Tag Archives: security

FPPad Bits and Bytes for September 5

On today’s broadcast, custodians are battling for your business with their technology solutions. Which one is coming out on top? Hacked celebrity photos have been posted all over the Internet. How are you protecting your cloud data so you don’t embarrass yourself in front of clients? And Box is thinking outside of the cloud file storage, uh, box. Find out which new initiatives offer the best efficiency gains for financial advisors.

So get ready, FPPad Bits and Bytes begins now.

(Watch FPPad Bits and Bytes on YouTube)

This week’s episode of Bits and Bytes is brought to you by Total Rebalance Expert, the industry’s largest, privately owned portfolio rebalancing software provider.

Total Rebalance Expert

Now available as a part of the Orion Advisor Services platform, TRX features tax-efficient rebalancing, an easy to use interface, and more, all at an affordable price. Learn how you can gain a half a million dollar return on your technology investment by downloading their latest white paper at fppad.com/trx

Here are the links to this week’s top stories:

Tech Update: What the Big Custodians Now Offer from Financial Planning

[This week’s top story comes from Joel Bruckenstein and his article in Financial Planning magazine. This month, Bruckenstein covered technology updates that the four major custodians have introduced, or are planning to introduce shortly, to financial advisors.
First on the list is Pershing Advisor Solutions, which most recently unveiled a new client portal called NetXInvestor, designed to be the single resource clients can access to view their portfolio holdings, access documents stored in the online vault, and in the near future, collaborate with their advisor through a secure messaging system.

Next is TD Ameritrade Institutional and its rollout of the Veo Open Access dashboard, which Bruckenstein said is poised to have the “most far-reaching impact” for advisors. The dashboard aims to unify your experience when using CRM, portfolio management, document management and other technologies. So instead of bouncing around from window to window, the dashboard leverages deep integrations with over 75 vendor integrations including Redtail CRM, Orion Advisor Services, and MoneyGuidePro to review, edit, and update data without leaving the Open Access dashboard.

Third up is Schwab Advisor Services, as Bruckenstein highlighted incremental updates to its esignature support, streamlined trade uploads from the Tamarac rebalancing soft are, and the integration of Morningstar Office to Schwab’ OpenView Gateway. Of particular interest is Schwab’s upcoming PM squared portfolio management platform, a completely new online solution that, according to Schwab’s Neesha Hathi, should be in limited beta testing as we speak.

And finally, updates on Fidelity Institutional Wealth Services rounded out the review, as the company’s WealthCentral platform will soon offer account-opening integration with Redtail and Skience for Salesforce, single sign on and trade order imports from Tamarac, portfolio imports into Naviplan and MoneyGuidePro, and other enhancements.] Over the last several years, the four major custodians have done a good job of enhancing their technology platforms. While there are some clear differences across the industry, it is fair to say that today’s platforms are far superior to what was being offered a few years ago.

You’re Reacting to Celebgate Wrong from Yahoo! Tech

Download my free Defend against hacking, phishing, and spoofing attacks handout

[Next up is news on cloud security, as I’m sure you might have heard that compromising photos of celebrities were leaked, apparently accessed from mobile device backups in the cloud. The Internet blew up, saying “Apple was hacked” and “iCloud has a security flaw.” Well, maybe not.

Yes, many of the private photos were obtained from the cloud, including Apple iCloud, but the method by which they were obtained is pretty old fashioned. Hackers used brute force attacks to successfully crack passwords and then correctly answered security questions that were far too basic, and the rest is history. So what can you do to prevent the sensitive data you manage from falling into the wrong hands?

Use long passwords, use a unique password for each website, and obfuscate answers to security questions. Instead of answering using Honda Civic as the make and model of your first car, use the word green, which might have been the color of your first car.

I have a lot more tips on keeping your data safe in a free handout you can downloaded, which is linked along with this week’s top stories.] Ever since somebody released nude photos of female movie stars this week, the wild overreactions have been clogging the Interwebs. Most of the hysteria runs along one of a few lines, and a lot of it is plain wrong.

Box’s Next Act: Box for Industries, Introducing Box Workflow, and BoxWorks 2014: New Ways to Collaborate in the Cloud from Box

[And finally, the online cloud file storage market is getting very crowded, so some of the top players are looking to set themselves apart from the competition. Case in point is Box, who this week announced several new initiatives, including Box for Industries, Box Workflow, and Box for Office 365.

