The majority of parents who come through our office are concerned with findin
How to protect your financial apps from getting hacked
There’s been no shortage of high-profile hacks over the last few years — think Target, Sony and Ashley Madison — but one sector that hasn’t made as much news for breaches is financial. According to the Identify Theft Resource Center, out of the 781 data breaches tracked in the United States in 2015, just 71 were banking-related.
While that may be welcome news to the millions of people who use financial websites and apps, that number is rising, jumping by about 50 percent from the year before. And with more people using everything from personal finance applications and robo-advisor sites to fraud-detection programs and mobile wallet software, we’ll likely see more hacks in the future.
“There’s a huge amount of benefit to leveraging technology to bring insights to your account, but there’s always a risk when you start to consolidate all of that information into one program,” said Kennet Westby, co-founder and president of Coalfire, a Westminster, Colorado-based cybersecurity advisory that has a number of financial clients.
Generally, apps and websites from banks and other well-known financial institutions are considered fairly safe from intrusion, in part because they have the money to spend on security. Reportedly, Bank of America will spend $400 million in security this year alone, while other banks are also spending copious amounts of money to keep their virtual walls secure.
However, even big security budgets can’t always prevent a major hack. In 2014, JPMorgan Chase was the target of one of the largest breaches in American history. Hackers broke into its network and stole data — names, email addresses and phone numbers — from 83 million customers. Not surprisingly, the company has increased its cybersecurity budget this year, from a reported $250 million to $500 million.
Of course, not all financial companies have such big security budgets. Many start-up companies don’t have the resources to throw at security nor the many decades of history in trying to keep client money safe, said Westby.
For instance, in 2010, Blippy, a social-media-meets-financial site that allowed people to share credit card purchases with other users, was found to have accidentally leaked some of its customers’ credit card information on Google. The company shut down a year later.
While Westby thinks that consumers should use financial apps and sites, they also need to be aware of what they’re using and what kind of information they’re sharing online.
Read the fine print
It’s unlikely you’ll find a company that says it has no security, so it’s up to the user to make sure the company is protected.
Start by reading the company’s security and privacy disclosures, which should be somewhere on their site, said Westby. You want to be able to get a sense of how they’re managing their security and privacy programs and what kind of responsibility they’re willing to take if a breach occurs.
The next step is to look at the company’s security certifications. A payments card company, for instance, should have the PCI certification, which is given out by a Qualified Security Assessor under the PCI Security Standards Council program.
Other financial institutions might be audited and certified under the Federal Financial Institutions Examination Council (FFEIC). Mint, the personal finance app, is certified through the TRUSTe Privacy Seal Program, which is another popular data privacy management company.
Finally, make sure the company’s privacy and security programs have been validated by a third party. The big four accounting firms do this, said Westby, as do businesses like Trustwave, Verizon and Coalfire.
“You don’t want the company to just say, ‘We’re secure. Trust us,'” said Westby. “You want someone to validate that they’re actually doing it.”
Embrace the longer logins
The companies that do have proper security measures will be encrypting all your sensitive data — they convert information into a complex code that’s difficult to decipher — but for privacy experts, that’s not enough. Companies should also use two-factor authentication for customer logins, according to Adam Levin, chairman and founder of IDT911, a Montreal-based security solutions company, and author of “Swiped.”
When a site doesn’t recognize the device you’re using, it should ask you a series of questions to verify that you are the user of the account. It may also send a code to a trusted device, like an email address or mobile phone. Essentially, it’s adding another layer of authentication beyond a login and password.
Many companies still don’t do this — it can be an annoyance for customers, he noted — but it will soon become standard procedure. And users should embrace it, he explains. One extra step goes a long way in keeping your information secure.
Most financial breaches don’t actually happen at the company level, said Levin. Since security is generally strong, hackers tend to hoodwink customers into handing over login passwords or sensitive data.
One way they do this is through phishing. That’s when a hacker sends an email to users that looks nearly identical to something a bank or another company might send out to a user. Either the user clicks on a file that installs data-collecting malware onto a computer or they click a link that takes them to a page where they’re then asked to enter their account information.
Read more about it here: http://cnb.cx/2aH6mRH
For more information regarding divorce, we recommend that you contact us at the Law Office of Alice Pare at 301-515-1190 or visit our website at: https://www.alicelaw.com
Do not at any time take the risky move of going at it alone. We have a wide choice when it comes to going it alone but with the professional advice, you will need.
#divorceattorneygermantown #lawofficeofalicepare#alicepare#mediatorgermantown #divorcelawyergermantown #divorceattorney #germantownmd#frederickmd