Cybersecurity in Light of Recent News
News surrounding Elon Musk’s Department of Government Efficiency (DOGE) and potential violations of cybersecurity laws have raised concerns in the media and among several of my clients. Clients have been particularly concerned about the security of their accounts at Charles Schwab, which is the custodian I use for client assets. I want to address those concerns here.
Although there is extensive reporting on various actions by Musk, DOGE, and the broader Trump administration that some may find concerning, most of that reporting is beyond the scope of this financial commentary. My focus here is on the potential data breaches, the security of assets under my management at Charles Schwab, and steps you may take for further security and peace of mind.
Also, I want to state that the full scope of DOGE’s activities is unknown. However, the following information is based on credible media reports.
One of the most concerning reports is that DOGE representatives accessed the Treasury Department’s federal payment system, which is the backbone for processing trillions of dollars of federal payments annually, including Social Security payments. While the Trump administration has stated that this access is “read-only,” reports suggest that DOGE personnel may have “admin rights” or be changing the highly sensitive system’s code base. Elsewhere, federal whistleblowers have accused DOGE of using unvetted and unsecured IT equipment and transmitting sensitive information via unsecured channels, indicating that the group may not be complying with the many privacy and security controls applicable to federal systems.
Ultimately, the privacy and security controls related to sensitive federal systems are in place because they are under constant attack by malicious actors. Even a momentary lapse in protocol can compromise the entire system and its data. Unfortunately, this may mean sensitive data on U.S. citizens has been compromised, which, if true, would be very alarming. Indeed, some media reports are describing what is happening as a significant data “breach.” While I cannot vouch for the validity of these reports, this is what is scaring some of my clients right now.
In response, I’d first like to address an unwarranted concern I’ve heard from a couple of people: the idea that access to the federal payments system might allow malicious actors to stop or redirect money transfers between private parties. In reality, the systems that handle private money transfers, including things like the ACH network, the ACATS system, various credit card and interbank networks, and bank-to-bank wire transfers, are all operated by private financial institutions. No governmental system or agency has control over or access to these private banking systems. This means you can continue moving money in and out of your Schwab accounts (or any other financial institution) securely and without interruption.
The only potential disruption that could hypothetically result from the ongoing situation with the federal payment system would be with payments issued by the federal government. Although such disruption seems unlikely right now, if you depend on federal payments such as Social Security, it may be prudent to hold at least a few months of living expenses in cash as an emergency fund. The DOGE representatives appear to operate with the Silicon Valley ethos of “move fast and break things.” Hopefully, nothing breaks here.
A more pressing concern is whether any data was compromised. There appears to be at least some risk that malicious actors may have gained access to highly sensitive personally identifying information. In light of even a remote risk, I believe it is important for people to take proactive steps to safeguard their information and to increase their personal data security.
Before outlining my recommendations for additional security measures, I also want to highlight the robust safeguards already in place for client assets under my management at Charles Schwab.
Schwab accounts are protected by two-factor authentication.
I have always minimized the amount of transferable cash in client accounts to reduce potential losses from unauthorized access. Even if an intruder were to gain access, selling securities for cash takes a business day to settle, adding an extra layer of protection.
I receive transaction alerts from Schwab and contact clients immediately for verbal confirmation when I notice any transactions I did not initiate. Since trades take 24 hours to settle before cash becomes transferable, this process gives us time to intervene in case of unauthorized transactions.
Finally, should any of these safeguards fail, your assets are also protected by the Schwab Guarantee, which covers losses resulting from unauthorized transactions.
Now, in light of a potential data breach, please consider taking the following steps to further secure your accounts and financial information:
Change your passwords to new, unique, secure passwords, especially for your financial accounts. Consider using a reputable and secure password manager (such as from Apple or Google) to generate and store strong, randomly generated passwords. It’s also a good practice to update your passwords regularly and avoid reusing them across different websites and applications.
Ensure that two-factor authentication is enabled on your accounts. Importantly, when using two-factor authentication, use a security token or authentication app instead of SMS texts to your phone, which are far less secure. For example, Schwab supports the Symantec VIP app for enhanced security. Using a token-based method helps protect against having codes sent by SMS, which are surprisingly easy for cybercriminals to intercept.
If you suspect cybercriminals are targeting you, contact your financial institutions to restrict your online access and ensure that your login cannot initiate transfers. Please let me know if you would like me to apply additional restrictions to your Schwab account as a precaution.
In conclusion, while the recent reports regarding DOGE and potential breaches of various federal systems may concern you, I want to reassure you that your assets with Charles Schwab remain protected from potential malicious actors. The safeguards, including two-factor authentication, minimal transferable cash, vigilant monitoring of account activity, and the Schwab Guarantee—offer robust protection against unauthorized transactions.
That said, given the possibility of a data breach affecting your personal information, I encourage you to implement the additional security measures outlined above. These steps can further protect your accounts and provide you with added peace of mind during this time of fast-moving change. If you have any questions or need assistance with any of these recommendations, please don’t hesitate to reach out. Your security remains a top priority.
Cheers,
Thomas