Dear Clients and Friends of HWM,
The recent highly publicized Equifax data breach is a reminder to all of us that we should review our exposure not only to this incident but to cybercrime in general.
What We’re Doing Protect Your Information
As you know, we use Kestra Investment Services, LLC (Kestra IS) as our broker dealer and Kestra Advisory Services, LLC (Kestra AS) as our registered investment adviser. The parent company of Kestra IS and Kestra AS is Kestra Financial. These companies take cybersecurity and its responsibility to protect your information very seriously, and adhere to high security standards that include multiple security certifications, multi-factor authentication, encryption of all data, email surveillance and encryption, annual training for all of their employees, strict device management and destruction policies, and annual testing of their systems by leading third-party cyber consultants.
Kestra Financial’s security practices prevented any direct exposure of their systems to the Equifax security breach. Additionally, Kestra Financial doesn’t use Apache Struts, the software used by Equifax that allowed them to be breached.
However, given that 143 million Americans records were compromised by the Equifax breach, odds are that simply by being a consumer in the U.S. economy, you and most of the people you know had private information (such as your name, birth date, Social Security number, and home address) leaked.
What You Can Do to Protect Yourself
To protect your information and minimize the impact of this leak, we recommend following the Federal Trade Commission’s instructions at The Equifax Data Breach: What to Do
Additionally, you should review your own cybersecurity measures to ensure you’re protecting yourself:
- Your electronic devices should be password protected and encrypted (e.g., Windows PCs should have Bitlocker or an equivalent technology enabled).
- Keep up-to-date antivirus software running on your devices and stay up-to-date on patches and updates as well.
- Use strong passwords that are not easily guessable (i.e., no words that appear in the dictionary or family member/pet names).
- Never use the same password with multiple systems or websites
- Enable multi-factor authentication whenever a website or system you rely upon offers it.
- Never give out your password to anyone, even if they’re claiming to “help” you. The IT help desk at any legitimate company would never ask you to do that.
- Backup all important information offsite so that you won’t be impacted by the loss or unavailability of a system or device.
- Don’t click suspicious links in email and don’t assume that the person sending an email is who they say they are.
- Never login to websites that:
- Aren’t secured with HTTPS
- Are displaying browser warnings that complain of bad or invalid certificates