Security Tip (ST04-003)
Good Security Habits
Original release date: June 02, 2009 | Last revised: November 14, 2019
There are some simple habits you can adopt that, if performed consistently, may dramatically reduce the chances that the information on your computer will be lost or corrupted
How can I minimize the access others have to my information?
It may be easy to identify people who could gain physical access to your devices—family members, roommates, coworkers, people nearby, and others. Identifying the people who have the capability to gain remote access to your devices is not as simple—as long as your device is connected to the internet, you are at risk for someone accessing your information. However, you can significantly reduce your risk by developing habits that make it more difficult.
- Improve password security. Passwords are one of the most vulnerable cyber defenses. Improve your password security by doing the following
- Create a strong password. Use a strong password that is unique for each device or account. Longer passwords are more secure. An option to help you create a long password is using a passphrase—four or more random words grouped together and used as a password. To create strong passwords, the National Institute of Standards and Technology (NIST) suggests using simple, long, and memorable passwords or passphrases. (See Choosing and Protecting Passwords.)
- Consider using a password manager. Password manager applications manage different accounts and passwords while having added benefits, including identifying weak or repeated passwords. There are many different options, so start by looking for an application that has a large install base (e.g., 1 million plus) and an overall positive review. Properly using one of these password managers may help improve your overall password security.
- Use multi-factor authentication, if available. Multi-factor authentication (MFA) is a more secure method of authorizing access. It requires two out of the following three types of credentials: something you know (e.g., a password or personal identification number [PIN]), something you have (e.g., a token or ID card), and something you are (e.g., a biometric fingerprint). Because one of the required credentials requires physical presence, this step makes it more difficult for a threat actor to compromise your device. (See Supplementing Passwords.)
- Use security questions properly. For accounts that ask you to set up one or more password reset questions, use private information about yourself that only you would know. Answers that can be found on your social media or facts everyone knows about you can make it easier for someone to guess your password.
- Create unique accounts for each user per device. Set up individual accounts that allow only the access and permissions needed by each user. When you need to grant daily use accounts administrative permissions, do so only temporarily. This precaution reduces the impact of poor choices, such as clicking on phishing emails or visiting malicious websites.
- Choose secure networks. Use internet connections you trust, such as your home service or Long-Term Evolution connection through your wireless carrier. Public networks are not very secure, which makes it easy for others to intercept your data. If you choose to connect to open networks, consider using antivirus and firewall software on your device or using a Virtual Private Network service, which allows you to connect to the internet securely by keeping your exchanges private. When setting up your home wireless network, use Wi-Fi Protected Accessed 3 (WPA3) encryption. All other wireless encryption methods are outdated and more vulnerable to exploitation. (See Securing Wireless Networks.)
- Keep all of your personal electronic device software current. Manufacturers issue updates as they discover vulnerabilities in their products. Automatic updates make this easier for many devices—including computers, phones, tablets, and other smart devices—but you may need to manually update other devices. Only apply updates from manufacturer websites and built-in application stores—third-party sites and applications are unreliable and can result in an infected device. When shopping for new connected devices, consider the brand’s consistency in providing regular support updates.
- Be suspicious of unexpected emails. Phishing emails are currently one of the most prevalent risks to the average user. The goal of a phishing email is to gain information about you, steal money from you, or install malware on your device. Be suspicious of all unexpected emails. (See Avoiding Social Engineering and Phishing Attacks.)
This product is provided subject to this Notification and this Privacy & Use policy.
Taxpayer Alert: IRS Continues Warning on Impersonation Scams
As the 2017 tax season remains in our rearview mirror, the IRS is reminding taxpayers to remain cautious with regards to various phishing email and telephone scams. Please visit the following link to the IRS’ website (Continues Warning on Impersonation Scams; Reminds People to Remain Alert to Other Scams, Schemes This Summer) for more information on what taxpayers should know to help them mitigate these potential risks. Of particular note, the IRS reminds us that they “do not call and leave pre-recorded, urgent messages asking for a call back…where the victim is told if they do not call back, a warrant will be issued for the arrest”, nor does the IRS initiate contact with taxpayers by email to request personal or financial information. Remain vigilant of these scams in an ongoing effort to help safeguard your personal information and assets, and take note of the IRS’ recommendations below:
Telltale signs of a scam
The IRS (and its authorized private collection agencies) will never:
• Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. The IRS does not use these methods for tax payments. Generally, the IRS will first mail a bill to any taxpayer who owes taxes. All tax payments should only be made payable to the U.S. Treasury and checks should never be made payable to third parties.
