Back to News
Michael F. Odar, CFA® President and Chief Executive Officer

November 8, 2021

Scary Times

Halloween is just behind us and it’s scarier than ever out there. Consider these fear factors:

  • The damage caused by cybercrime reached $4.2 billion in 2020. (IC3,2020)
  • The average cost of a data breach on remote work is about $137,000 per attack. (IBM,2020)
  • In 2020, malware increased by 358% overall and ransomware increased by 435% as compared to 2019. (Forbes, 2021)
  • 96% of cyber-attacks through social actions use emails as their mode of delivery. (Verizon, 2020)
  • If you are not scared, you should be. It’s not a question of if you will be the victim of a cyber-attack, it’s a question of when.

We take our responsibility to protect our clients’ data very seriously. We receive billions of “knocks on the door” to get to our entrusted data each month, and hundreds of phishing emails every day. Phishing emails are those that fraudulently purport to be from a trusted source to induce individuals to reveal personal information or click on a link that then provides a hacker access to their system. Our initial budget in 1999 didn’t even have a line item for information security. Today, we invest hundreds of thousands of dollars on information security and countless hours of security awareness training.

We put in place state-of-the-art firewall protection technology with intrusion prevention tools that are monitored 24/7 by trusted security vendors. In addition, we vet the security posture of every vendor that we do business with through our vendor management program. We also partner with our state of Michigan examiners and outside auditors to not only review our capabilities but also stress test them. Our Business Information Services (BIS) team helps to hold all of us accountable as well. Adaptive security awareness training requires that everyone participates and they are held accountable. Internal and external phishing tests help to make sure the training becomes a learned behavior.

Information security is a journey, not a checked box. The work is never done, and it’s important to realize that it is all of our responsibility. So, if we are in this together, we want our clients to know that we are always here to help them increase their security posture. We consider it part of our holistic continuum of care for our clients. We stand ready to assist. In that spirit, below are a couple of simple tips that can keep your information a little safer:

  • Embrace multifactor authentication
  • Avoid autofill in browsers
  • Use a password management tool

There is a saying at Greenleaf Trust: “If you see a link, stop and think.” By not simply clicking on links in emails, you can save yourself from the very unpleasant consequences of phishing attempts.