Box for Industries expands on the Box OneCloud application marketplace and now highlights integrated solutions for verticals such as health care, education, and more, but notable absent is financial services. Box Workflow adds business process capabilities to firms by leveraging automation and document metadata. And Box for Office 356 better integrates Box with Microsoft’s online office suite which, if you’re not satisfied with OneDrive, opens up another cloud storage alternative.] Today… we’re announcing Box for Industries, a new initiative to accelerate business transformation in every business by combining tailored solutions leveraging Box’s metadata, workflow, compliance, and platform capabilities; industry-specific applications from curated third-party developers and partners; and world-class implementation services from Box and key system integrator partners.

Here are the stories that didn’t make this week’s broadcast:

Worth The Wait from Financial Advisor Magazine

It has taken much longer than anticipated, but Junxure CRM (www.junxure.com), a firm that integrates CRM technology, consulting and training for financial advisors, has finally announced the general release of “Junxure Cloud,” its comprehensive, cloud-based suite of CRM/office management products for financial advisors. After trying the application out for a few days, I’m happy to report that it was well worth waiting for.

Riskalyze announces Compliance Cloud to pinpoint risky portfolios from FPPad

Riskalyze Compliance Cloud aims to single out portfolios that drift outside a client’s risk tolerance

Online Adviser’s New Target: Investors With $1 Million or More from the Wall Street Journal

One of those online firms, sometimes dubbed “robo advisers,” is edging into the business of providing wealth-management services to people with $1 million or more.

FPPad Bits and Bytes for September 5, 2014

FPPad Bits and Bytes for September 5, 2014

The Heartbleed FAQ for financial advisers

Heartbleed for financial advisers

A security flaw dubbed “Heartbleed” has the potential to affect financial advisers and their clients

This is an evolving story, so in the interest in providing financial advisers with pertinent information about a serious vulnerability in Internet security, I’m offering this guide in a FAQ format.

What is Heartbleed?

Basically, “Heartbleed” is the name of a bug in software that many web-based services use to secure connections over the internet called OpenSSL. When you see the green padlock icon in your web browser’s address bar, chances are your online Internet session is encrypted with some form of the OpenSSL protocol.

The Heartbleed bug, discovered earlier this week, allows an attacker to use messages called “heartbeats” to trick a server into passing along sensitive information from its memory. The information could include account passwords or the server’s private encryption keys.

When hackers get access to that information, really bad things can happen.

Lots of additional details on Heartbleed can be found online, but you can start with the Wikipedia entry that is being updated in real time: http://en.wikipedia.org/wiki/Heartbleed

How do I test a site if it’s vulnerable to Heartbleed?

Go to this website and type in the domain name of the service you want to test: http://filippo.io/Heartbleed/

The site I tested is vulnerable to Heartbleed! What do I do now?

Oh no! First, assume that your password has been compromised. If you use the same password for other online services, identify the other sites where it’s used.

BUT WAIT! Don’t reset your passwords on the vulnerable sites just yet!

You need to wait until the vendor updates their OpenSSL code to eliminate the vulnerability. Only AFTER you receive confirmation from the vendor that OpenSSL has been updated will it be safe to return to the service and reset your password. Next, skip to the question on multi-factor authentication to increase the security of your online accounts.

The site I tested is all clear. What do I do now?

Whew, what a relief! That one site hasn’t been exposed, but your passwords still may have been exposed from another site. One thing you can easily do to enhance the security of your account is to activate multi-factor authentication (see below).

What’s the multi-factor authentication you mentioned?

Multi-factor authentication is a process where you use two or more factors to successfully log in to a secure account. The “factors” take three forms:

  • Something You Know, like your username, password, PIN, or finger gesture pattern.
  • Something You Have, like your ATM card, security token, smartcard, or mobile phone.
  • Something You Are, like your fingerprint, retina, voice, or typing rhythm.

Combining two or more of these factors substantially increases the difficulty of compromising your online account.