• Threaten to immediately bring in local police or other law-enforcement groups to have the taxpayer arrested for not paying.
• Demand that taxes be paid without giving the taxpayer the opportunity to question or appeal the amount owed.
• Ask for credit or debit card numbers over the phone.
For anyone who doesn’t owe taxes and has no reason to think they do:
• Do not give out any information. Hang up immediately.
• Contact the Treasury Inspector General for Tax Administration to report the call. Use their IRS Impersonation Scam Reporting web page.
• Report the caller ID and/or callback number to the IRS by sending it to firstname.lastname@example.org (Subject: IRS Phone Scam).
• Report it to the Federal Trade Commission. Use the FTC Complaint Assitant on FTC.gov. Add “IRS Telephone Scam” in the notes.
For anyone who owes tax or thinks they do:
• View tax account information online at IRS.gov to see the actual amount owed. Taxpayers can then also review their payment options.
• Call the number on the billing notice, or
• Call the IRS at 800-829-1040. IRS workers can help.
The IRS does not use text messages or social media to discuss personal tax issues, such as those involving bills or refunds. For more information, visit the Tax Scams and Consumer Alerts page on IRS.gov.
Additional information about tax scams is also available on IRS social media sites, including YouTube videos.
Investor Alert: Provides Tips About the Transfer of Brokerage Account Assets on Death
Please visit the link http://finra.org/Plan for transition.php for information on what you should know about the transfer of brokerage account assets on death, responds to issues raised by investors calling FINRA’s Securities Helpline for Seniors. It informs brokerage account holders, family members and other beneficiaries about the general process firms follow when an account holder passes away.
The Yield Curve and the Stock Market
Via the link http://stockcharts.com/freecharts/yieldcurve.php what you will see are two graphics side-by-side. On the left will be the yield curve – that is, interest rates as they relate to each other from the 3-month Treasury Bill outward along the “curve” to the 30-year Treasury Bond. On the right is the S&P 500 Index from 1999 forward.
The Federal Reserve attempts to influence economic activity primarily through very short-term interest rates. Notionally, the Fed keeps short-term rates low when it hopes to stimulate economic activity and raises rates when it hopes to dampen economic activity. If you will, imagine the graph on the left is a gas pedal. When short-term rates are low, the Fed is attempting to “step on the gas”. Conversely, the Fed will raise short-term rates to “ease off the gas”.
Such stimulus or restraint affects the pace of economic activity and, as a consequence, affects longer-term interest rates and the so-called “yield curve”. It also has a profound influence on stock prices.
The folks at StockCharts.com have used their obvious technological wizardry to illustrate the relationship visually. Once open, click on “Activate” and enjoy the Dynamic Yield Curve, illustrating the relationship between the yield curve and the stock market since 1999.
Investor Bulletin: Protecting Your Online Brokerage Accounts from Fraud
The SEC’s Office of Investor Education and Advocacy is issuing this Investor Bulletin to help investors protect their online brokerage accounts from fraud. As with all web-based accounts, investors should take precautions to help ensure that their online brokerage accounts remain secure. These online security tips can help.
Pick a “strong” password, keep it secure, and change it regularly. Select a strong password for your online brokerage account. A strong password is one that is not easy to guess and generally uses eight or more characters that include symbols, numbers, and both capital and lowercase letters. A strong password is not based on common words, phrases, or personal information such as a name or birthday. Keep your password in a safe place and out of plain sight. Never share your password on the Internet, by e-mail, or over the phone. In addition, you should change your password regularly.
Use two-step verification, if available. Your brokerage firm may offer or require a two-step verification process for access to your online account. With a two-step verification process, each time you attempt to log into your account your brokerage sends a unique code to either your e-mail or cell phone. Before you can gain access to your account, you must enter this code and your password.
Use different passwords for different online accounts (i.e., brokerage, banking, retirement, or other similar financial accounts). Avoid using the same password for different online services, particularly for financial accounts. Using a single password for different online financial accounts is the equivalent of using a single key for your car, house, and mailbox – if the key is lost or stolen, you potentially give away access to everything. While using multiple passwords increases the difficulty of managing passwords, it significantly improves security.
Avoid using public computers to access your online brokerage account. Try to avoid accessing your online brokerage account on a public computer. If you must use a public computer to access your account, remember:
- Log out of the account completely by clicking the “log out” button on the brokerage account website to terminate the online session. Closing or minimizing a browser application or window does not necessarily log you out of the account.
