While following cybersecurity best practices is always important, there are often events that bring the importance of these measures back to the forefront, and the ongoing Russia-Ukraine conflict is no exception. In addition to committing devastating physical acts of war in neighboring geographies, the Russian government has also proven itself capable of malicious cyberactivity, which could potentially extend far beyond any nation’s borders. From attacks on energy to interruptions in supply chain and even breaches in financial data, the scope of cyber threats continues to expand, so it’s more crucial than ever to remain vigilant and take preventative steps to ensure the protection of ourselves and our families.

5 Steps to Take Extra Precaution Today

  1. Know the Basics – You’ve probably already established positive habits around password management, website browsing, and digital communications like email, but it’s never a bad time to brush up on the basics. Here’s what you should know when it comes to everyday web usage.
  2. Be Aware of Common Cybersecurity Threats – Phishing attacks, domain spoofs, and watering holes are three common ways that hackers try to take advantage of web users, but there are many other methods that can be easily identified. Read more here.
  3. Protect Yourself Against Identity Theft – Given the volume of personal data that lives online, many people are unaware that they have become victims of identity theft until it’s too late. Learn more about preventing and dealing with identity theft here.
  4. Safeguard Yourself Against Investment-Related Scams – Cyberattacks are not isolated to identity theft and data breaches – they can also involve fraudulent investment products or financial advice. The SEC publishes bulletins on an ongoing basis that help keep investors up to date on any scams they’re currently seeing and provides resources for combatting or reporting them.
  5. Even Offline, Keep Your Information Secure – Although it may seem obvious, all financial documents, personal records, and valuable items should be kept in secure locations at home or in safety deposit boxes.

If You Believe You Have Fallen Victim to a Cyberattack

It is important to take quick and decisive action if you believe you have been the victim of a cyberattack. Below are some quick steps you can take to begin addressing various circumstances.

  1. If you suspect Identity Theft:
    1. Place a fraud alert or credit freeze on your accounts.
    2. Contact any vendor, bank, or institution directly affected.
    3. Contact the FTC, file an Identity Theft Affidavit, and create an Identity Theft Report. You can file your report by calling 1 (877) 438-4338 or going to gov.
    4. Contact your local law enforcement and file a police report. This police report, combined with the Identity Theft Affidavit, are needed to create your Identity Theft Report. This report will be necessary when working with the credit reporting agencies and others in repairing your credit.
    5. If your social security number was compromised, contact the Social Security Administration (SSA) at 1 (800) 269-0271 and the Internal Revenue Service (IRS) at 1 (800) 829-0433.
    6. Contact the Postal Inspection Service (the law enforcement and security branch of the postal service) if you believe the theft or fraud was committed by mail, or if any fraudulent change-of-address forms were submitted.
  2. If you suspect your computer has been compromised:
    1. Do not shut down or restart your device. This could cause further complications resulting in your computer not being able to turn back on.
    2. Immediately disconnect your computer from the internet, whether via Wi-Fi or a physical plug
      1. This is important to help stop any possible data loss
      2. Additionally, this could stop a potential attack from moving from your computer to another device in your environment
    3. Unplug any external drives connected to your computer, especially if the external drive contains backup data.
    4. Take note of any sites you may have been logged into. What you could see, the attacker could see. On a separate computer, login to those sites and at a minimum, monitor activity for those sites. To further protect the accounts, reset passwords and enable multi-factor authentication, if not already enabled.
    5. If you have a malware removal tool, run the tool, and see if it can remove the infection. If you don’t have one, reconnect your computer to the internet and download a tool, some of which can be found here.
  3. If your computer has been encrypted by ransomware:
    1. You likely won’t have any access to your computer, so your ability to remove the ransomware is limited. Also, getting any backups of your data now is not feasible.
    2. At this point, you have a decision to make – paying the ransom or not paying the ransom.
      1. If you have good backups of all your data, paying the ransom is discouraged. With proper backups, you can wipe your device and copy over the data, resulting in minimal to no loss.
      2. If you don’t have good backups and the data on your machine cannot be lost, then paying the ransom may be the only option you have to recover it. (Note that just because you pay the ransom doesn’t mean you will be able to fully recover your data. Attackers may not provide the right key, or any key at all, or it may fail while decrypting your device.)
    3. Once your machine is back up and running, make sure you install a good anti-malware tool.
  4. If your password(s) have been compromised:
    1. If you are receiving multi-factor authentication (MFA) requests that you did not request or you see abnormal logins to an account, you should assume that your credentials have been compromised.
    2. Deny any MFA requests you received, login to the site, and immediately change your password. Check for signs of abnormal activity or sign-ins. If the option presents itself to force all current sessions to sign out when you change your password, choose that. Otherwise, if you change your password and someone is already logged into your account, they may be able to maintain access.
    3. Given that email addresses are the most used username for websites and applications, password reuse is heavily discouraged. Utilizing a password manager can help assist with maintaining a larger volume of unique and complex passwords. However, if you have reused passwords and a site that uses the password gets compromised, you will need to also immediately change the password of the other websites and applications.
    4. You can use this tool to identify if your credentials have been seen in a previous compromise.

Our Cybersecurity Commitment

Just as we remain tuned in to ongoing market trends, our team is proactively monitoring the situation in Ukraine and is particularly sensitive to any implications it may have on you or your family.

We employ many processes to help protect the data of our firm and its clients, approaching it from three different avenues – the data itself, the people responsible for the data, and the systems handling the data:

  1. First and foremost, we operate under the principal of data minimization; if we don’t need the data, we don’t want it. We only capture what is necessary to conduct business.
  2. Second, when it comes to employees who are responsible for the data, the principal of “least privilege” is in place. If an employee doesn’t need access to certain data systems, they don’t have it. We also rigorously monitor where users are operating from, both in terms of location and devices, to ensure it is consistent with the pattern of that employee. Multi-factor authentication is utilized across the firm to further keep accounts secure.
  3. Lastly, for devices, we ensure that all our systems are kept up to date and configured with industry best practices in mind. They are routinely audited to confirm the validity of those controls and ensure that as new technology becomes available to keep you and your data secure, we can employ it.

We are committed to protecting you and your assets, and work exclusively with partners who share that commitment. You can find more information about the Asset Protection policies of our custodians here.

Stay Alert & Stay Connected

Taking the necessary steps to stay cybersafe is a vital part of protecting yourself and your loved ones, especially in times of instability. We encourage you to stay alert and informed as circumstances evolve, and when in doubt, err on the side of caution.

For more on this topic, you can reference the resources below. As always, please don’t hesitate to contact a member of our team if you have any questions or concerns.

 

 

Resources:
Wealthspire Advisors LLC is a registered investment adviser and subsidiary company of NFP Corp.
CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
This information should not be construed as a recommendation, offer to sell, or solicitation of an offer to buy a particular security or investment strategy. The commentary provided is for informational purposes only and should not be relied upon for accounting, legal, or tax advice. While the information is deemed reliable, Wealthspire Advisors cannot guarantee its accuracy, completeness, or suitability for any purpose, and makes no warranties with regard to the results to be obtained from its use. © 2022 Wealthspire Advisors

Eric Sontag, CFA®

Eric serves as President & Chief Operating Officer, and is based in our New York City headquarters.

James Fritz

James is a VP of cybersecurity at our parent company, NFP Corp.