Assume that your password was compromised due to the Heartbleed bug and a hacker attempts to use it. If you implemented multi-factor authentication, the hacker also needs to satisfy the second factor of authentication in order to access your account. If you use your mobile phone to receive a login code, the hacker would not only need to know your password but also have physical access to your mobile phone to identify the login code.

Is there list that shows what sites support multi-factor authentication?

I’m glad you asked! Last week I identified an outstanding resource on multi-factor authentication in this post, Who supports two factor authentication? Find out in this awesome chart.

The site is twofactorauth.org and it’s totally worth your time right now to review the list of services and activate multi-factor authentication for any login

Can I do something to my web browser to validate the security of my session?

Yes, you can tweak your web browser settings to enforce more stringent security settings for your online sessions. While it’s not a guarantee against the Heartbleed vulnerability, the settings shown below will check if a site’s security certificate has been revoked before establishing a connection.

With thanks to Levi on Twitter, here are some changes you can make to Chrome and Firefox:

Also, courtesy of Dan Santner, here is a link to a more comprehensive scanning tool for a server’s SSL integrity:

The results of that test resemble a grade shown below:

A report generated by the Qualys  SSL Server Test

A report generated by the Qualys SSL Server Test

Add your questions below

Did I miss any important details? Is something unclear in one of my answers?

Let me know in the comments below and I’ll update this FAQ accordingly.

Who supports two factor authentication? Find out in this awesome chart

Find out who supports two factor authentication in this awesome chart

Two factor authentication significantly boosts the security of online accounts. Find out who supports the technique.

The damage to your business can be significant if hackers get a hold of your username and password to an online account. Once inside your program, whether it be your online CRM, portfolio accounting software, bookkeeping service, or even custodial dashboard, hackers can perform any number of nefarious activities.

So how do you increase your defenses against attacks and increase the security of your online accounts?

Use two factor authentication (see Boost your online security with two-factor authentication at FPPad)

Where is two factor authentication supported?

Sure, you understand how important two factor authentication is in protecting your online accounts from unauthorized access.

But WHICH online account providers actually support the technique?

I came across a terrific new resource online that spells out, industry by industry, who does and does not support two factor authentication.

The site is twofactorauth.org and it’s worth checking out when you have a moment.

You may discover several services you already use today that support two factor authentication, but you’re not yet using it.

So go visit twofactorauth.org and boost your online account security.

FPPad Bits and Bytes for March 28

On today’s broadcast, cybersecurity takes center stage at FINRA and the SEC, what you need to do to protect your business from attacks. Amazon launches its cloud desktop service to the public. Does this mark the end of plain old desktop in your business? And two growing providers form a new joint venture to take your portfolio management efficiency to the next level.

So get ready, FPPad Bits and Bytes begins now.

(Watch FPPad Bits and Bytes on YouTube)

Today’s episode is brought to you by Orion Advisor Services, the nation’s largest privately held portfolio accounting service bureau.

Orion Advisor Services

Providing full-service data reconciliation, advisory fee billing, Salesforce integration, mobile apps and more, Orion believes it’s time for you to enjoy your business again. Visit fppad.com/orion for more information.

Here are the links to this week’s top stories:

Top Cybersecurity Threats for BDs, Advisors from ThinkAdvisor, and

SEC Cybersecurity Roundtable Webcast from SEC.gov

[Leading off today’s broadcast is an update from FINRA and the SEC highlighting cybersecurity threats faced by advisors and broker-dealers. In a roundtable event held in Washington DC this week, regulators and industry representatives acknowledged that the number one cybersecurity threat to firms of all sizes is the unauthorized account takeover.

This happens when a hacker compromises an investor’s username and password credentials, or manages to take control of an investor’s email account. The hacker then proceeds to liquidate holdings and transfer money to outside accounts, or even poses as a client with a convincing story to get advisors to transfer funds to an outside account, a clever tactic known as spoofing.

Both FINRA and the SEC acknowledge they must play a role in this area, but neither provided details on what exactly that role should be, and if any advisor exams are to include cybersecurity audits, they are likely to start in the fall of 2014 at best.

Until then, here’s what I recommend you do: First, update your compliance manual with policies for what you do when faced with a cybersecurity attack.

