Protecting Yourself Against Identity Theft

By Todd Hauer

We hear about it all the time – cyber security breaches that have the potential to put all our financial information at risk. Identity theft is a real problem that most of us are both aware and terrified of.

Morgan Stanley’s latest Investor Pulse Poll revealed that nearly 3 out of 4 high net worth (HNW) investors – those with $100,000 or more in household liquid assets – are concerned about identify theft, even ranking ahead of terrorism and a major illness in one’s household.

How common is it?
Fully nine in 10 respondents report being impacted by data security issues in some form. The most common issue these investors have faced is a security breach at a company with which they do business. Moreover, a sizable one in six report a data breach having occurred at their employer. In addition to security breaches, many of them have been victims of computer viruses and stolen credit or debit card numbers as well.

In spite of these breaches, roughly half or more have at least some degree of trust that their financial institutions, doctors and hospitals, employers, communications providers and the retailers where they shop will protect their personal information. 

Coming face to face with identity theft
Few (15%) of those who have not yet been affected by identity theft feel “very” confident they would know what to do if faced with this situation. Moreover, 58% of these respondents who have not been impacted by identity theft imagine that it would be “very” stressful to deal with.

They have a strong sense that they and their loved ones — parents/in-laws and/or children — could be victims of identity theft and not even know it. More than half expect identity theft to be more of a concern to them in the next three years, while relatively few feel that all the talk about identity theft is overblown.  

Finding a solution
With technology constantly changing, these HNW investors feel that it is difficult to find the best way to protect themselves. So what can you do now? Be diligent about monitoring your credit report and account statements. Enroll in electronic alerts for account or fraud activity if your bank or financial institution provides it. Finally, notify your financial institution as soon as possible of any suspicious activity.

Finally, be sure to maintain anti-virus and anti-malware software, create strong passwords, don’t share crucial information like your birthdate and address on social networking websites and be sure to use privacy settings. But by instilling a few simple steps today, you will be better prepared tomorrow.

The Investor Pulse Poll surveyed 752 high net worth investors during the spring of2016. High net worth investors account for 95% of total U.S. household investable assets by value, according to Federal Reserve data. The Investor Pulse Poll was conducted by GfK Public Affairs & Corporate Communications using the GfK KnowledgePanel. In order to qualify for this study, respondents were required to have $100,000 or more in household liquid investable assets, be between the ages of 25 and 75 years old.

Todd Hauer is a Financial Advisor with the Global Wealth Management Division of Morgan Stanley in Denver. The information contained in this article is not a solicitation to purchase or sell investments. Any information presented is general in nature and not intended to provide individually tailored investment advice.  The views expressed herein are those of the author and may not necessarily reflect the views of Morgan Stanley Wealth Management, or its affiliates. Morgan Stanley Smith Barney, LLC, member SIPC. 

The Country Starts Focusing on Cybersecurity

Have you noticed the new chip-enabled credit cards sent out recently?  After being used in other countries for years, the security-focused technology known as EMV has finally become the accepted standard by many major banks and retailers in the United States. Cybersecurity has been increasing in importance for a long while, so while it's encouraging to see the nation finally focusing on collaborating and implementing best practices, much more still needs to be done.

Not all banks and retailers are working with this new security standard yet, though most of them have made the switch because banks and retailers that don't assume increased financial liability after the October 1, 2015 deadline. This date marks a "liability shift" so that any retailers that choose to accept payments made via a chip card’s old-school magnetic strip can continue doing so, however they’ll accept liability for any fraudulent purchases. Similarly, any credit card issuers that don’t issue EMV credit cards will be responsible for any fraudulent purchases. This serves as a clever way to internalize previously unaccounted-for risk.

Internalizing the costs of risk one way or another is the best route to align incentives and advance the shared interests of government agencies, businesses, and individuals. While this may sound like bad news for would-be identity thieves and hackers, such magnetic strip based "carding" has been around for decades. More advanced hackers are always using new techniques, so while this is a victory of sorts, there is plenty more room for America to improve defenses on the technological front. 

On the local level today, the Colorado Association of Commerce and Industry (CACI) is bringing in experts to discuss the issue with local businesses. The focus is on explaining their role in addressing cybersecurity. They'll also go into the dynamic and ever-evolving security environment. The main point is to raise awareness and to convince businesses of why they should care more about cybersecurity.  

On the national level this week, Beth Cobert, the acting director of the Office of Personnel Management (OPM), will be facing a Senate nomination hearing in order to fully approve her for the position.  She's likely to face many questions about the major breach her department faced before she was tapped to take over. She's also likely to face questioning about her handling of the situation after the fact. The implications of such a hack poses major national security risks when unfriendly countries and other bad actors have a database of dossiers on 21.5 million US Government employees including personal identity information such as social security numbers and fingerprints, as well as their weaknesses to potential blackmail such as sexual orientation and extra-marital relationships.

Also on the national level, Wall Street banks are being encouraged by the executive branch to increase their defense against cyber-attacks. The Treasury Department's Sarah Raskin is telling bankers they need to update systems and implement multi-step identity checks. Deputy Secretary Raskin is calling the U.S. finance industry a “treasure trove” for high-tech criminals.

“Virtually every process you engage in needs to be reviewed and updated, enterprise-wide, from a cyber-resiliency perspective,” Deputy Treasury Secretary Sarah Bloom Raskin said in remarks prepared for a banking conference on Tuesday. Companies should require multi-step identity checks for anyone accessing their networks or data, she said.

