A few years ago, we published a blog post on freezing your credit and included some cybersecurity best practices. With the addition of Kirsten Ashbaugh to the team, we’re publishing an updated “best practices” post that takes advantage of her background in intelligence and cybersecurity. If you’d prefer to listen, we recently talked about these practices in an episode (audio or video) for Andy Panko’s Retirement Planning Education podcast, too.
Bottom line: The most important security practices for you to focus on are:
1. Password security
2. Using multi-factor authentication
3. Freezing and watching your credit
4. Maintaining a suspicious mindset
Below is more detail on these items and more best practices that are important if not the top ones we wanted to highlight.
Use complex, different passwords, and consider using a password manager. Kirsten has seen people consistently overlook this important practice and has seen actual leaked passwords on the dark web. It really is that important to use complex, different passwords. We recommend using a password manager because it makes this much easier. They aren’t perfect, but they are almost always better than someone’s existing practices.
You can also check where your email and password may have been disclosed through this website, run by a Microsoft security researcher: https://haveibeenpwned.com/.
Use multi-factor authentication (MFA), ideally through an app instead of text/phone call. Multi-factor authentication or two-factor authentication (2FA) is when you must enter a password plus something else, usually a code, to log in. If your email is compromised—a real possibility if you aren’t using complex passwords—MFA may be the only thing that prevents a hack.
Where possible, it’s best to use an app that generates MFA codes, like Google Authenticator or Duo Authenticator, instead of receiving a text or phone call. Cybercriminals can electronically “port” or move your phone number to another SIM card—a process called SIM jacking or SIM swapping—causing you to lose control of your phone number. You can set up a PIN with your phone provider to help prevent this, but we also recommend opting to use an app where possible.
Freeze and monitor your credit. You can read more about this in the previous blog post. It’s still important. Now, you can also freeze the ability to open new bank accounts through ChexSystems.
Maintaining a suspicious mindset. Many times, people who fall victim to a scam or security incident are not less intelligent, but just more trusting of people, which is normally a wonderful quality. Unfortunately, we must be suspicious. Don’t answer unknown phone numbers or texts, don’t respond to requests for information you’re not expecting, and don’t accept unknown friend requests on social media. If something doesn’t seem right, don’t be afraid to talk to someone else about it: your spouse, a friend, or your financial advisor. If someone tells you not to talk to anyone, that should be a big red flag. And don’t think you’re immune: people of all ages with all kinds of knowledge have been tricked.
Other important practices:
· Consider getting a tax filing PIN from the IRS. It’s now open to everyone, not just victims of identity theft.
· Related, “plant your flag” by creating accounts in sensitive places. The security researcher Brian Krebs provides great guidance, including additional information on credit freezes.
· Maintain good habits when using Wi-Fi: avoid public networks if at all possible (use your phone’s hotspot instead), create separate networks in your home for guests and devices, and change the admin password on your router (read more about this and how to change it).
· Keep devices and documents secure. Lock or turnoff your devices when not in use, especially in public; never leave them unattended. Physically lock up important documents in a safe—estate and other legal documents, birth certificates, Social Security cards, passports—or shred them if you don’t need them.
· Update your devices, software, and apps. Updates fix vulnerabilities that are regularly found. Ideally, turn on automatic updates.
· Avoid unnecessary or suspicious software and apps—including browser extensions. You can inadvertently download malicious software, or free apps and browser extensions can be taken over by malicious actors.
· Regularly review transactions on credit cards, debit cards, and from bank accounts for suspicious or malicious activity. Consider setting up alerts for transactions over a certain threshold.
· Be mindful of information available online. Even if you don’t share it, your family members may share it, it may be public record, or it could be in a data breach.
Collecting this information can be used to compromise your accounts or gain your trust. Places where there can be highly personal information include:
o Family members’ open social media profiles(pictures, names, ages, locations, background)
o Municipality public records (property titles and sales, court records)
o Political donations (federal election donations>$200 are public record)
o Wedding websites and announcements (names, locations, background, family structure, education, religion, work)
o Obituaries (family structure, names of minor children)
We know that following cybersecurity practices can be tiresome, and we encourage you to stay motivated and stay secure.
Photo by Dan Nelson on Unsplash.
All written content on this site is for information purposes only. Opinions expressed herein are solely those of MF, unless otherwise specifically cited. Material presented is believed to be from reliable sources and no representations are made by our firm as to other parties’ informational accuracy or completeness. All information or ideas provided should be discussed in detail with an advisor, accountant or legal counsel prior to implementation.
The information on this site is provided “AS IS” and without warranties of any kind either express or implied. To the fullest extent permissible pursuant to applicable laws, MF disclaims all warranties, express or implied, including, but not limited to, implied warranties of merchantability, non-infringement, and suitability for a particular purpose. MF does not warrant that the information will be free from error. None of the information provided on this website is intended as investment, tax, accounting or legal advice, as an offer or solicitation of an offer to buy or sell, or as an endorsement of any company, security, fund, or other securities or non-securities offering. The information should not be relied upon for purposes of transacting securities or other investments. Your use of the information is at your sole risk. Under no circumstances shall MF be liable for any direct, indirect, special or consequential damages that result from the use of, or the inability to use, the materials in this site, even if MF or an MF authorized representative has been advised of the possibility of such damages. In no event shall Manuka Financial have any liability to you for damages, losses, and causes of action for accessing this site. Information on this website should not be considered a solicitation to buy, an offer to sell, or a recommendation of any security in any jurisdiction where such offer, solicitation, or recommendation would be unlawful or unauthorized.
Founder, Financial Advisor