Back to Blog

How to protect your investors' sensitive data from hackers

Part 1 of a 3 part series
Josiah Mann

Protect your passwords

The problem

TLDW: Old passwords that you’ve been using for a few years or more are very likely available to everyone in the world for free. Go here or here and type in your email to see which of your passwords are compromised, then follow instructions below.

While it is possible that all of your investor’s information is stored via paper and pen, most investment firms use some combination of email and online services (google sheets, dropbox, etc.) to share and manage that information between team members.

And since small investment firms often don’t have an IT department at all, it’s no surprise that they don’t have great IT policies in place. As a result, email inboxes for these smaller companies are often packed to the brim with sensitive investor data - everything from banking information, to social security and EIN numbers, to entire investor profiles in the form of subscription agreements.

After the most recent wave of leaked passwords, private equity and real estate investment companies would be wise to take a quick inventory to determine if their approach to storing and sharing investor’s sensitive personal information puts them at risk of being compromised in a data breach.

In case you’re not familiar here is a quick overview of the recent password leak story and how you can see if you’ve been compromised (Pro tip: you have).

<div style="padding:62.5% 0 0 0;position:relative;"><iframe src="https://player.vimeo.com/video/359061560?title=0&byline=0&portrait=0" style="position:absolute;top:0;left:0;width:100%;height:100%;" frameborder="0" allow="autoplay; fullscreen" allowfullscreen></iframe></div><script src="https://player.vimeo.com/api/player.js"></script>

All this means the consequences of someone gaining access to your email inbox are extremely high - think wire fraud, identity theft, or extortion of your investors. Additionally, being an investment company puts you at higher risk by default of being targeted for this type of attack by a bad actor to begin with.

The solution

The number one most important thing you can do to start protecting your investor’s information today is to start using a password manager... right now.

I know it seems like a hassle to set up any new service like this - but it’s important to confront the reality we’re in rather than waiting for something to happen and this is really easy - you can start this today and it doesn’t cost you a penny.


TLDW - Sign up for a LastPass account
here using a brand new, strong password (yes, you should come up with a new one - one ring to rule them all). Gradually, as you log in to various websites, start updating your password using the random password generator. First priorities to update today are your email and banking providers - especially if that password has been compromised.

This is part 1 in a 3 part series:

How to protect your investors' sensitive data from hackers - part 1 of 3

How to protect your investors' sensitive data from hackers - part 2 of 3

How to protect your investors' sensitive data from hackers - part 3 of 3

Share on social media: 

More from the Blog

How to protect your investors' sensitive data from hackers

Part 3 of a 3 part series

Asking small investment companies to not share investor data over email is tough - but when it comes to documents it’s a good practice to use a service specifically for sharing them securely - think Google Drive, Dropbox, etc...

Read Story

How to protect your investors' sensitive data from hackers

Part 2 of a 3 part series

Two factor authentication can seem like a hassle, especially when you have to log into a website over and over and it requires two factor authentication every single time you login.But the reason two factor authentication is becoming so popular is because it works.

Read Story

Get more content like this

Receive helpful tips, tricks, training, and best practices from across the private equity real estate and syndication world.
We will never share your email address with third parties.