For Advisor Use Only. for General Educational Purposes
With minimal risk and the potential for significant rewards for fraudsters, cybercrimes and fraud are a constant threat. You have a strong cybersecurity plan and have fostered a culture of vigilance among your employees, but your clients are targets, too. Fortunately, they can proactively take steps to help reduce their risk. This checklist, which you can customize and share with your clients, contains tips and best practices to protect their data, information and assets, and help prevent fraud. It also suggests what to do if they suspect their information or accounts may have been compromised.
You can customize this checklist prior to sharing it with clients. For example, you can add or edit information. To include your firm’s name and/or logo, select and delete the image, and copy and paste your logo or type in your firm’s name. If you choose to keep the ”What to do if you suspect a breach” section, consider customizing our “How to Respond to a Data Breach” flyer and saving your version so that it can easily be shared with your clients.
Schwab verified the resources and websites referenced in this document in October 2017. Websites and phone numbers may change. To ensure accuracy, we recommend that you verify all these resources and become familiar with them prior to sharing the handout with your clients.
Neither Charles Schwab & Co., Inc., nor any of its affiliates or employees makes any warranty, expressed or implied, or assumes any liability or responsibility for the accuracy, completeness, regulatory compliance, or usefulness of any information, tools, resources, or process described in this material, or represents that its use would protect against cybersecurity incidents, including but not limited to vendor system breaches, compromise of firm security, and/or improper access to confidential information. Neither Charles Schwab & Co., Inc., nor any of its affiliates or employees, is responsible for any damages or other harm that might occur as a result of, or in spite of, use of any information, tools, resources, or processes described here. Your firm alone is responsible for securing your systems and data, including compliance with all applicable laws, regulations, and regulatory guidance. References in this material to any specific product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by Charles Schwab & Co., Inc.
For advisor use only. For general educational purposes.
Schwab does not provide legal, tax, or compliance advice. Consult professionals in these fields to address your specific circumstance.
Schwab Advisor Services™ serves independent investment advisors and includes the custody, trading, and support services of Schwab. Independent investment advisors are not owned by, affiliated with, or supervised by Schwab.
©2017 Charles Schwab & Co., Inc. All rights reserved. Member: SIPC. TWI (1017-7KCA) (10/17) (GDE99488-00)
Tips for preventing fraud
Cybercrime and fraud are serious threats and constant vigilance is key. While my firm plays an important role in helping protect your assets, you can also take action to protect yourself and help secure your information. This checklist summarizes common cyber fraud tactics, along with tips and best practices. Many suggestions may be things you’re doing now, while others may be new. We also cover actions to take if you suspect that your personal information has been compromised. If you have questions, we’re here to help.
Cyber criminals exploit our increasing reliance on technology. Methods used to compromise a victim’s identity or login credentials – such as malware, phishing, and social engineering – are increasingly sophisticated and difficult to spot. A fraudster’s goal is to obtain information to access to your account and assets or sell your information for this purpose. Fortunately, criminals often take the path of least resistance. Following best practices and applying caution when sharing information or executing transactions makes a big difference.
How we can work together to protect your information and assets
Safe practices for communicating with our firm
- Keep us informed regarding changes to your personal information.
- Expect us to call you to confirm email requests to move money, trade, or change account information.
- Establish a verbal password with our firm to confirm your identity, or request a video chat.
How Schwab protects your account
Schwab takes your security seriously and leverages protocols and policies to help protect your financial assets. Below are actions you can take to reinforce their efforts and resources to assist you in keeping your account safe:
- Confirm your identity using Schwab’s voice ID service when calling the Schwab Alliance team for support.
- Use two-factor authentication, which requires you to enter a unique code each time you access your Schwab accounts.
- Review the Schwab Security Guarantee, which covers 100% of any losses in any of your Schwab accounts due to unauthorized activity.
To learn more, visit Schwab’s Client Learning Center.
What you can do☐ / Be aware of suspicious phone calls, emails, and texts asking you to send money or disclose personal information. If a service rep calls you, hang up and call back using a known phone number.
☐ / Never share sensitive information or conduct business via email, as accounts are often compromised.
☐ / Beware of phishing and malicious links. Urgent-sounding, legitimate-looking emails are intended to tempt
you to accidentally disclose personal information or install malware.
☐ / Don’t open links or attachments from unknown sources. Enter the web address in your browser.
☐ / Check your email and account statements regularly for suspicious activity.
☐ / Never enter confidential information in public areas. Assume someone is always watching.
Exercise caution when moving money☐ / Leverage our electronic authorization tool to verify requests. Featuring built-in safeguards, this is the fastest and most secure way to move money.
☐ / Review and verbally confirm all disbursement request details thoroughly before providing your approval, especially when sending funds to another country. Never trust wire instructions received via email.
Adhere to strong password principles☐ / Don’t use personal information as part of your login ID or password and don’t share login credentials
☐ / Create a unique, complex password for each website, Change it every six months. Consider using a password manager to simplify this process.
Maintain updated technology☐ / Keep your web browser, operating system, antivirus, and anti-spyware updated, and activate the firewall.
☐ / Do not use free/found USB devices. They may be infected with malware.
☐ / Check security settings on your applications and web browser. Make sure they’re strong.
☐ / Turn off Bluetooth when it’s not needed.
☐ / Dispose of old hardware safely by performing a factory reset or removing and destroying all storage data devices.
Use caution on websites and social media☐ / Do not visit websites you don’t know, (e.g., advertised on pop-up ads and banners).
☐ / Log out completely to terminate access when exiting all websites.
☐ / Don’t use public computers or free Wi-Fi. Use a personal Wi-Fi hotspot or a Virtual Private Network (VPN).
☐ / Hover over questionable links to reveal the URL before clicking. Secure websites start with “https,” not “http.”
☐ / Be cautious when accepting “friend” requests on social media, liking posts, or following links.
☐ / Limit sharing information on social media sites. Assume fraudsters can see everything, even if you have safeguards.
☐ / Consider what you’re disclosing before sharing or posting your résumé.
What to do if you suspect a breach☐ / Call my office or your Schwab Alliance team immediately at 800-515-2157 so that they can watch for suspicious activity and collaborate with you on other steps to take.
☐ / Request our “How to Respond to a Data Breach” flyer for more information.
Visit these sites for more information and best practices:
- StaySafeOnline.org: Review the STOP. THINK. CONNECT™ cybersecurity educational campaign.
- OnGuardOnline.gov: Focused on online security for kids, it includes a blog on current cyber trends.
- FDIC Consumer Assistance & Information, https://www.fdic.gov/consumers/assistance/index.html.
- FBI Scams and Safety provides additional tips, https://www.fbi.gov/scams-and-safety.