From the Dark Web to Wall Street: Protect Yourself from Cyber Criminals

November 19, 2019

At Morgan Stanley, Rachel Wilson’s job is to make sure every system, network and application the company uses across 600 branches, 15,550 financial advisors and 3.2 million client relationships is as safe and secure as it can be.

As the director of cybersecurity for Morgan Stanley, she knows the threats title and settlement professionals contend with. Among increasingly sophisticated cyber threats, Wilson shared her expertise during ALTA ONE on how best to avoid falling prey to scams and attacks.

Wilson spent the first 15 years of her career running counter-terrorism operations at the National Security Agency (NSA). While there, she focused on detecting and disrupting terrorist plots and led the planning and execution of thousands of cyber exploitation operations.

“Cybersecurity is top-of-mind for all of us, whether we’re thinking about our professional or personal lives,” Wilson said. “Most of us are both scared and a little naive about how much of our data and money—as well as our customers’— is at risk.”

Wilson made the leap to the financial services industry in December 2012 when the Iranian government was conducting denial-of-service attacks on banks in retaliation against sanctions by the United States.

“Iran went up against the Nasdaq. The attacks shut it down for multiple days,” Wilson said. “Because they were shooting cyber bullets at Wall Street, there was not much we could do.”

According to Wilson, the largest risks right now are ransomware and business email compromise scams (often the precursor to wire transfer fraud). To protect themselves, companies should follow sound cyber hygiene by keeping systems fully patched and up to date, having strong authentication and an antivirus product.

“You should outsource email servers to the best athlete around,” Wilson said. “Email security is probably not what you were trained to do. Leverage the strong authentication options they give you. This is a space where you want to buy American.”

Wilson said there are three bins that authentication information falls into:

  1. Something you know: This includes passwords, PINs, combinations, code words, etc. The problem with this is that between all the breaches over the years and everything on social media, the efficacy of this has plummeted, Wilson says.
  2. Something you have: This includes all the physical objects such as your computer, phone, keys, USB drives and token devices. Wilson recommends registering items. Having something you know with something you have is known as multi-factor authentication. This is the golden standard, according to Wilson.
  3. Something that you are: This includes any part of the human body that can be offered for verification, such as fingerprints, palm scanning, facial recognition, retina scans, iris scans and voice verification. Wilson believes in the value of biometrics.

Not only is important to protect the devices that are connected to the internet, it’s also essential to know the dangers of how you’re connected. Wilson recommended using additional security like a virtual private network (VPN) and avoid using unsecured, open Wi-Fi hotspots. An option is to use the LTE channel and hot spot on your phone. This connection is encrypted and much safer, Wilson said.

She also warned about how mobile devices are charged. Wilson said to steer clear of publicly available charging ports or to use data blockers.

“Without protection, there’s a risk of data being stolen off the phone or malware being injected into the device,” she said.

Wilson also raised an alarm about how much physical paper companies have in their offices. She said fraudsters have been forced back to traditional frauds circa 1986.

“It’s the paper that is driving fraud losses,” Wilson said. “If we stopped writing personal checks, I could send half of my fraud department home. Anyone who gets a hold of a check can go to Costco and print them off. In many ways doing money payments online can be much safer way of doing business.”

A final tip Wilson offered was to consider having a separate device for high-risk activities.

“By physically bifurcating high-risk from everything else, you can better protect yourself,” she said. “I have three separate Wi-Fi networks. One just for banking, one for hackable things and a third for guests.”


Contact ALTA at 202-296-3671 or communications@alta.org.