Please note, this is a STATIC archive of website www.investopedia.com from 17 Apr 2019, cach3.com does not collect or store any user information, there is no "phishing" involved.
<#-- Rebranding: Header Logo--> <#-- Rebranding: Footer Logo-->
« Advisor Insights

Cybersecurity: What You Need to Know to Stay Safe

Dan Moisand
Dan Moisand, CFP® November 22, 2016
80% of people found this article helpful

When a reporter asked renowned bank robber Willie Sutton why he robbed banks, Sutton famously quipped, “Because that’s where the money is.”

We invest a considerable amount of time and money on our systems, processes, and procedures to keep information secure. Every so often, we hear of another cybersecurity issue at some well-known company. Cybercriminals don’t usually get cash directly. Instead, they are looking to hack these systems to steal data to sell. It is perfectly understandable to feel uneasy when big companies or government agencies have a data breach. After all, they have enormous budgets, sophisticated systems, and highly trained staff, yet they're still vulnerable.

The data on these matters, however, show it is highly unlikely someone will hack a system and directly steal money electronically from a bank or brokerage firm account. What is far more likely is you will be duped into executing a bogus transaction or providing access to nefarious people who will execute a bogus transaction. The victim of a cybercrime is often the weakest link in the security chain because convenience is put ahead of security. (For related reading, see: A 12-Step Plan for Better Advisor Cybersecurity.)

We learned recently of a case in which a homebuyer was contacted via email with instructions to wire money for the closing on the property. She followed the instructions, presented the request to her bank, and funds were wired. Unfortunately, the woman had wired money to a crook posing as the closing agent. The bank simply responded to what looked like a legitimate request and the actual closing agent, realtor, title agency, and attorneys had no clue this was happening because all the communication came via email. 

People often weaken security in order to make things quicker or more convenient. And email can be very convenient.

These things don’t just happen to individuals either. Emails from various imposters have resulted in the improper wiring of over $2 billion from corporations to cyber-thieves. The pervasiveness of these duping incidents is so high the generation most likely to be fooled is not the elderly but the Millennials.

Protect Yourself From Thieves

Most thieves prefer an easy target to a challenging one. Thus, the harder you work to make yourself a challenging target, the better your odds are of NOT becoming a victim. The three areas experts most often say require attention are:

  • Protecting your credit
  • Limiting access to your personal information
  • Limiting access to your computer, tablets, phones, and other devices

Protect Your Credit

Once cyber thieves steal your data, they typically sell your personal information like Social Security and account numbers to criminals who then open credit accounts in your name, tap the credit and disappear.

Perhaps the best way to prevent this is to freeze your credit. This prevents anyone, including you, from opening new credit accounts. Once frozen, you use a PIN to unfreeze your credit when you are ready to open a new account. There is a nominal fee which varies by state but typically runs around $10 to freeze or unfreeze. For more information you can also visit the Federal Trade Commission’s page of Frequently Asked Questions about credit freezes. (For related reading, see: What You Don't Know About Cybersecurity Can Hurt You.)

Limit Access to Personal Information

  • Create and use strong passwords for your computer and online accounts. Whenever possible, use at least eight characters with a mix of upper and lower case letters, numbers and symbols. It is recommended you use different passwords for different sites and change them regularly. 
  • If offered, set up two-step, dual factor, or two-factor authentication. This type of authentication involves providing a second point of identification beyond the typical username and password structure. A hacker who steals your password won’t be able to get into your account unless he also has the second point of identification. The most common form involves providing answers to security questions you select. An easy way to make security questions even more effective is to not answer the security questions truthfully. For instance, if asked for your mother’s maiden name, answer with your uncle’s first name or even a random word that you will remember. It is harder for someone to figure out your wrong answer than your correct answer. E-mail systems like Gmail, Hotmail, Yahoo and AOL all offer the enhanced level of security that additional authentication provides.
  • Beware of public Wi-Fi. The best practice is to avoid logging in to any Wi-Fi that you do not know to be secure. You are likely better off using your cellular network. If a network doesn’t require a WPA or WPA2 password, it’s probably not secure. The Federal Trade Commission (FTC) website has some good tips on using public Wi-Fi.
  • Beware of phishing scams. If you have ever received an email asking you to verify your account information from an institution you do not do business with, you have seen a phishing incident first hand. Don’t take the bait. Phishing is basically an attempt to lure you into sharing personal information, open a dangerous email attachment, or click on a malicious web link. The attempts commonly take the form of emails with urgent warnings about your financial information, fake delivery notices or invoices, fake voice mail, fax attachments, security alerts that pop up while you are browsing on the internet, or calls from a technician who “noticed an issue” or other such notice about your computer. No bank, brokerage, or governmental agency will email or call you to verify a Social Security or account number. Don’t give confidential information or access to your computer to strangers.
  • Back up your data regularly. One result of phishing ploys is to install ransomware on your computer. The criminals hold your data hostage until you pay them to release your data. A good backup system often helps restore your devices and data to a prior, ransomware-free condition. It may also save your favorite files like photos in the event of a hardware failure.
  • Do not include personal information in email. This includes full account numbers, social security numbers, copies of tax returns, or passwords. To send documents to advisors, use your client portal. If you can email, you can upload to the portal. Hopefully, others you share documents with such as tax or legal professionals use some sort of secure file-sharing service. Password-protecting an attachment is better than nothing, but not as safe as using a secure portal.
  • Be smart on social media. Be discrete about posting personal information and review your privacy settings. Permanently delete read emails regularly. Delete emails in your deleted items or trash folder. Advisors are required by securities regulations to archive business related emails to or from you, so if needed, they can retrieve copies for you.
  • Shred your paper records. If you don’t have a shredder, feel free to bring documents to your advisor and they will probably shred them for you. This article about what to keep and for how long explains the basics for many types of documents. (For related reading, see: Advisors Are Feeling Cyber-Insecure.)