Raskin’s speech at the annual meeting of the Clearing House, a financial-industry trade group, comes a week after U.S. prosecutors detailed a vast, multi-year criminal enterprise focusing on hacks of at least nine big financial and publishing companies. Suspects were tied to previously reported hacks of News Corp.’s Dow Jones & Co., JPMorgan Chase & Co., E*Trade Financial Corp., and Scottrade Financial Services Inc.

Cybersecurity: Capitalism and Zero Days

ze·ro-day

adjective COMPUTING

  1. deriving from or relating to a previously unknown vulnerability to attack in some software.

    "It is known as a 'zero-day' because once a flaw becomes known, the programmer or developer has zero days to fix it."

Zero-days are the key raw materials that make up cyberweapons. In other words, zero-days are the kind of serious security flaw that people don't know about, which is why they remain so open to exploitation and valuable to those who mean to do harm. Cybersecurity, while a challenging topic, is an important issue because of how such vulnerabilities can impact individuals, businesses, and government agencies. Governmental action can both help or make things worse, though it's becoming clear that collaboration is growing increasingly necessary. 

"Cybersecurity threats from nation states and other well-funded, highly motivated actors present risks that neither the public nor the private sector can unilaterally address. "
-Executive Summary, Business Roundtable's report on More Intelligent, More Effective Cybersecurity Protection 

America should be encouraging white-hat hackers to keep working for good. We should be sharing information between government and businesses, and avoid using taxpayer funds for ineffective or even counter-productive initiatives, like keeping backdoors open in order to spy on American citizens.

In a much quoted passage in his inaugural address, President Kennedy said, "Ask not what your country can do for you, ask what you can do for your country."  The Chicago-school economist Milton Friedman subsequently used this quote in the beginning of his book Capitalism and Freedom as a way to analyze and re-evaluate the role of the state. Is America the collection of its free citizenry, along with their shared ideals and traditions? Or is it, like M. Friedman warned of the implications of Kennedy's statement, an increasingly paternalistic super-organism that compels its subjects to serve the state and its agenda? 

These questions are still relevant in the modern condition of fiscal responsibility (think of budget deficits and Keynes-vs.-Hayek arguments), though they are also relevant to the modern state of technology and cybersecurity. Is America supporting electronic freedom, respecting individuals' privacy, and providing citizens reasonable protection from foreign threats?

“One of the great mistakes is to judge policies and programs by their intentions rather than their results.” 
― Milton Friedman

The news of America's intrusive monitoring policies has incurred high costs resulting from the global loss of trust in American tech companies. The ITIF originally estimated PRISM to cost the U.S. economy up to $35 billion in lost cloud computing business around the world. Since that initial estimate, it now looks like loss of trust extended beyond just cloud computing and into the American tech sector more generally and will cost the U.S. economy even more. That's in addition to the tax money spent on building such programs.

Cisco, a member of the national Business Roundtable, saw its sales interrupted in Brazil, China, and Russia because of reports that the NSA had secretly inserted backdoor surveillance tools into its routers, servers and networking equipment. During a quarterly earnings call, Cisco CEO John Chambers even cited the NSA as the factor behind steep sales decreases, saying “I do think (the NSA revelation) is a factor in China.” These reports damaged the company’s international reputation and prompted it to take extra precautions to thwart surreptitious actions by the NSA. The additional costs this involved were passed along to its customers and the lessened profits were passed on to the shareholders.

Milton Friedman would argue for a smaller, more constrained government in the realm of cyberspace on one hand. A government that represents the interests of its citizenry. As he wrote in Capitalism and Freedom, "First, the scope of government must be limited. Its major function must be to protect our freedom both from the enemies outside our gates and from our fellow-citizens: to preserve law and order, to enforce private contracts, to foster competitive markets."

On the other hand, it should be a capable public-private system in order to protect Americans. Rather than secretly encouraging, planting and using zero-days, the U.S. government should help promote open markets where software bugs and security threats can be purchased by manufacturers in order to make timely security patches. Paying a security researcher $10,000 for a security-related bug could save taxpayers much, much more than a purely reactionary scenario - such as the data breach of the Office of Personnel Management. People are currently selling security leaks - to legitimate governments or to nefarious actors. We should work to remove the stigma of "hackers" and work to share information between upstanding citizens, businesses, and government agencies.

"However, instead of focusing on information sharing and collaborative risk management, government proposals misdirect scarce public and private-sector resources to compliance-based, check-the-box models. These proposals place the cart before the horse by calling for government creation of cybersecurity practices and standards before much-needed information sharing legislation is passed and implemented. " 
-Executive Summary, Business Roundtable's report on More Intelligent, More Effective Cybersecurity Protection 

We should encourage communication between government organizations and corporations in order to warn of dangers and to help protect each other. Incentivizing hackers to report on bugs, and then actually fixing those bugs makes us all safer. While the FBI or the NSA may want that backdoor access into your iPhone, so do ill-intentioned actors from around the world. Encryption and security updates are the right choice.

It's a challenging topic, so if you have any questions or would like to express differences of opinion or additional facts of which the author may not have been aware at the time of writing, please comment below. 

If you're interested in seeing and learning more about zero-days, VPRO Backlight, a Dutch documentary group, recently produced this well researched and informative piece entitled "Zero days - Security Leaks for Sale." It's a high-quality, modern introduction:

http://backlight.vpro.nl/ There is new gold to be found on the internet, and possibly in your own computer. Secret backdoors, that do not have a digital lock yet, are being traded at astronomical amounts. In the cyber world trade, where there are no rules, you are in luck with "white-hat" hackers, who guard your online security.