Technology has made life a lot easier for many of us. Ellevest is only here today because of the strides we’ve collectively made across the board with tech. But, regrettably, these advances have also made life a lot easier for hackers too. (If you’ve felt like cyberattacks have become more common, it turns out you’re right.)
Case in point: the Equifax breach revealed earlier this month, which is one of the largest data breaches in recent history. Considering how much personal information Equifax has on file for millions of Americans, this is seriously scary stuff.
So now we have to play defense. If you haven’t already taken action after the Equifax breach, here’s what we recommend you do.
Review your bank, credit card statements, and credit report (the three credit bureaus are each required to provide you with one free report annually) for unusual activity. Set up a fraud alert at Equifax, Experian, or TransUnion (once an alert is placed with one bureau, it has to inform the other two). If someone has tried to use your information and/or you don’t plan on applying for a credit card or loan for about a year or so, freeze your credit files at Equifax as well as Experian, TransUnion, and Innovis. By the way, there are typically fees involved with freezing your credit files, but Equifax is waiving them so long as you freeze your files by November 21.
Unfortunately, as the Equifax breach shows, financial institutions — by nature of the personal information we have access to — can be attractive targets for cyber attacks. And there’s also no way for any, I repeat any, institution to guarantee 100% immunity to security breaches.
But there are measures that can be taken to develop and maintain a cybersecurity program that uses high standards to safeguard your personal information as best as possible.
As a fiduciary, Ellevest is obligated by the Securities and Exchange Commission (SEC) to put such policies and procedures in place. (The SEC also has a list of recommended precautions investors can take to keep their accounts secure.)
We’ve taken several steps to protect your information, and here’s an overview of how we’re doing it:
We Make Sure You’re You
When you open an account at Ellevest, you have to provide details about yourself, such as your date of birth, address, and social security number. We share this information with Folio Investments, Inc., who serves as the broker and custodian for your account. Folio works to safeguard your account's cash and investments. If any of the details provided look out of the ordinary or don’t match existing records, Folio will let us know. We’ll then reach out to you and ask for additional documentation — such as a passport or driver’s license — to confirm your identity.
We take additional precautions to make sure that you’re the only one gaining access to your account. When logging in to the Ellevest site, you only get three failed login attempts before you’re locked out. This may seem annoying, but it’s an important security measure because we don’t want hackers to have unlimited chances to guess your password. Once you’re locked out, you’ll need to reset your password — and you’ll need to have access to the email address that we have on file to do this.
Finally, even though we’re a digital investment advisor, we have a dedicated Client Experience team on hand that’s ready to hop on the phone with you and help you however possible. That’s why we’ve also developed security measures for discussing personal information on the phone. So whenever you call Client Experience to talk about your account, we use two-factor authentication to confirm that it’s actually you on the line before we get into anything specific to your account.
We Lock Up Your Info
We only share your personal information as necessary to carry out day-to-day business activities. For example, since Folio is our broker and custodian, we need to share your personally identifiable information with them to open your account and carry out transactions. But we do not share your personally identifiable information for any other reason. Not for marketing our services to you, not to help other financial companies market to you, not to help other businesses market to you. No third parties, no way (that includes Mom).
Your information is also protected with the help of industry standard data encryption. These standards ensure that all data is encrypted as necessary, meaning whenever data is exchanged between your browser and our servers as well as whenever we retain any sensitive personal information on our servers.
We Keep Tabs 24/7
A cybersecurity program shouldn’t be a one-off endeavor. And it isn’t at Ellevest. Monitoring is an integral part of our program, so we’re constantly on the lookout for anything that seems out of the ordinary. (The best defense is a good offense and all that.)
For your account, that means we set up alerts any time an atypical transaction — like a really large withdrawal — is initiated. Once the alert goes off and before we do anything to your account, we’ll reach out to you to confirm whether or not you really do want to carry out that transaction.
We also follow the industry standard when it comes to information security. This includes watching out for and investigating any attacks against the Ellevest site, along with regular scanning (also industry standard) to identify any possible vulnerabilities that need to be fixed to strengthen our cybersecurity.
Keeping your personal information safe is very important to us. That’s a big part of acting in your best interests, which is what a fiduciary is supposed to do. And as your investment advisor, we know that you’re trusting us with matters that are really personal to you: your money, your goals, and your information. Believe me — we do not take that lightly.
The information provided should not be relied upon as investment advice or recommendations, does not constitute a solicitation to buy or sell securities and should not be considered specific legal, investment or tax advice.
The information provided does not take into account the specific objectives, financial situation or particular needs of any specific person.
Diversification does not ensure a profit or protect against a loss in a declining market. There is no guarantee that any particular asset allocation or mix of funds will meet your investment objectives or provide you with a given level of income.
Investing entails risk including the possible loss of principal and there is no assurance that the investment will provide positive performance over any period of time.