organizations like JPMorgan Chase JPM +0.00%, health insurer Anthem ANTM +0.75% and the federal Office of Personnel Management have put the personal information of tens of millions of Americans potentially at risk.
But what if the biggest threat to your privacy comes from the practices of your local financial advisor, longtime lawyer or trusty CPA? Smaller firms are not only keeping sensitive client information on their own servers but also moving it onto the cloud, even though some haven’t the foggiest notion of what they’re doing. All it takes to get started, observes Ross Hogan, global head of the fraud prevention division at Kaspersky Lab, is a signed contract with a cloud provider. The ability to be up and running with little effort (and potentially even less understanding of how the cloud works), Hogan says, poses a risk to clients.
Consider the experience (or inexperience) of R. T. Jones Capital Equities Management, a St. Louis registered investment advisor. In September it agreed to pay a $75,000 fine and be censured to settle Securities & Exchange Commission charges that it failed to safeguard clients’ personal data. That data was stored on Jones’ third-party-hosted Web server and was neither encrypted nor kept behind a firewall, the SEC alleged. Worse, while Jones managed retirement money for fewer than 8,000 workers, personal data of 100,000 (who were eligible for its “Artesys” managed accounts, whether they signed up for them or not) was stored on the server and potentially compromised when the site was hacked in 2013 from multiple Chinese IP addresses. Jones, as is standard, didn’t admit or deny the SEC charges, and it did not respond to FORBES’ request for comment. But according to the SEC’s cease-and-desist order, after the breach the firm hired cybersecurity experts and fixed those glaring security problems.
“Read the Full Article at www.forbes.com >>>>”