When Bartlett’s IT Director and resident cybersecurity guru Matt Whalen describes himself as “paranoid,” he means that he spends more time than the average person thinking about increasingly sophisticated threats to cybersecurity. But while it’s a subject that keeps Whalen and his team awake at night, Bartlett clients can rest easier knowing that our team is working tirelessly in the effort to keep their financial information safe.

Q: Describe how Bartlett’s approach to cybersecurity has changed during your tenure.

A: When I started at Bartlett 28 years ago, cybersecurity wasn’t an issue since no one was really online. Hackers and scammers didn’t have a way in. We would get the occasional fax in the middle of the night from a ‘Nigerian prince,’ but that was really the extent of it. Now, the Internet is everywhere and hackers have become more creative, which means everyone is exposed to a much greater cybersecurity risk.

 

Q: What does the threat look like, and what measures does Bartlett take to combat it?

A: Email is the single easiest way to hack into a network or individual computer. In a given day, companies like Bartlett see thousands of attempts — most are immediately blocked at our gateway because they’re known attackers.

The reality is, it’s very difficult to stop a motivated hacker. Our job is to slow them down enough that it’s not worth the effort to them. Our cybersecurity measures are in a constant state of evolution. We implement systems, assess them, disrupt them, test them, research new solutions, and then repeat the whole process. Bartlett has always prioritized security, so our team doesn’t have to spend a lot of time justifying why we need certain measures or assets.

As a member of the national Charles Schwab Technology, Operations, and Services Board, I am frequently briefed on the latest developments in the cybersecurity world.  My team reads as much as possible and regularly attends industry security conferences. We host mandatory information sessions here in the office for our staff twice per year and send out routine updates for our advisors, who do a great job of passing that info along to clients.

As for our local network security, I’m not going to give away the ‘secret sauce,’ but we avoid putting any personally identifiable information online whenever possible and when we do, we ensure the data is encrypted. If our partners have client information online, we require them to certify they are meeting required industry standards; then we encrypt our connections to further protect any data moving between us. Finally, we use multiple layers of security, from firewalls down to the individual files.

 

Q: What more can Bartlett clients do to protect their information?

A: Proper training and common sense are the best defense. On a home network, back up your data and use an up-to-date antivirus and firewall. When you’re online, use multi-factor authentication wherever available. Don’t allow your browser to save your login credentials. Try to use a different password for each login account, and keep track of them with a password manager like LastPass. Don’t automatically assume an email is legitimate. Look for red flags —grammar, urgency, how they use names, etc. There are always flags you can look out for, but if you aren’t sure, call us to confirm.