Quarterly commentary: October 2017

In the third quarter, continuing positive outlook for the global economy and better-than-expected corporate earnings were the catalysts that kept markets moving forward.  Several key market indexes reached record highs during the quarter, despite increasing tensions with North Korea and the continuing political uncertainty.

For the quarter, international markets outpaced domestic equities, with the MSCI EAFE index up 5.4% and Emerging Markets up 7.9%. Domestically, the S&P 500 rose 4.5% while small caps rose 5.7 %. Real estate lagged the other major indices rising a scant 0.4%. Fixed income managed yet another positive quarter, with the Bloomberg Barclay’s US aggregate bond Index up 0.9%.

As we approach year end, we remain cautiously optimistic about the economy and the markets, but we are also mindful of the ever-present headwinds. The Federal Reserve, while still accommodative, has been gently reversing its policy stance by raising rates and beginning to work off the unprecedented debt on its balance sheet. The US consumer, the main force behind our economic recovery, has continued to keep spending in spite of the fact that average real wages have not increased for over 20 years. In the absence of real wage growth, consumers are choosing to go into debt and/or reduce savings to keep the economic momentum going, which is not good for the long-term health of the consumer or the economy. All this is in the presence of record government debt and rising budget deficits.  That said, we have weathered what have historically been the two most volatile months of the year, September and October, and hopefully we can witness another “Santa Claus” rally this year.  Perhaps we will also see some movement in both healthcare and tax reform, which could remove some additional economic uncertainty in 2018 and beyond.

As the cyber economy continues to develop, data breaches are becoming almost commonplace and progressively more impactful to consumers.  The recently announced cyber security breach that hit credit reporting agency, Equifax, has been appropriately classified as the worst data breach of all time. It seems that this incident has been a tipping point of sorts for many of our clients, as we heard from far more of you than in any prior breach. As such, we will focus this commentary on providing information and insight on how and why these breaches occur, what we do to protect you, and what you can do to help you protect yourself.

EQUIFAX: The mother of all breaches

Equifax, along with Experian and TransUnion, are the nation’s three main credit reporting agencies. There are two others, Innovis and PRBC, but neither are major providers in this space. These agencies serve as guardians of detailed personal data that could easily be used for identity theft. As most of you know, Equifax announced on September 17th that they were the victim of a major cyber attack that exposed the personal information of 145.5 million U.S. consumers, almost two-thirds of all Americans with credit reports! This data breach was especially egregious because the company reportedly first learned of the breach on July 29th and waited roughly six weeks before making it public (hackers first gained access between mid-May and July).  Moreover, consumers do not choose to do business or share their data with these companies, yet they unilaterally monitor the financial health of consumers and supply that data to potential lenders without a consumer’s approval or consent.

Equifax has faced widespread criticism following its disclosure of the breach, both for the breach itself and or its response. The FBI and Congress are investigating all aspects of this breach in an effort to hold those responsible accountable, and to put better controls in place to minimize these events in the future.

Specifically, according to Equifax releases, hackers exploited a weakness in a software application, Apache Struts, to gain access to consumers’ personal files.  The breach allowed hackers to capture Social Security numbers, birthdates, addresses, full legal names, and some driver’s licenses from this massive consumer database. With a breach of this nature, it is impossible to know the true magnitude of the information that has been compromised.  So, whether you believe your information was exposed or not, it is prudent to become more educated about this matter and to take appropriate actions.

Breaches such as these are bothersome intrusions on our privacy, which usually cause us to keep our guard up in the short run, only to become less vigilant over time. This is the real challenge because the threat posed by breaches is not typically immediate. Hackers gain access to this information, and then decide to act on it, hold it, or sell it to other criminals.  It is not unusual for hackers to sit on the information for months or even years before acting, making it critical to have a long-term plan in place to protect yourself.

What should you do?

In our opinion, the first step in dealing with this issue is to access www.equifaxsecurity2017.com, a site Equifax established for consumers to check if they have been affected by the breach, and to enroll in TrustedID, their monitoring service. Once on the site, click on the button “Enroll to Protect & Monitor Credit-Free” an orange tab at the top right of the main page. You will then be asked to provide your last name and the last six digits of your Social Security number — a request that was widely mocked on social media as being too intrusive when the standard request is for only the last four digits. Equifax has stated that regardless of whether your information may have been affected, everyone has the option to sign up on the website for one free year of credit monitoring and identity theft protection. You can do so by clicking the “Enroll” button following the notification of breach. As an FYI, just clicking this button does not mean you are actually enrolled. You must follow the instructions to go through an actual enrollment process with TrustedID Premier to officially enroll.

The next thing to do is to check your credit by requesting a free copy of your current credit report, which each of the credit reporting companies are required to provide for free every 12 months. We suggest you start with Equifax, and then mark on your calendar to rotate your request to each of the three on a rolling four- month time frame.  This will allow you to get a broad view of your credit information from each provider for free.  To access the site, go to https://annualcreditreport.com.  Once on the site, you will fill out personal information, and then choose the company from whom you would like the report. After answering a few more questions, your request will be processed and you can download your report.


