From fraudulent transactions to identity theft, securing online accounts is a hot topic in financial planning discussions in today’s cyber-connected world. There are some things you can do to protect yourself. Just like locking your doors and installing a security alarm and security cameras can protect your physical assets, there are similar approaches that can protect your online accounts.
Some basic cyber-security tips:
1 ) Use a password manager
- We recommend LastPass , 1Password , RoboForm or others. Edit the Settings/Security features to make the settings tighter (restrict logins from US IP addresses only, turn on Authenticator for your 2FA, for example). Password managers reduce errors due to phishing, as they auto-fill password information in valid URLs. You should never have to manually enter a password, other than your master password.
- Make sure your master password is a longer phrase with other characters and memorize it.
- Do not keep your passwords in Word, Excel or Google Docs, etc.! A hacker can easily gain access to ALL your passwords if they get access to your machine
- Password managers encrypt their data to further protect you from hacks
- Most password managers will auto-generate a long, complicated password and auto-fill it for you, eliminating login errors due to typos and strengthening your security on all your online accounts
- You should still change your passwords for your most vulnerable sites regularly
- Don’t include information in your passwords that is easy for a hacker to obtain or guess, like dates of birth for you or your family members, addresses, phone numbers, etc. You are better off using random words and numbers to compose a phrase or let your password manager auto generate a password that is long and complicated.
2 ) Edit the Settings/Security section of every software you use
- Just about every software has a settings/security section, where you can turn on additional layers of security. The default is often the least secure, because with increased security comes some additional work for the user. The first thing I do when installing a new software is to tighten up the default security.
- Turn on 2-factor authentication, also known as multi-factor: this is a base level protection these days. Always opt for the Authenticator approach, not the SMS text message approach. This protects against hackers intercepting your texts
- Add as many layers of security as the software allows
3) Prevent phone number porting
- A would-be thief can hack into your email account and port your cell phone to their device while you are sleeping, thereby gaining control of your 2-factor authentication.
- Protect your email password – use long passwords, NEVER reuse a password from another site, turn on “prevent multi device access” if available.
- If someone is able to hack your email associated with your cell phone account (most commonly due to a weak password, duplicate password, or inadequately stored password), then they have access to your text 2-factor authentication. To protect against this, most carriers allow for “account locks” to be put on your number, preventing the porting to a new device without additional steps.
4) Do not click on links in emails
5) Do not click on links in emails and
6) Do not click on links in emails.
- One of the most common ways hackers are able to access user accounts is through “phishing” – sending an email pretending to be a trusted vendor, tricking you into “logging in” to review something. They will often make it seem like an emergency. When this happens, WAIT, THINK and ASK others if the request seems reasonable.
- Go to the website (using the URL in your password manager) to review your bill, login to your account, etc.
- Question any emergency email request, even if it is supposedly from someone you know. Email addresses are hacked and spoofed all the time! WAIT, THINK and ASK before responding. Call your contact and ask them if they sent them message!
- Hackers are getting much more sophisticated in cloning websites in order to steal your login information. Don’t let them in!
7) Do not email documents around
- ESPECIALLY don’t email documents with personally identifiable information like your Social Security number or date of birth. Train yourself to send documents in a more secure method. Just about every business offers a secure file upload these days. Use it.
8) Don’t answer your phone if the caller is not in your contacts
- Most cell phones have an “add to contacts” feature. As trusted people call you, add them to your contacts (doctors, vendors, friends)
- Many scammers will call and scare you into thinking there is some emergency
- Some even leave voice mail messages scaring people
- WAIT, THINK and ASK before responding
9) Make sure you are using antivirus software – Avast , Defender , Webroot , others
- You may want to avoid using software that is constantly trying to sell you extra, possibly unneeded features
10) Make sure you are always updating your phone and computer
- Updates are released to combat online threats all the time. Not installing the update can leave you vulnerable.
- NEVER use an old, updated computer to access the internet. This is like leaving your doors open when you leave your house.
11) Don’t post personal information on social media. ESPECIALLY:
- Don’t reply to those posts asking for places you have visited, favorite anything, personally identifiable information. This can all be used to guess your passwords
- Don’t accept friend requests from people immediately. Some people’s social media profiles are copied, allowing for second friend requests to be sent, giving the hacker access to friends’ profiles. Or worse, your friend’s social media account may be hacked, meaning you are now communicating with a hacker.
- WAIT, THINK and ASK!
Overall, your security does not have to be perfect; it just needs to be better than others. When a would-be thief runs into tight security, he is likely to move on to other, easier targets.
Jennifer Climo, CFP® is an advisor at Milestone Financial Planning, LLC, a fee-only financial planning firm in Bedford NH. Milestone works with clients on a long-term, ongoing basis. Our fees are based on the assets that we manage and may include an annual financial planning subscription fee. Clients receive financial planning, tax planning, retirement planning, and investment management services, and have unlimited access to our advisors. We receive no commissions or referral fees. We put our clients’ interests first. If you need assistance with your investments or financial planning, please reach out to one of our fee-only advisors .