controls of critical third-party service providers like Tamarac (our systems/portal provider), our custodians, and other vendors.

Sixth, we are proactive in both identifying and helping resolve any potential issues that might affect our clients when they do arise. For instance, we recently alerted a client’s CPA that their email had been hacked and was being used by a fraudster trying to get information from us on our mutual client.

Finally, it is important for clients to keep in mind that we are only the advisor of a client’s investment assets and that a custodian like Schwab,  TD Ameritrade or MTC has actual custody  of a client’s money so this adds another, independent layer of protection.

We will be taking some new actions. We will require two-factor authentication for HC client portal access starting very soon. Interestingly, we tried to implement two-factor authentication some time ago then discontinued it due to client complaints about ease of use. That was before Equifax and other high profile cybersecurity breaches. As we heard from John, this approach is one of the best ways to protect yourself today as those who steal user IDs and passwords have not yet found a good way to intercept or access these independent, real-time codes. Two factor authentication is quickly becoming the best practice norm, and John was emphatic that we and our clients implement this.

Better to Prepare and Protect

Cyber risks are here to stay, but this does not mean we should live in fear of technology or try to avoid cyber risks at all costs. As John pointed out, there are many ways to address these risks. As with most risk management decisions, preparedness involves assessing options along a continuum. It’s important to identify the proper balance among security, cost, and convenience for your personal situation.

Cybersecurity is also a moving target. What we do to protect us today may prove inadequate tomorrow. We at HoyleCohen will continue to work extra hard to stay on top of cybersecurity and to help clients do the same. Through education and wise choices, we can better prepare and protect ourselves so we can each live without undue worry while still reaping benefits from technology and its connectedness.

We travel this journey together. As always, please feel free to reach out to us if you’d like to know more or if you feel we can assist you.