Step 1 : Go to www.equifaxsecurity2017.com

Equifax 888-766-0008 800-349-9960 www.equifax.com
Experian 888-397-3742, opt 2 888-397-3742, opt 2 www.experian.com
TransUnion 800-680-7289 888-909-8872 www.transunion.com

If you want to take additional measures, the next thing you can consider is activating a Fraud Alert, which can make it harder for an identity thief to open new accounts in your name. When you have an alert on your report, a business must verify your identity before it issues credit, so it may try to contact you.  Fraud alerts must be renewed every 90 days, so if you choose to pursue this protection, each time you renew, you will get the opportunity to order  one free copy of your credit report from each of the three credit reporting companies in lieu of the 4 month cycle mentioned above. To initiate, you can contact any of the three providers. Typically, by calling one, they will automatically initiate alerts with the other two credit agencies.  Be sure they have your current contact information so they can get in touch with you.

The final and most comprehensive step you could take with the credit agencies to protect you from a breach would be to initiate a Credit Freeze.  According to Matt Schulz, a senior security analyst at CreditCards.com, “A security freeze is the nuclear option of credit protection. It gives maximum protection.” A credit freeze will lock your credit files so that only companies with whom you already do business will have access to them. This means that if anyone tries to open an account using your information, the potential credit lender will not be able to access your credit report to enable them to proceed.  Only you can request a security freeze be placed on your credit file and only you can request the security freeze be removed or temporarily lifted. A security freeze will remain on your credit file until you request the security freeze be permanently removed or you request a temporary lift of the security freeze for a specific credit grantor/credit file user or date range. When you apply for a freeze, the credit agency will provide a PIN number that will be necessary to unfreeze your account, so it is important that you keep your PIN in a safe place. To initiate a freeze, you need to contact each one of the credit agencies. Typically, they will charge $5 for processing, but Equifax agreed to waive this charge for those affected by the breach.


What do your planning partners do to protect you?

At Wealth Dimensions, the protection of your data, both on site and in cyberspace has always been of the utmost importance to us. As cyber crime has evolved, we have continued to seek out and employ the most up to date and best practice security protocol in our comprehensive Cyber security plan.  This currently includes, but is not limited to secure cloud based redundant servers, two-factor authentication, password vaults, and high level 256-bit encryption.  All these efforts are designed to address the security and protection of all client information.  We will continue to monitor and stay on the cutting edge of Cyber security technology to ensure we are doing everything we can to ensure your data remains safe.

As your custodian, Fidelity employs the most sophisticated technologies and best practices available to make certain that your sensitive information and accounts are well protected- online, over the phone, and in person.  Security question and answers, user name and password requirements, extra login security, timed logoff, strong encryption, secure email and two-factor authentication are but a few of the tools Fidelity uses to keep your data safe.

In addition, Fidelity is one of the few custodial partners who offer a Customer Protection Guarantee where they will reimburse you for losses from unauthorized activity in covered accounts occurring through no fault of your own. Fidelity automatically covers all cash and securities held in your covered Fidelity accounts.

Account holders do have some responsibilities in order for this guarantee to be valid. You must frequently check your account information and promptly review correspondence, account statements, and confirmations as they are made available to you, but no later than 30 days after that information is posted to your account or delivered to you. We also monitor your accounts for unusual activity, but there is no substitute for periodic personal review. Contact our office at (513) 554-6000 if you suspect any unauthorized account activity, errors, discrepancies, lose your device, or if you have not received your account statements. After office hours, contact Fidelity immediately at 800-544-6666. And please make sure to maintain up-to-date contact information with us so that you may continue to receive important communications and to ensure that you will be contacted in case of suspected unauthorized activity.  We will update our records as well as inform Fidelity on your behalf.

In summary

Unfortunately, cybercrime is here to stay, and those perpetrating these crimes will continue to adapt and strike again. We intend to do our part in remaining vigilant on your behalf to minimize your exposure and we encourage you to do the same.  Cybercrime and cyber security are enormously broad topics, and there are many aspects of them that were simply beyond the scope of this letter. We intend to update you regularly through our website and various other communications to keep you current, so that you have a better chance of protecting yourself from a future breach.

Information provided has been prepared from sources and data we believe to be accurate, but we make no representation as to its accuracy or completeness. Data and information is general in nature and not meant as specific to any particular situation. As such, you should not act on this information and should seek advice based on your particular circumstances. Wealth Dimensions Group, Ltd, shall not be liable for any errors or delays in the content or for the actions taken in reliance therein.
Please be advised that this material is not intended as legal or tax advice. Accordingly, any tax information provided in this material is not intended and cannot be used by any taxpayer for the purpose of avoiding penalties that may be imposed on the taxpayer.