Second, train everyone in your organization so they’re familiar with the common tactics from hackers, including phishing, spoofing, and reverse social engineering. And finally, invest in technology to boost your security, like activating multi-factor authentication, deploying firewalls, and even using phishing simulation software that I highlighted in episode number 115.] The top risks broker-dealers face in dealing with cybersecurity threats are operational risk, “insider” risks posed by rogue employees and hackers penetrating BD systems, Daniel Sibears of the Financial Industry Regulatory Authority said Wednesday at the Securities and Exchange Commission’s cybersecurity roundtable.

Amazon WorkSpaces, Amazon’s Cloud Desktop Service, Launches To Public Along With New Sync Client from TechCrunch, and

Amazon WorkSpaces from Amazon

[Next up is news from Amazon, as the company announced the general release of its virtual desktop solution to the public called WorkSpaces.

WorkSpaces is squarely aimed to take on other virtual desktop providers like Citrix, VMWare, and Microsoft, and with pricing ranging from $35 to $75 per month for each user, WorkSpaces is roughly half the price of the competition. If you’re looking to get rid of your aging server and move all of your core software to the cloud, Amazon WorkSpaces just became a very compelling option.

Plus, with the introduction of a new WorkSpace Sync application, you can backup and synchronize up to 10GB of documents between your WorkSpaces, the Amazon Simple Storage Service, and even your local desktop computer. This gives you a secure and reliable document storage alternative to consumer services like Dropbox, Box, Google Drive, and Microsoft OneDrive that you might be using today.] Amazon WorkSpaces, the company’s virtual desktop computing environment introduced last fall at the AWS re:Invent conference, is today available to the public.

Orion Advisor Services, LLC and Total Rebalance Expert (TRX) Form Joint Venture; Announce Technology Integration from PRNewswire.com

[And finally, two popular providers in portfolio management and rebalancing software, Orion Advisor Services and Total Rebalance Expert, announced a new joint venture this week called the “Total Technology Platform.”

The two companies first integrated their solutions back in October of 2012, enabling the import of account, transaction, and tax lot data from Orion directly into TRX with a single click.

But this latest venture goes beyond bidirectional integration, as users of Orion will now be able to access TRX directly from within the Orion platform. At the same time, both companies said they are committed to maintaining open-architecture platforms rather than hold advisors captive to one bundled solution.

Orion users can still take advantage of integrations with Blaze Portfolio, iRebal from TD Ameritrade Institutional, and Rebalance Express from RedBlack Software, and TRX users can continue to import data from Morningstar Office, Portfolio Center from Schwab Performance Technologies®, Advent’s Black Diamond Performance Reporting and more.] Total Rebalance Expert (TRX) and Orion Advisor Services, LLC (Orion) announced today a joint venture between the two companies to provide a “Total Technology Platform” designed to simplify and streamline the portfolio management process.

Here are stories that didn’t make this week’s broadcast:

Box Unveils First Standalone Product And New API Pricing At Inaugural Dev Conference from TechCrunch

New Kitces Network to Target Planners for Gen X & Y from Financial Planning

Office 2 HD for iPad is now Citrix ShareFile QuickEdit, drops $7.99 price to become free via iTunes

 

Watch FPPad Bits and Bytes for March 28, 2014

Watch FPPad Bits and Bytes for March 28, 2014

FPPad Bits and Bytes for January 24

On today’s broadcast, can you really share documents on Dropbox and SkyDrive without violating compliance? How does one RIA manage the security concerns of the bring-your-own-device trend? And does Salesforce create more problems than it solves? One RIA decides to bare all.

So get ready, FPPad Bits and Bytes begins now!

(Watch FPPad Bits and Bytes on YouTube)

Today’s episode is brought to you by Hill Compliance Advisors, a virtual compliance consulting firm to RIAs. As a former RIA herself, Cindi personally performs your compliance tasks, allowing you to do what you do best: run your business and spend more time with clients.

Hill Compliance Advisors

With a little help, compliance will no longer feel like the enormous burden it might seem to be today. Follow Cindi’s blog and sign up for her free newsletter by visiting fppad.com/hilladvisors.

Here are the links to this week’s top stories:

NetDocuments Announces ndOffice™ and ndConnect™ to Embed Cloud-Based Document Management in MS Office, and Integrate with SkyDrive and Dropbox from NetDocuments

[On the heels of last week’s announcements by Laserfiche, NetDocuments is out with news of its own. The popular cloud-based document management provider announced two new enhancements that should be very useful for advisors.

