How to be more secure and help your favorite charity

We want to donate to your favorite charity.

We want you to be more secure, financially.

And, we want you to be more secure on the Internet and how you use your passwords.

So just as the beginning and end of daylight savings time has become known as the time to change the batteries in your smoke alarms, we want you to start a new tradition. Daylight savings time ends this weekend, so set your clocks back an hour before you go to bed Saturday night. And change your smoke alarm batteries!

We strongly recommend that you use a password manager program, which should work in a coordinated manner on all of your devices, such as your cell phone, iPad or other computers.

I have used 1Password for many years and I highly recommend it. My son encouraged to begin using 1Password years ago and I cannot imagine living without it. It saves me time. I don’t have to re-type my passwords when I log into various websites. The program auto fills them for me. I have lots of very different, complex passwords and I don’t have to remember any of them. I don’t have my passwords written on a piece of paper in my desk or “hidden” in a notebook.

You should use 1Password or another program, such as LastPass and Dashlane. While the best programs are not free, the cost is relatively nominal (most are between $20-40). We think it makes sense for these applications to charge a fee, and even to have an annual charge, as they are keeping your data secure and they should be constantly improving their services, as well as keeping up with technology changes. For further information on various password manager programs, please see this article:  The best password managers of 2018. 

You should know that everyone in our firm now uses 1Password within our business, to store various passwords we need to maintain. That’s how important computer and password security is to us.

If you are not yet regularly using such a password manager program, we want you to start. If you are a client of WWM, and start using a password manager program by November 15th, we will donate $25 to your favorite charity.

That’s all you need to do is start using a password program and email Michelle Graham of our firm, Let Michelle know that you have started to use a password management program and tell us the name and address of your charity. We will then make a $25 donation in your honor.

We will all benefit. You will be more secure, you will make your life easier and we will be helping a number of charities, we hope!

And if you are already using such a password program, we want to encourage you to start a new tradition. Twice a year, when daylight savings time begins and ends, we encourage you to change 10-15 of the passwords you use the most or are financially important. And if you have any frequently repeating passwords, those should be changed. You should not repeat passwords.

If you are a client of WWM, and you change 10-15 of your passwords by November 15th, we will donate $25 to your favorite charity (if you already are using a password manager program).

After you make your 10-15 password changes, email Michelle Graham, Let Michelle know that you have done this, and the name and address of your selected charity. We will then make a $25 donation in your honor.

We care about you.

We care about the charities that are important to you.

And we care about your security on the Internet.

The next step is up to you.

We hope to hear from many of you in the next few weeks.

Will you act?

Beware of Fake IRS Tax Scams and Bill Notices

There have been increased reports of IRS tax scams.

We want to remind you of some IRS basics, to help prevent you from being affected by these scams.

The IRS will never initiate a first contact for a real IRS matter by phone, text or email. The IRS will only begin a real matter with a taxpayer by sending you a letter, which almost always includes many pages.

If you get an email, phone call or robo-call (automated) which seems like it is from the IRS, you should ignore it. Just hang up the phone.

Do not click on anything in one of these emails. Do not open any attachment to these emails. Never click on a hotlink. Do not reply to them. Just delete the email or ignore it.

The most recent “hot” IRS scam regards phony IRS CP 2000 forms. Real IRS CP 2000 forms are issued when the IRS feels there is matching issue, such as a discrepancy on your return, versus what an employer or investment firm has reported to the IRS. Unlike the fake, real IRS CP 2000 notices provide extensive instructions to taxpayers about what to do if they agree or disagree that additional tax is owed. A real notice requests that checks be made out to “United States Treasury.” To add confusion, the fake IRS notices frequently says the matter involves the Affordable Care Act.

If you are contacted by the IRS by mail, you should always forward that notice to your CPA or tax preparer immediately, to determine if it is authentic and to respond promptly, if necessary. If the notice has your social security number on it, you should mail or fax it; do not ever email any kind of document to anyone with your full social security number on it.

These same general concepts apply to emails, calls or texts you may receive from a bank or financial institution. If you are at all concerned that one of these is not authentic, do not click on any part of the email or reply to it. Call the institution using a phone number that is on one of your regular statements, to determine its validity.

