Terry Herr, CFP®, CLU
In what’s being called one of the most significant and most sophisticated hacks in history, this past weekend the Treasury and Commerce Departments disclosed their systems were breached. They are also investigating breaches at other Federal agencies. The breach triggered a Saturday morning National Security Council meeting implying this hack may be bigger than what we currently know. Cybercrime is estimated to cost the world over $6 Trillion by 2021, it’s important to remain vigilant when it comes to staying safe online. Here are eight cybersecurity tips that you can start utilizing today along with the steps we take to help ensure your security.
Tip #1: Establish A Separate "Financial Only", Encrypted Email Account
If you send sensitive information, it’s important to encrypt data that’s been attached to your emails.1 In the event that a third-party is able to intercept an email, encrypted information is much less likely to be compromised. Having a separate email account for financial affairs, will decrease the likelihood you will click a malicious email that exposes your financial data. Most of us have only 5-10 financial institutions, so if you receive a bank security alert from a bank you don't use, you can confidently ignore and delete the email. Often emails from financial institutions contain links. You can avoid clicking these links by just going directly to the website to login.
Tip #2: Use Public Wi-Fi With Caution
While most of us have been working remotely, some coffee shops have remained open and co-working spaces will be opening up again soon. If you decide to relocate your virtual office to a public space, it’s crucial that you still utilize a secure internet connection. Public wi-fi, especially one which is not password protected, is not secure and can easily be infiltrated.
Some options when using wi-fi outside of your home or office include:
- Activating a personal hotspot from your phone or personal computer.
- Use a VPN (Virtual Private Network), which provides a secure connection to different services (web pages, email, a SQL server, etc.).
- Establish encrypted remote connections to a remote desktop or other individual servers.
Tip #3: Keep Your Computer and Virus Software Up-To-Date
It may not seem like a big deal but there is a reason you receive security updates for your computer and virus software. It's critical to install updates to your computer, regularly run antivirus scans and block malicious sites. In other words, taking a little time to do the preventative work and maintenance will help keep you safe and protected online.
If antivirus scans and software are not running regularly in the background, then what you’re doing online could be intercepted by a third-party with nefarious intentions.
Tip #4: Avoid Email Scams and Phishing
Especially during the COVID-19 pandemic, Social Engineering attacks have increased. The most common, Phishing, occurs when you receive an email impersonating a trusted source. Never assume an email attachment or link is safe. Remain vigilant of potential scam emails. Before clicking look at the senders email address to see if it is spelled correctly or comes from a web address you recognize. Often hackers will create an email account or website that closely resembles a financial institution, since it is a fraudulent account you might find spelling errors or an "odd" domain address. It may be something subtle and easily overlooked, such as swapping an 0 for an o; or leave a letter out. Once a scammer gains access they will try to steal important information such as passwords, account numbers or your Social Security number.2
REAL LIFE EXAMPLE: A few years ago a client had been hacked by a successful "Phish". While the hackers were probably in his email for several weeks or longer, they started their financial assault at 3:00 am on a Monday morning. They first took control over his email by changing the passwords. (This is why Two-Factor authentication is so important.) They they reset his financial institution passwords allowing them to gain access his bank and brokerage accounts. The hackers were able to replicate his signature from a tax document he had in his email history and then send the institutions distribution requests. We received a notice of a distribution from one account at 8:30am. We called the client to verify he had sent in transfer instructions. He had not, setting off a challenging morning. We set off by notifying the impacted financial institution. He then set off contact all of his other financial institutions. Our fast action allowed us to immediately recover 23% of the money transferred out and the brokerage firm, through their anti-fraud program, was able to return the remaining 77% of the account making the client whole. However, it took several weeks to complete the investigation and return the funds to the client. The distribution request did not go through our office. The theft came from the clients end in an effort to completely bypass us. This is a great example of why we insist on speaking with you for financial transactions, versus accepting email or voicemail instructions. Had we not alerted the client of a distribution the client might not have been able to quickly notify their other financial institutions. (SEE OUR CYBER POLICIES BELOW)
Tip #5: Don’t Leave Your Laptop/Device Unattended (and make sure it is password protected)
It may be tempting to do so, but never leave your laptop out in the open when working somewhere other than home. This could include keeping it in the car, on a table or anywhere unattended. You never know who may be watching and waiting to take your belongings when you walk away.
Tip #6: Be Selective When Using USB Flash Drives
You may have various USB thumb drives sitting around the house that you’ve acquired over the years. If you can’t remember where it came from, think twice before using it. Do not continue to use the memory device if you have plugged it into a system for whose safety you can’t vouch for.
Tip #7: Use a USB Data Blocker When Charging at a Public Station
The time for people to begin working at shared working spaces again is drawing near. If you find yourself somewhere where you have access to a public charger, consider using a USB Data Blocker to prevent data exchange and guard against malware. They are very reasonably priced can can be used with your laptop, phone and other USB devices.
Tip #8: Keep your Passwords Safe
Make sure that you keep your computer, email and important documents safe and secure. In order to do so, you may want to consider using a password-saving tool, such as LastPass, Norton or Dashlane. These third-party tools allow you to safely create and store passwords, saving you the headache of having to remember multiple passwords across various sites. Password-saving tools also allow you to create longer, more complex passwords.
In regards to password creation and maintenance, there are few tips you can follow to help keep your accounts secure. These include:
- Don’t use real words.
- Don’t use personal information
- Create long passwords
- Change passwords regularly (at least every 90 days for banking/financial institutions)
- Use Two-Factor Authentication.
- Don’t type them on public devices3
How we help to keep you safe
- We don't accept trade, transaction or distribution requests via email, voicemail or text. While calling us can be a hassle, we need to speak to you to accept any request for a financial transaction. This protects you. Our clients have our personal cell phone numbers so that they can reach us after hours if appropriate.
- Our Wealth 360 personal financial website allows you to have access to all of your financial information, on a highly secure and non-transactional website. Important confidential documents can be uploaded securely into the "Shared Folder" avoiding the need to email them.
- Do not text us. Phones can be among the least secure devices people own. While a "I'm running 5 minutes late" is an acceptable type of text message. Asking us to "sell abc" shares from account number******" would not be. Nor should you text any documents or make important request. Texting is not the place to request or send documents. Texts are also impossible to flag for follow up. If it needs action, calling us is the only way to communicate.
- If we receive an email attachment we aren't expecting, or looks a little 'off', we will call you to confirm you sent it. Likewise, if you receive an unexpected email that looks like it is from us (or another financial institution) with an attachment, or something the looks 'off', call the sender before opening. The use of "Spoof Accounts" are quite common and often a source of entry for hackers.
- We follow our advice above, make use of two-factor authentication and we frequently change our passwords. We encourage you to do the same.
Any cybersecurity professional will tell you there is no such thing as 100% security when online. The US Government has some of the best security there is and yet they were hacked. Hackers (notoriously lazy) may just move onto the next person if they recognize you are cybersecurity aware. Fortunately or unfortunately they can quickly move on to someone who is not secure. Your goal is to make it difficult for them so they move on.
Whether you’re at-home, in a coffee shop or visiting a co-working space, continue to utilize these cybersecurity tips to help keep yourself and your company’s information safe. We welcome the opportunity to speak to you about the measures we take and ways you can protect yourself from cybercrime.
This content is developed from sources believed to be providing accurate information.. Taking the above actions does not constitute a complete and secure solution to protecting yourself from cybercrime. Herr Capital Management, LLC is not responsible for your personal cybersecurity measures. The opinions expressed and material provided are for general information, and should not be considered a solicitation for the purchase or sale of any product.