Barry Suskind, Senior Director, Infrastructure Security at FINRA
Keeping your financial information safe on-line requires some basic tips.
That was the message from two cybersecurity experts in the latest episode of FINRA’s podcast, Unscripted.
The two experts, Barry Suskind and Eugene Mindel of FINRA’s Cyber and Information Security team, were on the podcast because October is cybersecurity month.
For financial services companies who build apps, cyber-security needs to be a priority.
“They need to think about security first. A lot of apps that are out there don’t take the time to worry about the communications that go on behind the scenes.” Mindel said.
Suskind suggested that financial services companies with enough of a budget should hire a third party firm to audit the app’s cyber-security profile.
“I try to keep my apps to a minimum,” Suskind said.
Suskind said that the cyber-security breach which occurred in 2017 at Equifax– that breach exposed the financial data of over 100 million people- happened in part because their email list was out of date, and the cyber-security team did not receive emails which pointed to potential vulnerabilities.
For personal cyber-security, both said that no one should log onto any of their financial sites- their bank, their brokerage account, etc.- on a common WIFI server like at a Starbucks.
Both also suggested longer, more complicated passwords and to have different passwords for each account.
“If you think about it, if you’re using your website, and that website is compromised, then your password is compromised.” Mindel said.
“The idea is to have them in a security database,” Suskind said of storing your passwords.
They should be stored in an encrypted file, Suskind further noted.
Multiple authentication- like a password and pin code sent to your phone- is also a better way to protect your data.
“The security approach these days is the layered approach. You want to hacker to basically give up,” Mindel said.
Suskind and Mindel said recognition software which may use fingerprint or facial recognition are good but “in their infancy” so not necessarily a magic bullet.
For protecting data at home, Suskind said, “invest in good firewall; invest in next generation anti-virus software.”
He further suggested that people should use a separate device to be used for logging onto any of their financial accounts.
“For smart phones, try and keep your WIFI off,” Mindel said.
He said to only turn on the WIFI when something needs to be updated.
Suskind said that to turn off the setting which automatically connects to unsecured networks, when on a smartphone.
“If you are in a hotel, invest in a VPN product,” Mindel said.
VPN is a virtual private network and Mindel said it costs approximately $30.