For example, if you get an email from your credit card company requesting your social security number for their “verification records,” you should call the company. Do not provide this information if requested by an email.

Computers, cell phones and the internet have provided many benefits, but they are expanding as a source of scams and vulnerabilities. You should always be alert and careful. If you are ever unsure about some form of contact you receive, you should call the governmental agency or real company yourself, or our firm.

If you ever get a notice from Fidelity, which is our primary custodian, and you are unsure about the notice or if you have questions, please contact our office and we would be pleased to assist you.

We hope this information is helpful to you.




Emergency Planning

Are you prepared for an emergency?

We don’t want to think about these things, but we have a responsibility to plan. As financial advisors, as well as family members, our firm has planned and prepared for events which we hope don’t occur anytime soon.emergency prepardness

By sharing the planning that we have done, we want to re-assure you as our clients. We also think sharing this information with you may be helpful, in the hopes that you consider steps that you may want to take to be better prepared.

As a registered advisory firm, we have a fiduciary duty to always act in our clients’ best interest, as well as to meet various compliance rules. One of these requirements is that we have disaster recovery plans and have done contingency planning in the event of various emergencies. The following are some of the business and contingency steps that we have taken, which could be helpful in various situations.

A few years ago, we switched from having a server stored in a closet in our office to a “cloud” or “hosted” environment, with a Troy, Michigan based firm. By switching to this cloud environment, we can access all of our computer systems via the Internet from anywhere with an Internet connection. If our building was damaged or there was a power outage which affected the office location, we can work remotely and be functional. There are also significant security benefits by using this outside computer firm, which has full-time computer and security specialists. Additionally, they have multiple back-up plans and locations themselves.

For documents, notes and paperwork that are not already saved in our computer system, we are taking significant steps to scan in these items, as an additional backup measure. All client applications, forms and trade documents are stored redundantly on our system, by BAM, as well as by Fidelity, as the custodian (for applicable items). We have other detailed steps and plans, which are in our firm’s Disaster Recovery Plan document, which is reviewed and updated annually.

If something were to occur simultaneously to Keith and myself, we have entered into an agreement with the advisory firm related to our back-office firm, BAM Advisor Services. Buckingham Asset Management is one of the largest independent advisory firms in the country. If something was to occur to both of us, Buckingham would immediately run our firm, be in contact with our clients and be able to provide advice. There are legal steps involved in this potential transition, but the major point is that we have taken steps to handle this worst case scenario. We were the first firm to enter into such an agreement with BAM, which many others of their 150+ client firms have subsequently done.

In the event that either Keith or I was to die prior to retiring, we have a buy-sell agreement, which is funded with life insurance. This would provide funds both to the firm, to assist in handling a transition period, as well as provide funds to the respective family.

Let’s talk tech now. What if Brad suddenly went into the hospital or had an emergency? What if Brad could not access his phone or iPad, or lost all his technology devices? Keep in mind, all of my mobile devices and desktop computer have passwords to gain access to them, for security purposes. Other than the obvious health concerns, I want to have a way that others who needed to would be able to access business and personal information, as appropriate. Again, I have a responsibility to my family, my clients and Keith, my business partner.

This scenario could happen and is something that each of us should plan for. In this emergency scenario, I would not be able to provide the login information to access my phone, iPad or desktop computer, and potentially all of these devices may be gone or inaccessible to the people who need this critical data, due to my condition or other circumstances.

How would bank accounts be accessed? How would business records be accessed? I have stored all of my computer login and passwords in a password manager program called 1Password. By using this program, all this critical data is stored in one place, which is very secure and I have used different and complex passwords. Additionally, I have stored many important business documents (not client data) in a separate cloud-based program, as an additional backup measure. But how would someone else be able to get to all this information?

To access this important information in an emergency situation, 1Password has recently created an “Emergency Kit,” which is a one page form that has special data to enable someone else to access my 1Password account via the Internet from anywhere. I have provided this Emergency Kit page in a sealed envelope with specific instructions to close and trusted individuals, my wife, Keith, as well as two others with business relationships to our firm. In an emergency situation, one or more of these individuals would be able to remotely access 1Password. This would allow them to access other critical data, as needed.

