PRACTICE MANAGEMENT: Asset Protection Goes Beyond Investments

NEW YORK --Investors focused on protecting their assets should think beyond stocks and bonds.

Sensitive personal data, such as bank account details and Social Security numbers, need to be safeguarded too. Unlike investment portfolios, which can recover from losses, stolen information can cause long-term damage.

Secure computer networks, employee background checks and general awareness are among the protective tools individuals and organizations can employ.

Crimes that were traditionally committed in the physical realm, such as stealing bills with personal information from mailboxes, have migrated online. And thieves are becoming more sophisticated.

One recent example: The Federal Bureau of Investigation and international law enforcement agencies concluded last month a two-year operation against a cybercrime network that included thousands of members worldwide. The agencies said their bust prevented losses of $70 million.

"Today, I don't even have to break into your house," said Paul Viollis, chief executive of Risk Control Strategies, a security consulting and investigation firm for corporations and wealthy individuals. "I just break into your life."

It's unclear whether computer-based crimes will increase in today's sluggish economy, security professionals say.

Still, security is a pressing issue for the financial services community.

The Securities and Exchange Commission has proposed stricter rules for broker-dealers, investment advisory firms and other companies relating to protection and disposal of confidential client information and reaction to data breaches.The Federal Trade Commission has its own set of identity theft regulations for financial institutions that took effect Nov. 1.

   Online Vulnerability 

Criminals target organizations, which hold valuable client and proprietary data. They also go after individuals. Thieves often work on volume, said Shawn Henry, assistant director of the FBI's Cyber Division.

They, for example, send emails with malicious software to thousands of account holders. Recipients who click on links in the message download programs that can monitor or control their computer activity. One type of program captures keystrokes, providing a transcript of everything the user has typed, including account numbers and passwords.

Hackers with laptops sometimes park their cars in neighborhoods and intercept information moving through unsecured wireless networks or hijack home networks.

Some criminals target specific individuals.

Viollis said "cybertrollers" - some as young as 14 - collect information about wealthy families from the Internet and sell it to hackers. They might start by identifying large donors on the Web sites of charitable organizations, then search for additional information about those deep-pocketed contributors.

   Safeguarding Networks 

In addition to opening messages and downloading software only from trusted sources, individuals and organizations can proactively protect themselves.

OnGuardOnline.gov, a Web site maintained by the FTC with contributions from government agencies and technology organizations, has practical tips. Their suggestions for safeguarding wireless networks include the following:

-Install anti-virus and anti-spyware software and keep them up to date. Use a firewall, hardware or software that blocks communication from unauthorized sources.

-Don't send sensitive information through a public wireless network - at a hotel or airport, for example - or from a public computer. These may not be secure.

-Activate the encryption feature on routers, devices that connect computer networks. Many routers are delivered with the encryption mechanism, which scrambles communications, turned off.

-Disable the identifier broadcasting mechanism on your wireless router if possible. This mechanism alerts other devices in the vicinity to its presence. Hackers can use this to target vulnerable wireless networks.

-Turn off the wireless network when you're not using it. Hackers can't access the router when it's shut down.

Individuals and organizations can also physically protect their computer networks by placing servers, which store applications and data, in locked rooms.

Electronic keypads or access cards can provide a record of who has entered the room, when and for how long, Viollis said. Closed-circuit televisions in the server room can provide additional monitoring.

Alerting office and household staff to these protections can discourage internal breaches, he said.

Mobile phones, Blackberrys and other handheld computer devices can also be run via the server to encrypt communications.

   Use Discretion Online 

Social networking sites, which allow users to post photos and share personal information, also provide fodder for criminals.

Sexual predators can communicate with children through these networks. And posting notices about out-of-town trips or your "home alone waiting for pizza delivery" status can invite intruders.

Brian Lapidus, chief operating officer at risk consultancy Kroll's Fraud Solutions practice, cautions against posting anything you wouldn't tell a complete stranger, including birth dates and phone numbers.

"Practice prudent posting," Lapidus said.

Kroll is a unit of Marsh & McLennan Cos. (MMC).

Lapidus said thieves can piece together information from multiple sources - an online photo from you, a home address from me, a Social Security number from her - to create an "identity cyborg." Identity thieves "are great at puzzle building," he said.

Thieves can then obtain a driver's license, open a new bank or credit card account, file a fraudulent tax return, land a job or rent a house - all in your name.

   Background Checks 

Background checks for office and household employees are important. Many crimes are inside jobs. But searches that simply scan public databases can miss key details, security professionals say.

Don't assume organizations that supply domestic employees have performed thorough background checks, Viollis said.

His firm verifies Social Security numbers and professional licenses; reviews driver's license records, disciplinary records and credit reports; and searches bankruptcy, civil and criminal court records, real estate records, and national sex offender and terror watch databases.

A second level of search includes interviews with associates and former employers.

These searches aren't cheap. Background checks in the U.S. cost about $2,000 to $3,000, while searching for information from overseas can cost considerably more, Viollis said.

Through an agreement with the Chubb Group of Insurance Cos., Risk Control Strategies provides complimentary "personal risk assessments" to some of Chubb's wealthy clients.

It's not possible to insulate yourself completely from crime. It's not necessary to live in fear either.

The FBI's Henry said thieves pursue the path of least resistance. Consumers should lock their computer networks as they do their homes.

"People are more cognizant of something physical happening to them," Henry said. "Something happening virtually isn't real until the money is gone. The threat isn't as visible."

(Kristen McNamara writes Practice Management, a column that looks at ways financial advisors can build and improve their business. She can be reached at 201-938-5392 or by email at kristen.mcnamara@dowjones.com.)

(TALK BACK: We invite readers to send us comments on this or other financial news topics. Please email us at TalkbackAmericas@dowjones.com. Readers should include their full names, work or home addresses and telephone numbers for verification purposes. We reserve the right to edit and publish your comments along with your name; we reserve the right not to publish reader comments.)