- Delete history files, caches, cookies, and temporary Internet files.
Use caution with wireless connections. If you use a wireless connection to the Internet (including a wireless home network) to access your online brokerage account, make sure your computer is secure and has current anti-virus software and a firewall enabled. You can learn more about security issues relating to wireless networks on the website of the WiFi Alliance at http://www.wi-fi.org/discover-wi-fi/security.
If you access your account on a public wireless connection, such as at a coffee shop or airport, you should use extra caution. It is very easy to “eavesdrop” on Internet traffic, including passwords and other sensitive data, on a public wireless network. If you use a public wireless network, remember:
- Do not type your password unless the website you are accessing uses a secure connection. The easiest way to determine whether a website is secure is to look in the address bar. If the page’s web address begins with “https” instead of “http,” then it is a secure connection.
- Turn off file sharing. With some operating systems, by default all of your local files are wide open to any other device connected to the same network. Make sure this feature is turned off when accessing information over a public wireless network. You can usually find instructions for turning file sharing on and off in your operating systems’ help menu.
Be extra careful before clicking on links sent to you. You should always verify that e-mails containing links regarding your brokerage account come from legitimate sources. Clicking on a malicious link could:
- Link to a website designed to trick you into providing sensitive account information that can be used to steal your money or identity.
- Cause malicious software (e.g., computer viruses, worms, Trojan horses, or spyware) to automatically infect your computer and allow fraudsters to obtain sensitive account information.
To guard against dangerous links, remember the following:
- Do not click on a link that was sent to you by a business or entity you do not know. Perform an online search for the business or go directly to the business’s website to determine if the link is legitimate.
- Do not click on a link that was sent to you by a business that you have an existing account with. Investors should confirm the legitimacy of the link by either going directly to the business’s website or calling the business with a confirmed telephone number.
Secure your mobile devices. Many mobile devices, such as smartphones or tablets, have software applications that allow users automatic access to their online brokerage accounts. Unauthorized access to these mobile devices could compromise these accounts. If you have a mobile device that is linked to your online brokerage account, make sure that the device is password protected in case it is lost or stolen.
Regularly check your account statements and trade confirmations. Always remember to check your brokerage account statements and trade confirmations for any suspicious activity. For example:
- Check for any discrepancies, such as misspelled names or inaccurate account information (e.g., address, phone number, e-mail address, or account number).
- Confirm that you authorized all of the transactions that appear in your account statements and trade confirmations.
- If you see any mistakes or unauthorized transactions, contact your brokerage firm in writing immediately. Your written complaint may be the only way to prove that you complained to the firm about the mistakes or unauthorized transactions. Also, remember to keep written records of any communications you have with your brokerage firm regarding these mistakes or unauthorized transactions.
For additional educational information for investors, see the SEC’s Office of Investor Education and Advocacy’s homepage and the SEC’s Investor.gov website. For additional information about safeguarding online brokerage accounts, also see:
- SEC Publication: “Online Brokerage Accounts: What You Can Do to Safeguard Your Money and Your Personal Information”
- FINRA Investor Alert: “Protect Your Online Brokerage Account: Safety Should Come First When Logging In and Out”
- FTC OnGuardOnline.gov webpage: “Tips for Using Public Wi-Fi Networks”
Top 50 2014
We are pleased to announce that Palladium ranked 11th in the Top 50 Registered Investment Advisers in the US by Bloomberg.
Bloomberg Markets ranked active U.S. registered investment advisers that provide financial planning services based on the data they reported to the Securities and Exchange Commission as of June 2, 2014. They used filings as of June 3, 2013, for year-over-year comparisons.
The ranking excludes firms that operate as or are affiliated with broker-dealers, banks or thrifts, trust or insurance companies or firms with employees who are registered representatives of broker-dealers. They also excluded firms that take commissions, sell financial products or operate as real estate agents, lawyers, insurance brokers or accountants. They did not consider multifamily offices.
The RIAs obtained more than 75 percent of their assets under management from high-net-worth individuals. They got up to 25 percent of those assets from any of the following sources: investment and business development companies, pooled investment vehicles, pension and profit-sharing plans, charitable organizations, corporations or other businesses, state or municipal government entities, other investment advisers or investors that the RIAs described in their filings as “other.”
To view the entire article click on the following link: