Cybersecurity and Fraud
Our business is built on relationships, and relationships are built on trust. As a Stifel client, you trust us to make sound investment decisions on your behalf. You also trust us to make sound decisions in protecting your assets and data from cybercriminals. Your trust is our most important asset.
Stifel takes this responsibility very seriously and leverages the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). The NIST CSF is a comprehensive guide intended to provide information security assurance across all domains. Key components of this framework include a layered security approach
- Next-Generation Firewalls
- Intrusion Detection and Prevention Systems
- Security Information and Event Management Tools
- Third-Party Network & Alert Monitoring and Incident Response
- Advanced Distributed Denial of Service (DDOS) Mitigation Services
- Network Access Controls
- Data Encryption at Rest and in Transit
- E-Mail Surveillance
- Multiple Endpoint Detection and Antivirus Programs
- Multi-Factor Authentication
- Continual Penetration and Control Testing
- Third-Party Testing and Control Review
- Active Threat Hunting
- Threat Intelligence Feeds and Monitoring
- Perpetual Vulnerability Scanning
- Identity and Access Management Controls
- Laptop and Mobile Device Encryption
- Security Incident Response Testing
- Disaster Recovery Testing
- Extensive Security Training and Awareness for All Stifel Associates
- Governance and Board of Directors Oversight
- Multiple Regulatory Exams Focused on Cybersecurity
- Physical Security Controls
- Nightly Data Backup and Replication
- Continual Monitoring and Evaluation of Data Breaches at Other Companies
This extensive set of controls and monitoring is intended to protect your data as well as the firm’s network from cyberattacks. However, many cybercriminals will target the client, not the organization, in order to steal sensitive information that could be used for fraud, including identity theft and account takeover.
Stifel also has controls in place to prevent criminal attempts to access data or client accounts. These include robust client verification procedures, signature matching, call-back procedures, and a central supervision function for financial transactions.
What Can You Do to Protect Yourself From Cybercrime and Fraud?
||Don’t get hooked by phishing.
Don’t carelessly open attachments or click on hyperlinks in e-mails. Viruses, ransomware, and password theft could be one wrong click away. Many phishing e-mails will create a false sense of urgency appealing to your sense of hope or fear. Be leery of e-mails you weren’t expecting, even if they appear to come from someone you know.
||Make your password strong.
Make your password easy to remember, but hard to guess. Don’t use obvious words (names) or number combinations that are easy to guess (birthdate, year, etc.).
||Passwords are the key to your information and assets.
Bank accounts, e-mail, computer, and social media account passwords should always be protected. Don’t share or provide a password over the phone or through a link you receive in an e-mail. No financial services or IT professional will ever have a legitimate reason to ask for your password.
Cybercriminals rely on fear, hope, and trust. E-mails and phone calls with a sense of urgency, legal threats, or an incredible offer are a few tactics used to get your personal information or money. Don’t trust unsolicited phone calls or e-mails asking for payment or personal information.
||Don’t re-use passwords for multiple accounts.
Is your e-mail password similar or the same as your bank password? Change them as soon as possible.
For more tips on how to secure your digital life, or what to do if you fall victim to identity theft or cybercrime, visit stifel.com/cybersecurity. Are you a victim of Identity Theft? Visit IdentityTheft.gov to start your recovery plan.