Protect All Your Devices

  • Put a good password on your device. With no password, all a criminal has to do is grab your device to easily find valuable personal information. When not using the device, shut it off or at least log out.
  • Keep your operating system up-to-date. You can set up your devices to do this automatically. These updates can be annoying, but update anyway. Many involve security patches.
  • Choose a more secure browser. Microsoft’s Internet Explorer has long been considered the browser with weakest security features among the most popular browsers. Chrome and Firefox still seem to be among the strongest.
  • Limit external device connections. Only connect external devices such as an external hard drive, disk player, or a thumb drive to your device if you trust the party providing the device.
  • Run a security check/scan on your computer. Delete whatever shouldn’t be on your device.
  • Disable the preview panel function in Outlook. There have been incidents in which the mere act of previewing an email in Outlook allowed malicious code on a PC even though the email was not actually opened.
  • Use and keep up-to-date anti-virus software. PC Magazine has reviews of security apps for android phones and of anti-virus software for computers. Macs, iPhones, and iPads are generally considered safer, but they are not perfect. You will find several well-known security apps in the iTunes app store.
  • Use a firewall and password with your home internet and Wi-Fi connection. Failure to do this makes your home’s connection even more vulnerable than the public Wi-Fi we warned of above.
  • Assess your security. We’ve covered quite a bit in this post but to go deeper, we believe this post has many helpful ideas and can act as a checklist for assessing the state of your security.
  • Hire someone to perform these tasks for you. Best Buy’s Geek Squad will come to your house or you can take your computer to a Staples or Office Max and they’ll set you up. Or try other reputable IT professionals to secure your Internet connection and Wi-Fi.

The Bottom Line

Advisors work hard to protect your money and your information, but you need to be diligent and proactive as well. No one can guarantee that any of us are 100% safe from cyber and identity-related crimes, but we can make ourselves less of a target and make the bad guys' attempts more difficult. The more diligent you are about security, the safer your financial condition will be. (For related reading, see: Educating Your Clients About Cybersecurity.)

Adapted from an article that originally appeared at moisandfitzgerald.com

Dan Moisand

Moisand, Dan

Melbourne, FL
www.moisandfitzgerald.com

Investopedia does not provide tax, investment, or financial services. The information available through Investopedia’s Advisor Insights service is provided by third parties and solely for informational purposes on an “as is” basis at user’s sole risk. The information is not meant to be, and should not be construed as advice or used for investment purposes. Investopedia makes no guarantees as to the accurateness, quality, or completeness of the information and Investopedia shall not be responsible or liable for any errors, omissions, inaccuracies in the information or for any user’s reliance on the information. User is solely responsible for verifying the information as being appropriate for user’s personal use, including without limitation, seeking the advice of a qualified professional regarding any specific financial questions a user may have. While Investopedia may edit questions provided by users for grammar, punctuation, profanity, and question title length, Investopedia is not involved in the questions and answers between advisors and users, does not endorse any particular financial advisor that provides answers via the service, and is not responsible for any claims made by any advisor. Investopedia is not endorsed by or affiliated with FINRA or any other financial regulatory authority, agency, or association.