Naughty List

SmartVault Naughty List

Stay on the Nice List By Avoiding these Security Risks

Practicing good security hygiene is important for protecting your firm and your clients, for staying in compliance, and for staying on Santa’s Nice List. Below is a list of boys and girls who didn’t make the nice list this year, because they put their clients and their firm at risk. Read on to see what not to do if you want to make the nice list next year, and get tips for mitigating your security risk.

TM Isaac, SmartVault Naughty List

T.M. Isaac

Shares Account Logins

Sharing is not always caring! Isaac shared bank account passwords with all of his clients for many years. It was the fastest way for him to get access to the information he needed. One day, Natalie, a small business owner and one of Isaac’s clients, noticed some irregular activity in her bank account. Besides herself, Isaac was the only other person with access – or so she thought. The truth is, the more people who share a single username and password, the more opportunities hackers have to access the account.

Stay off the Naughty List – Don’t share logins!

Protect yourself and your clients! Sharing passwords to any account that contains sensitive information (including your SmartVault account!) is dangerous and can be costly, not to mention that doing so is usually a violation of the terms of service from the bank or technology vendor. Each person who needs access to one of these accounts needs their own, unique, username and password. You can easily setup bookkeeping logins for online banking access and SmartVault let’s you set unique security controls for each employee login so everyone has access to the specific information they need.

Phoebe Phisher, SmartVault Naughty List

Phoebe Phisher

Fell Prey to a Phishing Scam

Phoebe received an e-mail from her bank asking her to verify her identity by clicking on a link. Phoebe clicked the link and thought nothing of it, until her clients starting asking why she was sending them urgent requests for wire transfers. Phoebe had fallen prey to a phishing scam and hackers now had access to send e-mails from her e-mail account. Oh no!

Stay off the Naughty List – Learn to spot a phishing scam!

  • Learn to recognize fake emails. Be on the lookout for fake purchase invoices and fake shipping receipts coming from brands you know like Walmart or Amazon. Clicking a link in these fake emails could potentially install malware on your computer, or land you on a phishing page where your credentials could be compromised.
    • PRO TIP: How can you tell if an email from SmartVault is authentic? Check out our Knowledge-Base article to learn more and keep yourself safe from a phishing attempt. If you suspect suspicious activity, send an email to
  • Be wary of ‘urgent’ requests. Understand that the bad guys will be targeting you. Carefully review any emails containing links that urgently request you to change a password, state that your account has been compromised, etc.
    • PRO TIP: Hover over the links in emails to display the true link destination. If the link does not match the destination, this could be a phishing attempt. You can also physically type in the address of a web site if you have any question about the validity of a web hyperlink in an email.
  • Take an active role in security. The best defense we have against malicious scammers is to take active steps to reduce the risk of an attack:
Lazy Susan, SmartVault Naughty List

Lazy Susan

Recycles passwords

Susan has a difficult time remembering passwords for all of the different accounts she needs to run her business. She’s heard you shouldn’t write them down and leave them on a piece of paper for anyone to find, so she decided she’d just use one, easy to remember password for every account (Password123). Unfortunately for Susan, one of her accounts was breached in a mass hacking attack on her bank. Once the hackers had her password, they were able to access all of her other accounts, including ones that had her clients’ sensitive financial information. Yikes!

Stay off the Naughty List – Learn to spot a phishing scam!

Using a password manager like LastPass or Keychain keeps your accounts secure. You can set up unique, secure passwords for all of your accounts, and let the password manager remember them! That sounds like something Lazy Susan can get behind.

Harold School, SmartVault Naughty List

Harold School

Emails sensitive documents

Harold uses e-mail to share sensitive documents like tax returns with his clients. He always password protects the documents and sends the password in a separate e-mail. This is enough right? Any hacker who gets into your e-mail can easily see that separate email with the password!

Stay off the naughty list! Use a secure client portal.

Exclusively share documents through a secure document management portal like SmartVault that ensures documents are encrypted both in transit and at rest.

Learn more about how to protect your firm and client documents

Check out our free security ebook for more security do's and don'ts. Download Now >>


Quiz: Which Holiday Character Are You?

Take the Quiz

Which Holiday Character Are You?