Cyber security is a relatively new term. In fact, Merriam-Webster lists its first-known use as 1992. When the internet became publicly available in 1991, a new crop of criminals was born—and with it, the term “cyber security” was coined. Now, cyber incidents like the Equifax breach, state-sponsored ransomware and campaign hacking seem to make headlines regularly.
Knowing that the financial industry is so often the target of cyber criminals, we take the necessary precautions to protect clients’ hard-earned assets. That’s the collective goal of our team: to retain your trust.
In honor of October’s designation as National Security Awareness Month, we want to highlight ways to proactively guard against the threat of cyber criminals. Some of those, like the ones we touched upon in part one, start with you. Others are shouldered internally at American Century. Today we’ll shed light on some of the controls we have in place to safeguard your personal information and your investments.
An Eye on Physical Security
Protecting information is a multi-layer process and starts with physical security: American Century has a professional security staff that oversees our facilities 24/7. Other physical security components include cameras, monitored alarms and access control systems.
Using Technology to Fight Back
Strong, multifactor authentication is one of the most important steps we can take to protect you and your account. With that in mind, we’ve implemented a login process that’s both simple and secure.
When clients first access our site, they have the opportunity to register their computers. Behind the scenes, we create a special security key that is unique to a specific computer and only enabled with a matching password a client creates. Neither the password nor the key is stored in our systems. In subsequent logins, the password enables the use of the unique key. This combination of “something you have” (the security key on a computer) and “something you know” (a username and password) makes the process multi-factor.
A number of other technical controls are in place throughout our computing systems, including encryption, firewalls, intrusion detection, security event monitoring and anti-virus. Our information security specialists design and maintain technical security systems; in addition, we hire outside firms to augment the testing of our controls.
Common Sense Administration
One of the ways we can secure private information is to put in place internal controls, in terms of company policy. Here’s how we do that:
- Job duties are separated to avoid the possibility of an individual employee being able to transact without oversight.
- We restrict access to client records to those whose job function requires it to perform their duties, and we review those permissions regularly.
- We have implemented a multi-step approval process for granting an associate access to sensitive data.
Doing business in the cyber age means doing business online, and we want clients to be confident that we are focused on keeping private information secure. That’s the idea behind our Security Guarantee. It’s our promise to reimburse any individual investor American Century account if we conclude there was unauthorized activity resulting in a loss, and that the it was not the client’s fault.
But this does require some common sense best practices on clients’ part—not sharing login information with anyone, installing and maintaining recommended software updates on their computers, and frequently checking account communications and transaction history are among them. Visit the Security Center for all the details, and to get more tips on how to safeguard your account and identity.
The opinions expressed are those of Rick Boeth and are no guarantee of the future performance of any American Century Investments portfolio.
This material has been prepared for educational purposes only. It is not intended to provide, and should not be relied upon for, investment, accounting, legal or tax advice.