Personal Financial Cyber Security: Paper Financial Statement Records Are Essential
Don't save a tree -- save your savings. Saving a tree by going paperless is nice, but protecting your financial future is more important.
Sony/North Korea adds another warning sign of your need to do something very simple to avoid a potential financial disaster. Keep paper statements.
Electronic statements from brokerages, banks and other financial firms are convenient, keep things tidy, and "save trees"; but they expose you to potentially devastating economic losses in extreme situations. Keeping PDF files of your monthly or quarterly statements on your hard drive (and backup) is a good idea; and also receiving statements by mail or keeping paper printouts is an even better idea.
Why? Because the growing frequency and severity of hacker attacks on US corporations (Sony - SNE) being the most recent example of completely erased databases), and attacks on major retailers and some banks (such as JP Morgan - JPM) foreshadows the possibility someday that who you are, what accounts you own, and what is in those accounts, could be erased, modified or scrambled beyond recognition or reconstruction in a cyber-attack.
Picture the pickle you would be in if you tried to withdraw money from your bank and they said they have no record of you. Or, what if your broker said their records show completely different securities or number of shares than you know you have? What if it would all be straightened out eventually, but you did not have enough cash to make it until "eventually" arrives?
Just imagine being on hold on the phone as 1 million clients of your brokerage are all calling trying to get their money or to straighten out the data errors in their records after the attack. Good luck with that.
You would have a much better chance of getting sorted out successfully, if you had a paper trail of historical statements. Yes, you could print the PDF files, but what if the nature of the attack wiped out your computer? Or what if you find when you need them, that somehow they were erased by you, or your computer died and the data could not be retrieved?
If a major foe were to attack in a way that simply deleted or scrambled account data throughout an institution (or many institutions simultaneously) you may spend months or years waiting (and hoping) for recreation of your account data and access to your money, particularly if they were able to attack backups somehow.
Data disaster used to sound like science fiction, but no more. Simply keeping paper statements could make all the difference in the event that such an attack takes place. Those with paper statements are likely to be resolved first (or at all).
A Personal Story About Not Having Paper Records
This is not a cyber-attack story, but it is a story about financial loss when records are compromised. It may help the records and cyber-attack issue seem less conceptual and more tangible
I was denied a pension due to lack of paper records of my employment. I was vested in a Travelers Insurance Company pension after 8 years as a low level officer by 1979, when I left that company. When I turned 62, I contacted them to collect my pension, but they said they had no record of me, and that I had to provide copies of my W-2 statements. Who in the world keeps W-2 statement for 30+ years?
In the 1990's Primerica bought The Travelers, and subsequently split the P&C and Life businesses (selling Life to Metropolitan; and eventually Travelers P&C became an independent company). Somewhere in that sequence management did not preserve employment records from the original Travelers. So for me that was like a cyber-attack where my records were erased.
I called Social Security to get my employment records. They had my earnings all the way back to my childhood, but only had the name of my employer from 1979, the last year of my Travelers employment (and that was labeled Metropolitan, because I was apparently recorded as a former Life employee when Travelers was split up). Social Security had no record of employer names prior to 1979.
I thought I would get the IRS to help since they had received all my W-2 statements, but it turns out they don't keep records that long.
The bottom line was I had no paper record, and nobody had any electronic records -- so I have no pension from that period of my life.
The same could be true for you someday for your bank, or brokerage or mutual fund assets after a cyber-attack.
I was one of a presumably rather finite number of people with no pension due to mismanagement of legally mandated employment records. Imagine if due to cyber-attack, it involved millions of people and many institutions. You could go from somebody to nobody instantaneously, with an uncertain ability to ever get things straight again.
Civil defense folks tell you and your family to have a disaster plan for things like hurricanes and tornadoes, and to have a "go bag" ready. Well, you need a cyber-attack disaster plan too, and your "go bag" is a complete set of paper statements from your bank, your broker, your mutual fund company, your financial advisor (if they have custody), and for any other financial asset where you currently rely on electronic data access.
It also would not be a bad idea (although potentially inconvenient) to have your financial assets held by more than one institution on the bet that they won't all be attacked and compromised at the same time.
You don't need to convert all your assets into gold and bury it in the back yard. Just print out or take mail delivery of paper statements, and retain recent copies just in case.
Disclosure: None.
"QVM Invest”, “QVM Research” are service marks of QVM Group LLC. QVM Group LLC is a registered investment advisor.
IMPORTANT NOTE: This report ...
more
There are so many cloud back up options, many of them free - Dropbox, Box, Microsoft's SkyDrive, Amazon, etc. Aren't those secure enough? At least if those get hacked they are backed up. But if someone breaks into my office and steals a document, its gone for good.
I agree, there is something safe and secure about keeping a physical copy. But best to keep it in a safety deposit box or fire safe.
It does not really solve the problem. You also have to backup your accounts and a lot of other originally paper information (important business letters, contracts etc.). The solution is to back up in more than one location. On your network (use mirroring to have an extra copy on another server or powerful and secure desktop), then in the Sky. Use at least two different service providers, if you have a lot of sensitive data. The cost is much lower than paper and less risky. We know a lot of companies that lost everyting, because they lost their data. Keeping the data on paper, is not really going to solve that problem. Fire, water leaking, natural disasters... Only the Sky can save you. Some Sky service providers, will allow you to store your data in 2 different places for you. In different countries or at least in different locations in one country.
I believe losing a paper copy is much easier than having your relevant backup in three or four different electronic storage locations. Also, how much and for how long should one store the data? My electronic backup goes 20 years back. Imagine how much paper that would be. I back my dat into Dropbox which is backed up onto Skydrive by Microsoft and the combined data is then backed up into ICloud and Google Drive. I also back this up on my personal encrypted hard drives. This gives a level of redundancy to the data if one or two sites were hacked. Additionally, I password protect relevant off files.
You could avoid paper by saving the "pdf" copies on cloud drives. Many free ones available including onedrive (hotmail/live), Goggle drive, Drop box and many more.
Using multiple cloud storage services you could mitigate against risk of cyberattack as it is unlikely that all of the cloud drives will be successfully hacked at once. Save the forests.