First, NetDocuments has reengineered its ndOffice product, which allows NetDocuments to be integrated directly with Microsoft Office applications, including the online Office 365 Web Apps. Instead of temporarily saving documents to a desktop or server and then uploading them to NetDocuments, ndOffice allows users to open and update Word, Excel, and PowerPoint files directly from their NetDocuments repository. That should save a lot of mouse clicks!

And second, NetDocuments announced the scheduled release of ndConnect coming this April. Now *you* may use NetDocuments for your own document management, but your clients prefer to use consumer services like Dropbox or SkyDrive to manage their own files. So how do you get the two services to play nice with one other?

ndConnect is NetDocuments’ way of bridging the gap between these services, as it applies rules and permissions to support file sharing with Dropbox and SkyDrive without circumventing the security and compliance requirements advisors need to follow. So you can continue to meet your compliance obligations for document management while allowing your clients to use their preferred file sharing service.] NetDocuments brings document management directly into MS Office applications and integrates the enterprise content management service with Dropbox and SkyDrive

Why a ‘bring your own device’ strategy is critical for small business owners from InvestmentNews

[Next up is news on the mobile device security front. I bet you wouldn’t even consider running your business today without using a smartphone, and you probably allow your colleagues and employees to use their mobile devices to stay connected with the workplace, a trend identified as “bring-your-own-device,” or BYOD.

But accessing your business and client information on your mobile device does raise serious security concerns. Alex Murguia, Managing Principal of McLean Asset Management Corporation, shared how his firm supports the BYOD trend while also enforcing the security of information stored on mobile devices. And coincidentally, the product he selected just got acquired by VMware this week for a reported amount of $1.5 billion dollars.] Our firm is instituting a Bring Your Own Device policy as part of our new Mobile Device Management strategy.

How one RIA’s faith in Salesforce’s sophistication led to cut-and-paste hell and a major rethinking from RIABiz.com

[And finally, if you’ve been considering an upgrade to your CRM or want to officially cut the cord from Microsoft Outlook (note: not a CRM), you’ve probably considered SalesForce, the 800-pound gorilla of CRMs, as a potential solution. Well one firm recently dove in head-first into a Salesforce implementation, but quickly found that things did not go as smoothly as they had planned.

An article published this week in RIABiz chronicles one RIA’s trials and tribulations with the CRM behemoth and reveals many important lessons learned along the way. So if you want to avoid the frustrations of a Salesforce deployment encountered by one RIA, I suggest you read this account and use it to influence your plans for a more successful CRM transition.] After a dazzling SF demo, Portland Global Advisors planned to dump its advisor-dumb Microsoft CRM for Salesforce but the devil was in details

 

Watch FPPad Bits and Bytes for January 24, 2014

Watch FPPad Bits and Bytes for January 24, 2014

 

Client spoofing strikes again, RIA loses $290,000 of client funds

An RIA’s poor compliance procedures let hackers steal $290,000 of client funds

Financial advisers who aren’t prepared to defend against client spoofing attacks not only stand to lose client funds, but also face steep penalties from regulators.

FPPad readers have known since April 2012 that hackers are targeting financial advisers, masquerading as clients via email in a ruse to steal client funds.

Go read Why advisers can’t trust their clients anymore for a refresher of what spoofing attacks are and steps to defend them.

Spoofing Strikes Again

This week, several of the industry trade magazines broke the story about GW & Wade, a registered investment adviser based in Wellesley, Mass., regarding how hackers were able to steal $290,000 of client funds from the company. See RIA Fined By SEC After Hacker Uses E-Mails To Steal Client Funds from Financial Advisor magazine and SEC Sanctions 3 RIAs for Custody Rule Violations from Financial Planning magazine.

The lapse in compliance policies and procedures at the company also resulted in a civil penalty assessed by the SEC in the amount of $250,000.

Full details of the SEC Administrative Proceeding can be viewed here (opens a PDF in a new window).

Hackers Target Advisers

Hackers continue to target investment advisers because they’re the ones with the ability to direct fund transfers.

Solo advisers might not fall victim to a client spoofing attack so easily because they may detect right away that something about the client’s communication is just “not right.”

