As a global company with clients and employees worldwide, Noesis pays extra attention to how to conduct business and communications securely. Our regulator requests that we conduct periodic cyber security training to maintain awareness of the evolving threats and learn how to protect clients’ data with more advanced tools and practices. However, even though we have protected ourselves very well, we cannot emphasize enough how important it is that our clients also implement such cautiousness. Therefore, we want to share these training materials on our website, which will be updated continuously. Some presentations come with easy-to-understand audio explanations, which should benefit every participant. Please visit our website at www.noesis-capital.com/category/cybersecurity or click the links below the pictures.
Social Engineering Ransomware Data Encryption
Topics on cyber security usually include identifying the threat, protecting data and devices, and taking extra steps for monetary transactions. It is essential to look further than just preventing email attacks. The newest cyber security threats originate from social networks: they could come from a fake Facebook account, a spam text message, or a hacked WhatsApp contact. Techniques used in such attacks are called “Social Engineering.” Hackers can emulate a message that makes you feel related, concerned, or interested. These communications might appear harmless initially, but the interactions with hackers eventually lead to data loss or monetary transactions. The key to protecting ourselves from such traps is assuming fraud unless proven otherwise.
We all understand the importance of email and web protection software on our computers, but we usually don’t take the same precautions on mobile devices. With more and more data accessed through phone apps, we must learn how to guard our privacy on mobile devices. First, do not use public Wi-Fi networks for critical transactions, including website logins and sending electronic communications with sensitive information or attachments. If connecting to a public network is inevitable, using a VPN (virtual private network) to conduct such transactions can add a layer of protection. Second, turn on fingerprint or face recognition for all logins, which is crucial when a mobile device gets lost. Turn on the “screen lock” so no one can look at your devices when you are away from the devices.
Another crucial practice for security is creating hard-to-hack passwords. It takes a few hours to crack a password with eight characters, but it will take decades to crack a 15-character password. Always use long, complicated, unique passwords for different logins and apply multi-factor authentications whenever possible. “Credential stuffing” is a technique hackers use to access multiple accounts by trying the same or similar password. If passwords are unique, “credential stuffing” won’t work, and the damage can be limited to just one hacked account. One tip to create a strong password is combining random words without hints related to personal or family information and then adding or altering certain letters in those words to meet the requirements for upper cases, numbers, or special characters. Password managers can help people with difficulty remembering various passwords.
We verbally check with our clients and third parties regarding monetary transactions. There have been incidents in other firms where a realtor’s email got hacked, so the closing fund was sent to a fake escrow account. In handling home purchases, we confirm and double-check the wire instructions with the closing agents. We can only send sensitive information by encrypted email and will provide secured upload links when asking for sensitive documents.
To create a solid protection program to guard data security, we must work closely with our custodians, vendors, and, most importantly, clients. Only when our clients have the same awareness and proper practice about cyber security can the full circle of protection be completed.
We appreciate your patience and cooperation when we ask for information to be sent securely. In the future, we will use our website and quarterly communications to provide essential updates on cyber security-related topics and training. Please do not hesitate to contact us if you have questions about our cyber security policies and practices.