By using 1Password, I have created very secure and different passwords for my many business and personal logins. By going the next step and1pw preparing this Emergency page, I am confident that others would be able to access my devices and login data, in the event that I was incapacitated.

I truly hope this 1Password Emergency Kit is not necessary. However, I feel much more confident and secure that if there was an emergency situation that my family, clients and firm will be able to effectively handle important matters.

I hope providing this information is helpful to you, to inform you of the planning that our firm and I have done and to assist you in thinking about how you can better prepare yourself and your family.

Just like in the financial markets, no one knows when an “unexpected” event will occur.

If you are a client of our firm, I hope you appreciate the planning we have done to keep your data secure, but accessible, in various situations.

If you are not a client of our firm, are you comfortable with the planning for these types of scenarios that your advisor has done? Is it adequate? Is this a discussion you should be having?

How to save time due to credit card fraud

Credit card fraud continues to be a huge problem, despite the introduction of chip enabled credit cards in the US.

Twice during the past year I have had to replace credit cards, as the accounts/cards were fraudulently used. One of my sisters had one of her credit cards fraudulently used in the red card 01-28-16past two weeks.

Until chip technology acceptance at retailers and stores becomes much more commonplace, credit card fraud will continue. There is not much we can do to prevent this type of fraud as we shop at stores and eat out at restaurants, especially ones that do not yet accept chip-card technology.

One of the major hassles of having your credit card hacked is dealing with recurring payments that you have set up with that credit card. After a credit card hack, you have to log into each of the company websites that you have established for recurring payments, to give them the new credit card number, as well as the new expiration date and sometimes the security code.

Our recommendation: You should have a separate credit card just for recurring charges, such as utilities, subscriptions, iTunes, internet, cable, cell phone providers and more.

The purpose of this strategy is that for the credit card that you use for recurring payments, you should NEVER take or use that card outside of your home. Do not use it at a gas station, a retail store or restaurant. To re-use an old advertisement….don’t leave home with it.

This will be your “recurring payment only” credit card.

Doing this is the best way that you can prevent this credit card from being hacked, as most credit card fraud happens from the retail use of credit cards, not from establishing recurring payments through the card from credible companies.

This may be a major change in how you use your credit cards, but it will save you lots of time if another of your credit cards is fraudulently used and you need to get a new card account established. Hopefully, by adopting this strategy, getting a new card will just affect you for a few days, until you get a replacement card. It should prevent you from having to change all your recurring payment information.

Other credit card related recommendations and thoughts:

  • Use chip-enabled credit cards wherever possible.  If your credit cards do not yet have chips, contact your card company and tell them you want one.
    • Thank smaller retailers and establishments that have obtained chip-enabled credit card readers, as they are expensive.
  • You should review your credit card activity online regularly.  I suggest at least weekly.
  • At a minimum, carefully review your credit card statements at the end of every billing period to make sure all the charges are legitimate.
  • You should consider setting credit card alerts, so you will receive a text message or email if charges exceed a certain amount.  The problem with this recommendation is that most fraudulent activity starts with minimal charges, or around $100 or $200.  Thus, getting frequent email alerts on your regularly used credit cards maybe very cumbersome.  This will not prevent fraudulent activity, but help you identify it quicker.
  • The most common places that fraudulent charges are made, if your account is ‘hacked” are places like Home Depot, Best Buy, Lowes and in the Midwet, Meijer’s.  This does not mean you should not shop at these locations.  These are the places that people who do the fraudulent activity go first, when they start to shop with stolen credit card numbers.  These are the charges you should look for in your card activity.
  • You should provide to each of your credit card companies your email address and cell phone number, so they can contact you if they identify what appears to be unusual activity.  Again, this will not prevent fraud, but may stop it faster.


Link of the week: To learn much more about the benefits of using credit cards to obtain the most reward dollars, points and other perks, as well as airline and hotel loyalty programs and their credit cards, I recommend reading or following “The Points Guy” at or @thepointsguy on Twitter. The benefits can be worth thousands of dollars per year, if done strategically.
Thanks to my family members, who provided some of the above suggestions.