But when the same attack is deployed in a multi-billion dollar RIA with dozens of administrative employees, hackers have much better odds of success.

Convenience Creates Risk

Once again, according to the Administrative Proceeding, GW & Wade had hundreds of blank Letters of Authorization (“LOAs”) forms on file with only client signatures.

Only after a request was received would the company fill in the pertinent details on a pre-signed LOA and route it for processing.

The convenience of pre-signed LOA forms decreased the chances the company would suspect something wasn’t right with a client wire request. Instead of verifying the authenticity of the request, the company simply routed the pre-signed LOA forms with wire instructions included.

Although, one could argue that if GW & Wade DID try to obtain a client signature via email, following the spoofed client’s instructions, the attack still would have succeeded.

So assume for a moment that no pre-signed LOA forms existed, GW & Wade likely still would have fallen prey to client spoofing because the company would have tried to obtain a client signature via email. The hacker likely would have quickly complied using a signature cut and pasted from another document in the hacked email account.

Clearly, a separate factor of authentication is required to properly authenticate wire requests from clients (a secret phrase, a video chat, Why advisers can’t trust their clients anymore has more details).

Calculating Fees With Spreadsheets Is Hard

Also buried in the Administrative Proceeding is a note about excess fees charged by GW & Wade.

Allegedly since January 1, 2005, the company failed to exclude mutual fund class C share holdings in assets subject to the company’s advisory fee schedule.

The company likely was already receiving 12b-1 fees from the C share holdings, but evidently was “double dipping” by charging the firm’s advisory fee on the same C shares once again.

I have no additional details on the matter, but let’s assume that advisory fees were calculated using a spreadsheet loaded with the value of client holdings for each quarter.

If that spreadsheet isn’t designed to specifically recognize C share mutual fund holdings (which, quite frankly, opens up a Pandora’s box of trouble on its own) and exclude them from the advisory fee calculation, then it’s far too easy to roll up those C share holdings among all the other assets and calculate the fee due.

For GW & Wade, the company now has one year to reimburse in full every client affected by the excess advisory fees charged. That means going back over more than eight years of billing history to determine what the amount of excess fee was charged to each client, quarter by quarter, and credit each client accordingly. That applies to both current and former clients!

So for former clients, how many of you retain holding balances and pricing information indefinitely?

Talk about a huge big data challenge.

FPPad Bits and Bytes for October 11

On this week’s broadcast, learn which broker-dealers are stepping up their game in technology, the industry’s first native financial planning app for Salesforce is introduced, what to do when someone steals your online videos, and more. So get ready, Bits and Bytes begins now.

(Watch on YouTube)

Today’s episode is brought to you by the 2013 T3 Enterprise Conference, exclusively designed for the technology needs of broker-dealers and financial enterprises.

T3EClogo600

You have less than one month before this event kicks off on November 3rd in Chicago, so if you’re looking for the best place to monitor trends in broker-dealer technology, you need register today at t3enterpriseconference.com

Upping the Ante from Financial Advisor Magazine

[Continuing with the theme of broker-dealer technology, this week’s lead story comes from Joel Bruckenstein, whose “Upping the Ante” column for Financial Advisor magazine provides a terrific overview at what broker-dealers are doing to deliver leading technology to their representatives.

Bruckenstein covers updates from leading BDs like Raymond James, LPL Financial, United Planners, Commonwealth, and Wells Fargo Advisors. Even if your firm is not affiliated with a broker-dealer, you need to read this column to find out what technology you should be adding to your business so you don’t fall behind in this continuously evolving marketplace.] With advisors’ business models constantly evolving, the pressure on independent broker-dealers to continually enhance their technology platforms has never been more intense. From portfolio management to client relationships, advisors are demanding that competitive brokerage firms up their tech games. This article looks at how five broker-dealers are trying to satisfy those demands.

Advisor Software, Inc. Launches goalgamiPro On salesforce.com’s AppExchange, The World’s Leading Business Apps Marketplace from PRNewswire.com

[Now notably absent from an article on broker-dealer technology is any update on Salesforce, the 800-pound gorilla of enterprise CRM. But one company expanding its support of Salesforce is Advisor Software, creators of goalgamiPro, a quick financial planning software application that I’ve highlighted in the past on my YouTube channel.

