TD Ameritrade Conference

Advisors: You’re more vulnerable to a cyberattack than you think

Financial advisors: A poor understanding of cybersecurity could leave you at risk.

"Security decisions you make every day make a difference," cybersecurity expert Keren Elazari told advisors Wednesday. The former hacker spoke at TD Ameritrade's National Linc conference in San Diego.

Keren Elazari
Source: LILA PHOTO for TD Ameritrade Institutional

While eight in 10 advisors say that cybersecurity is a high priority, only 44 percent say they fully understand the issues and risks, according to a September report from the Financial Planning Association's FPA Research and Practice Institute, sponsored by TD Ameritrade.

Less than a third of advisors say they are fully prepared to manage and mitigate cybersecurity risks.

One of the things advisors need to realize is that in a connected world, we are all vulnerable, said Elazari.

"A motivated attacker can get past any barrier," she said, pointing to examples like spies' repeated breach of the Pentagon's Joint Strike Fighter project.

Spear phishing

Thieves often take advantage of employees' lack of knowledge, sending emails that look like they come from a co-worker so that the recipient will click on an enclosed link or open an attached file.

That can give attackers access to do more damage or — another growing trend — load ransomware that will encrypt everything on your computer unless you pay to have it released.

"It's worse than the flu," she said — companies of all sizes, and individuals, have been victimized.

One of the big misconceptions about cybersecurity is that hackers are always after sensitive information, Elazari said.

"It's not about secrets," she said. "It's about the technologies that power our way of life."

Smarter devices are more vulnerable to attack, and hackers working to help consumers have pointed out dangerous flaws in everything from cars to insulin pumps, Elazari said.

Sometimes, your smart device isn't even the end goal: In the October attack that briefly took out Twitter, Reddit, Netflix and others, attackers used malware to take over consumers' smart home gadgets and connected devices to power the attack.

"Our future might have our toaster attacking the neighbor's drone, or his car," she said.

Combat data breaches

To fight back, companies need to be willing to share more, even about embarrassing security incidents.

For financial services firms, there are groups such as the Financial Services Information Sharing and Analysis Center, she said, which monitors threats and helps members develop best practices to mitigate them.

Everyday decisions, such as keeping software updated and avoiding suspicious links, can make a big difference. One key change: Stop recycling passwords, Elazari said.

Attackers often use data compromised in one breach to see where you might use that username and password combination elsewhere. Use a password manager to create unique passwords for each site. Enable two-factor authentication where you can.

"It's a really easy way to make life much harder for the bad guys," she said.