Cyber Security: Know the Risks and Protect Yourself

We are living in a different world.  It wasn't that long ago that we lived our lives "offline" - speaking to people on the phone, visiting bank branches when we needed funds, receiving key financial information in our mailboxes, and having face-to-face conversations with trusted professionals.

Things have changed.  We now live a large portion of our lives online - conducting leisure activities like shopping, research, vacation planning, and communicating, as well as key financial tasks like banking and investing.  The convenience and speed are incredibly advantageous - but all of these advancements are not without associated risks.

There are countless groups and individuals across the globe whose sole focus is to obtain your information from cyberspace and exploit it for their gain.  Whether it's the largely publicized breaches (think Target, IRS, Comcast) or smaller scale breaches (unauthorized charges on your credit card or fraudulent wire transfers), the threat is real and far-reaching.  Given the potential return on invested time, these groups may monitor your online activity and accounts for months, if not years, before finding (and taking advantage of) an opportunity.  

This may scare and alarm you - and quite frankly, that may not be the worst reaction.  It's critically important to recognize the risk so that you can stay aware and vigilant. Yes, there are potential ways to recover losses from breaches.  However, the single best course of action is to prevent it from occurring in the first place.  Below are 6 things to consider doing immediately to protect yourself and your family.

1.) Passwords - Despite passwords being one of the "first lines of defense" protecting our online lives, they continue to be surprisingly weak.  Many people still use personal information (initials, birthdays, etc) or worse yet, use "password" or "password123."  There is an expectations that passwords will be replaced with digital keys or other identification methods in the future (as is already the case w/iphone log-in's) but until then, consider these guidelines:  

  • DO NOT use personal information
  • Create a different password for every site (recent Comcast breach involved passwords; with thought that people's cable account password may also be used for banking and brokerage accounts)
  • Change them at least every six months
  • Consider an added layer of protection (see #2 below)

2.) Two-step verification - Consider adding an additional layer of protection to your accounts via two-step verification.  Under these systems, you enter both a password, as well as a digital code.  For instance, I enabled this for my gmail account.  When I log in, I receive a text with a code to my phone that has to be entered to access my account.  Such protection is also available for Schwab.  You can contact them at 800-435-4000 to receive a security token, which will generate the numeric code for your log-in.  Is it an added step? Yes.  Is it worth the hassle?  Absolutely

3.) Secure transmission of files - Avoid sending documents that contain financial information (tax returns, bank statements, etc) via email.  It's best to use either encrypted PDF files (and send the password by phone or text) or a secure web portal whenever possible.  And remember, physical mail is also a very secure option

4.) Credit checks - It's always a good idea to monitor your credit, allowing you to detect any misuses of your identify.  Many credit card companies now offer this service to their customers.  annualcreditreport.com is also a great resource

5.) Fraud alerts - Most credit card companies offer a variety of fraud alerts automatically and will alert you of suspicious activity.  However, you can also customize some of these alerts for added protection.  For instance, I have some set-up on my account where I am notified of charges processed without the card present (ie: online orders), as well as any purchase over $500

6.) Insist upon in-person discussions - When dealing with financial transactions, delivery of sensitive information. or any information you wouldn't want broadly disseminated, go back to the good old fashioned in-person or phone discussion.  On a Schwab conference call recently, they shared a story of how an email account was compromised and revised instructions for a real estate sale were sent to the broker.  The email appeared legitimate, and no phone call was made to follow-up.  As a result, the funds were wired to a fraudulent account and not recovered.  There has also been countless instances at Schwab where wire instructions were given over email and processed by advisors (again, sent from valid customer email). At Windermere, we will never take action in your account based on email instructions, without a conversation.  It is for your protection

Stay safe out there.  We're here to help in any way we can!