Advisor Software just launched a new app in the Salesforce AppExchange for goalgamiPro, giving advisors who use Salesforce the industry’s first native financial planning app for the CRM platform. You can watch a 7-minute demo video of goalgamiPro for Salesforce in action embedded along side the links to this week’s top stories.] Advisor Software, Inc., a provider of wealth management solutions for the financial advisor market, today announced it has launched its goalgamiPro quick planning solution on salesforce.com’s AppExchange, empowering businesses to connect with customers, partners and employees in entirely new ways.

Video theft: the latest threat to online financial adviser content from FPPad

[Switching gears now, a lot of you have asked me how you can create and post videos online to market your firm and generate organic search traffic to your business. But when you post videos online, you need to know that other people with dubious intentions can steal your videos and use them for their own benefit.

This week I discovered two episodes of Bits and Bytes had been reposted to another channel on YouTube and were being used to generate advertising revenue for that channel owner. So what can you do if you find someone allegedly infringing your copyrighted videos? YouTube makes it very easy to file an infringement claim, and when I filled one out for the two Bits and Bytes videos that were stolen, YouTube removed them in less than 24 hours.

Here is the link to access the YouTube Copyright Infringement Notification form.] Content thieves are stealing popular advisor videos to draw visitors to their questionable channels. Find out how to stop them.

Orion Advisor Services, LLC Achieves ISO 27001 Certification from PRNewswire.com

[Finishing up this week’s broadcast is a security update from Orion Advisor Services, the nation’s largest privately held portfolio accounting service bureau and, full disclosure, past sponsor of Bits and Bytes. Earlier this week, Orion announced that it achieved the ISO 27001 certification for meeting rigorous standards required for internal security controls.

The ISO 27001 certification is not easy to achieve, as the audit process is both time consuming and expensive. Orion becomes just the second company in all of Nebraska to receive the certification and joins industry heavyweights like Salesforce and Broadridge as the few financial services firms that are ISO 27001 certified.

But if you seek the gold standard in security controls from your vendors and providers to keep your information safe, ISO 27001 is the benchmark that distinguishes the top companies from all the rest.] Orion Advisor Services, LLC, a premier portfolio accounting service provider, recently completed an independent audit in accordance with the global security certification standards outlined by the ISO/IEC 27001:2005 report (“ISO 27001”).

 

20131011 episode thumbnail 590

How to enable two-step verification on your LinkedIn account

Don’t let hackers compromise your carefully curated LinkedIn profile. Protect your account by enabling LinkedIn’s two-step verification.

Hackers know that if they can trick you into handing over your password to online websites, they can carry out all sorts of nefarious activity.

Protecting Your Digital Assets

Online banks, Google, Dropbox and even Facebook and Twitter have all enhanced the security of user accounts by adding a two-step verification option to the login process (see: Boost your online security with two-factor authentication).

Not only do you need the right username and password to sign in to online accounts, you also need to enter a code sent to your mobile phone. That unique code is the second factor of authentication, drastically increasing the difficulty of hacking in to your account.

LinkedIn’s New Two-step Verification

Finally, LinkedIn just only recently added two-step verification to user accounts.

The video walkthrough above shows you how to quickly turn on two-step verification in your LinkedIn account.

All you need is your mobile phone and two minutes of time to keep your LinkedIn account safe from outside attacks. Go do it!

 

FPPad Bits and Bytes for March 22

I made it! The new FPPad headquarters is up and running in Atlanta (and if there weren’t boxes and papers everywhere, I’d post a photo).

But right now, it’s back to unpacking for me. So here are this week’s stories of interest:

Personal Phones, iPads at Work: Convenience or Cyber Threat? from Financial-Planning.com

[BYOD, or bring-your-own-device, is a growing trend in all businesses, including yours. Do you allow employees (and you, too) to connect to work-related systems with a personal mobile device? It can be as simple as allowing email or contacts to be synchronized to the device. If so, it’s critical you have procedures and systems in place to adequately protect any sensitive data stored on personal devices. This short review from new FP editor Paula Vasan is a timely reminder, plus you’ll get three mobile device management resources cited by me.] Personal devices can pose a serious threat to businesses if strict policies and preventative cybercrime measures are not put in place, according to a study.

