Forget volatility. The thing that keeps certified financial planner Neil Waxman on edge is clients' cybersecurity practices and the threat of identity fraud.
"It's not the markets that keep me up at night," said Waxman, managing director of Capital Advisors in Shaker Heights, Ohio. "This is the thing that concerns me.
"It's the thing that keeps me up at night more than anything else: a client getting hacked or something coming into our system, even though we have best practices," he said.
Waxman is right to be concerned.
Identity fraud — what happens when scammers use your personal information to open phony accounts – resulted in $16.9 billion in consumer losses last year, according to data from Javelin Strategy & Research.
Seniors are an especially tempting target for fraudsters, given the amount of wealth they may have accumulated by the time they've retired.
"Older people aren't necessarily targeted more, but they tend to lose so much more because they've saved so much," said Kathy Stokes, director of AARP Fraud Prevention Programs.
"These people are at an age where there is no way they will make up those losses," she said.
Seniors are also hesitant to change their ways — including how they shop, bank or pay others — after a fraud incident.
Seven out of 10 consumers aged 65 and over were reluctant to change familiar habits, according to a report from Javelin Strategy and AARP.
Javelin polled 5,000 adults online from Oct. 22 through Nov. 4, 2019.
Financial advisors can act as a line of defense between their clients and fraudsters' attempts to siphon off hard-earned savings.
"Advisors have a positive influence," said Stokes of the AARP. "They can encourage clients to have safe access online to their accounts and talk to them about protecting information."
The Securities and Exchange Commission's Office of Compliance Inspections and Examinations released a report earlier this year on financial firms' cybersecurity practices. The issue has been a priority for the regulator.
Best practices in terms of cyber hygiene include having detailed written policies and procedures to ensure devices and data are safeguarded, as well as having tests and monitoring.
For advisors, this means they not only stay on top of their own security, but they also pass those best practices on to their clients.
"Sometimes the biggest benefit we can provide to clients is to distill it into a checklist," said Melissa Sotudeh, a CFP with Halpern Financial in Rockville, Maryland.
"There's the basic checklist: Never send account numbers; don't use unencrypted emails; and change your passwords," she said. "Are you doing the right things?"
Sharing those tips could help advisors and investors mitigate risk down the line.
One of Waxman's clients had a business email account hacked and needed to hire an IT team to address the problem.
The fraudsters sent Waxman's firm requests for money, including a wire authorization with a signature that matched. The firm called the client and denied the scammers' requests for funds.
"We have a hold on that client's account permanently – nothing can happen with the custodian until there is authorization from the both of us," said Waxman.
Make data security a part of your client interactions and discuss those practices during annual meetings. Here are a few basic tips from Waxman, Sotudeh and AARP to help clients get started.
Safeguard your credentials: "Password123" isn't going to cut it. Use at least eight characters with a mix of upper and lowercase letters and special characters. Avoid using the same credentials for different sites and services. Use a password manager to track and store your passwords.
Use dual-factor authentication: A hacker can crack a password, but dual-factor authentication means they'll need a code that's texted to your phone in order to sign into your accounts.
Got a call from a stranger claiming to be the IRS or the Social Security Administration? Hang up: Scammers love to dial up unsuspecting victims in a bid to get their personal data.
Write down the numbers of the companies you do business with: Don't rely on web searches to obtain the customer service line, since scammers can post fake phone numbers on the internet.
Lock down your credit: Place a security freeze on your accounts with the three main credit companies: Equifax, Experian and TransUnion. Check and monitor your credit. Sign up for limit warnings on your checking and credit card accounts, so that you get a heads up in the event of a charge over a certain limit.