U.S. Cyber Attack on Iran was Real, Now What?

In terms of cyber security, the cyber-attack on Iran by the United States last week opens the door for reciprocity. Will it be what the Pentagon refers to as a cyber Pearl Harbor? Or will it be smaller one-off cyber-attacks? America’s recent actions were measured and non-violent, but may have increased the risk of cyber-counter-attacks on the United States, whether it be an attack on the power-grid or banking system or something else.

In a recent article in Reuters, “State Cyber-Attack Poses Big Danger for UK Banks- Bank of England,” David Milliken writes:

“A state-backed cyber-attack could secretly corrupt the records of British financial institutions over a period of months, posing a risk that banks would probably struggle to guard against on their own, a senior Bank of England policymaker said.

Banks have focused mainly on stopping service outages, but the falsification of transaction records and other data was an even bigger danger, Anil Kashyap told lawmakers on Tuesday.

“If you wanted to do maximum damage, that is what you would probably do if you were a state actor,” he told a parliament committee.

It has never been more crucial for you to take the steps to increase your  financial cyber-security. Make sure you’re aligned with the big players like Fidelity Investments.

• Fidelity is Boston and Boston is Fidelity
• Fidelity Investments: Why it’s #1
• Thank You Mr. Johnson
• My Personal View on Fidelity Investments for You

And do business with a company you can trust. Here’s a breakdown of Fidelity’s security measures:

We employ the most sophisticated technologies and best practices available to make certain that your sensitive information and accounts are well protected: online, over the phone, and in person.

Protecting your online visits

Extra login security
Through a partnership with cybersecurity firm Symantec, we offer 2-factor authentication tokens at login, a technology that helps prevent someone from gaining illegal access to your accounts, even if they’ve guessed your username and password.

Symantec’s Validation and ID Protection (VIP) Access token app will generate a random code that you’ll be asked to enter each time you log in to your Fidelity account. That extra code makes it incredibly difficult for someone attempting to penetrate our already robust defensive measures. Learn more or download the application

2-factor authentication
This enhanced security feature is designed to protect certain transactions in your account, even if an unauthorized individual has stolen your password. It requires you to verify your identity using a randomized 6-digit code that can be sent to your mobile phone (or alternate phone number) via text message or automated phone call. See how two-factor authentication works

Security questions and answers
We may prompt you to answer one of your security questions when you log in from a new computer for the first time or when you change your password. This will block those trying to gain unauthorized access to your accounts. We allow you to create up to four security questions in Your ProfileLog In Required.

Username and password requirements
To help prevent unauthorized access, we prompt you to create a unique username and password when you first access your account. The strongest passwords are long and employ a mix of numbers, upper and lower case letters, and special characters. Learn more about updating your password

Timed logoff
At Fidelity, convenience and safety of your account is of utmost importance. To help lessen the chance of unauthorized access of your account, we’ll automatically log you off after observing a period of inactivity.

Strong encryption
Your account activity is hidden from prying eyes as it travels over the Internet to our servers thanks to our strong 128-bit, two-way data encryption. This is the strongest encryption technology available to us. Look for the “https:” at the beginning of the web address to know it’s working. You’ll see it even before you log in.

Secure email
You can send our customer service team secure, encrypted messages once you’re logged in to our website. Never send us information regarding your accounts unless it’s through this secure channel. Have a question you need to send securely? Send us a secure message

We will never ask for your confidential data like account numbers, username and passwords via email. When we do email you, we digitally sign all customer emails so that you can verify that the message isn’t forged or altered.

Security alert texts
We’ve enabled text notifications for certain security transactions. If you’d like to benefit from text alerts, add your mobile number to your Profile. If you’ve already added your mobile number—thanks, you’re all set to receive text alerts.

Protecting your phone interactions

Fidelity MyVoice^®
With Fidelity MyVoice^®, you’ll no longer have to enter PINs or a password when you call us. Our voice recognition technology helps you interact with us securely and more conveniently. Learn more about Fidelity MyVoice^®

Safeguards inside Fidelity

Customer verification
Whether you visit us online, by phone, or at an Investor Center, we always verify your identity before granting access to your accounts.

Systems surveillance
We’re on the lookout for suspicious irregularities across our network and infrastructure every day, all day. We will promptly alert you if we spot a problem that affects you.

Firewalls
Firewalls are protective barriers that defend Fidelity networks and computer systems from hackers and cyber attacks trying to gain access into our data centers. We use some of the strongest firewalls available in the industry to guard the information housed in our servers.

Fraud detection
We monitor transactions for suspicious and unusual behavior to ensure that they are authentic and legitimate. If we detect abnormal activity in one of your accounts, we will notify you immediately.

Security at our branches and offices
Our security measures extend far beyond our website. We vigilantly monitor all work areas in order to prevent theft or scrutiny of documents containing sensitive information. In addition, authorized personnel can only enter work areas through use of a security badge.

Restricted access to data
We limit access to systems containing customer data to only those employees who need it to conduct business. We continually monitor access and only grant it to new people on a case-by-case basis.

Employee education
We make sure that our employees know and adhere to our security policies. We require periodic training on our security policies for all personnel, no matter their department. Personnel who work directly with customers receive extra training on emerging risks, such as identity theft.

Read more from Fidelity here.