Citrix follows Box’s lead by adding content editing and secure synching to its ShareFile mobile apps from TheNextWeb.com

[Dropbox, Box, ShareFile, etc. are common names heard when talking about cloud file storage and synchronization. Dropbox is wildly popular among consumers, Box is a leader in the enterprise, and ShareFile is growing well among financial advisers (it was also one of my picks for Best Tech of 2012). This week, ShareFile enhanced its mobile app by allowing users to create and edit documents, spreadsheets, and presentations directly within the ShareFile app, as well as allows users to markup and annotate PDF documents. With Box, you can do similar tasks using other third-party apps compatible with OneCloud. With Dropbox, you can’t do this.] Citrix, a cloud, networking, and virtualization technology company, will announce on Tuesday that it is updating its ShareFile file-sharing app with better mobile content editing. What this means is that the service aims to compete against Box and other enterprise-focused file sharing services, hopefully allowing users to be more productive while on the go, even when they are offline.

With a fresh $20M and sharp increase in assets managed, Wealthfront keeps growing from PanoDaily.com

[How is online advice platform Wealthfront fairing? Well, they’re up to $170 million in assets aggregated through the platform. I’d judge by growth in 2012 that the company is on its way to $500 million in assets by the end of 2014. Still, with a fresh round of $20 million raised, coupled with $3 million in Angel and $7.5 million Series A capital, its a significant investment for a questionable return so far. But again, there’s potential here if Wealthfront catches on with the next generation of wealth transfer on the horizon.] Wealthfront, which makes software that acts as a financial advisor for its clients, hasn’t had the easiest road remaking the financial world in Silicon Valley’s image. But it after a name change, a pivot and some key new hires it appears to be growing rapidly.

Erado Announces the Latest Addition to Their Social Media Compliance Solution, Salesforce Chatter from Erado.com

[Erado continues to increase their social media archiving coverage with the addition of Salesforce Chatter connectivity. Smarsh has supported Chatter since October 2012 (see FPPad Bits and Bytes for October 5), and with Erado onboard, I’d expect to see a slight uptick in Chatter use among advisers using Salesforce for their CRM.] Erado, the nation’s leading compliance and archiving firm in electronic communication, officially announced the newest addition to their Social Media Capturing suite, Salesforce Chatter.

 

 

FPPad Bits and Bytes for February 8

The 2013 T3 ConferenceToday I’m headed out early to the T3 conference in Miami, FL. Stop by and say hi if you’re attending; I’m speaking on Tuesday at 1:15pm (Defending Your Business from Hackers) and 2:40pm (Current Technology Trends) and again on Wednesday at 8am (File Sharing and Collaboration Software).

Here are this week’s stories of interest:

Ten Tips That Could Prevent Cyber Criminals from Hijacking Client Data from WealthManagement.com

[Remember the Phishing, Hacking, and Spoofing article I wrote here last year? See: Why advisers can’t trust their clients anymore. Now a bunch of the major financial trade publications are picking up the story on ways advisers need to protect their business and their clients’ personal information, because hackers are exploiting holes in security and are stealing money.] As tablet ownership continues to grow—doubling since 2011—and more than half of U.S. consumers owning a smartphone, according to a 2013 Forrester Research report, advisors need to be more vigilant about data security now more than ever. Below are 10 easily implemented safeguards that could prevent advisors becoming an easy target for cyber thieves.

Windows 8 Review: 5 Things to Know from Financial-Planning.com

[Joel Bruckenstein wrote this good review of Windows 8 and the pros and cons the new operating system offers to financial advisers (See: Windows 8 for financial advisers: Pros and cons from FinFolio CEO Matt Abar). I admit, I couldn’t convince myself to personally buy a copy of Windows 8 to try it on my own. I know, I know, I’m a technology consultant, and I should have experience with ALL software systems available, but still… it’s a Microsoft product, and I stopped using their OS in 2011. Nevertheless, you will likely need to replace an aging Windows machine, and Windows 8 is about your only reasonable option for the OS.] Whenever Microsoft releases a new operating system, it is a significant event. And the latest edition of its operating system, Windows 8 – designed to work on desktop computers, laptops, tablets and smartphones – is much more than a PC operating system.