Protect your passwords
TLDW: Old passwords that you’ve been using for a few years or more are very likely available to everyone in the world for free. Go here or here and type in your email to see which of your passwords are compromised, then follow instructions below.
While it is possible that all of your investor’s information is stored via paper and pen, most investment firms use some combination of email and online services (google sheets, dropbox, etc.) to share and manage that information between team members.
And since small investment firms often don’t have an IT department at all, it’s no surprise that they don’t have great IT policies in place. As a result, email inboxes for these smaller companies are often packed to the brim with sensitive investor data - everything from banking information, to social security and EIN numbers, to entire investor profiles in the form of subscription agreements.
After the most recent wave of leaked passwords, private equity and real estate investment companies would be wise to take a quick inventory to determine if their approach to storing and sharing investor’s sensitive personal information puts them at risk of being compromised in a data breach.
In case you’re not familiar here is a quick overview of the recent password leak story and how you can see if you’ve been compromised (Pro tip: you have).
<div style="padding:62.5% 0 0 0;position:relative;"><iframe src="https://player.vimeo.com/video/359061560?title=0&byline=0&portrait=0" style="position:absolute;top:0;left:0;width:100%;height:100%;" frameborder="0" allow="autoplay; fullscreen" allowfullscreen></iframe></div><script src="https://player.vimeo.com/api/player.js"></script>
All this means the consequences of someone gaining access to your email inbox are extremely high - think wire fraud, identity theft, or extortion of your investors. Additionally, being an investment company puts you at higher risk by default of being targeted for this type of attack by a bad actor to begin with.
The number one most important thing you can do to start protecting your investor’s information today is to start using a password manager... right now.
I know it seems like a hassle to set up any new service like this - but it’s important to confront the reality we’re in rather than waiting for something to happen and this is really easy - you can start this today and it doesn’t cost you a penny.
TLDW - Sign up for a LastPass account here using a brand new, strong password (yes, you should come up with a new one - one ring to rule them all). Gradually, as you log in to various websites, start updating your password using the random password generator. First priorities to update today are your email and banking providers - especially if that password has been compromised.
This is part 1 in a 3 part series:
How to protect your investors' sensitive data from hackers - part 1 of 3