In today's digital world, our personal information is constantly under threat. Cyber threats, from identity theft to ransomware attacks, are rising in complexity and frequency. However, combining robust cybersecurity habits with sound financial planning can create a safer and more resilient online experience. The following best practices will significantly improve your personal cybersecurity and protect your data, devices and identity.
Personal Accounts Login
- Enable Multi-Factor Authentication (MFA) on any website or applications used for financial transactions (e.g., banks, retirements) or with access to personal information (e.g., insurance). MFA adds an extra layer of security by requiring you to verify your identity through a secondary method, such as a code sent to your phone, a fingerprint, or a facial scan.
- Ideally, consider using a personal device for banking or investment activities whenever possible. Never save passwords on any device, especially if the device itself does not have its own password.
Password Management
- Use a password manager to create unique, lengthy, and complex passwords and store them in an encrypted vault. Make sure to enable multi factor authentication to decrypt the passwords saved by the password manager. iCloud Keychain and 1Password are examples of good solutions (but please do your due diligence).
- Passwords should aim to have 12 characters with a mix of uppercase, lowercase, numbers and symbols. For any financial accounts, passwords should be changed every 6-12 months.
- If creating password without a password manager, avoid to create dictionary-based passwords, which are easily guessable (e.g., Spring2022!, Summer2022!, October2022!, etc.).
- Do not re-use the same or similar password across multiple websites and applications. The moment one of the websites is compromised, any other application or website using the same password would become accessible to a hacker or malicious user.
Personal Devices Protection
- Upgrade your software on a regular basis, in particular the operating system and browser. The majority of software upgrades include security fixes to recently discovered vulnerabilities. Installing updates as soon as they become available can prevent personal devices from being impacted by security vulnerabilities, malicious software, or malware.
- Do not use or install open-source software, if you are not familiar with the software and libraries, and whether the development team promptly addresses security vulnerabilities.
- Only download applications from the Apple App Store or Google Play and never use third party App Store or side loading to install an untrusted app on your device.
- If using a laptop or desktop, run a reputable antivirus (especially on Windows and Linux machines) to prevent your device from becoming infected with malware.
- Do not plug an unknown USB into your devices. USBs could be used as a threat vector to deliver malware, infect devices, and steal information.
Home
- Secure your home WiFi. Change the default username and password of the WiFi router. Use WPA2 encryption.
- Maintain up-to-date software of smart devices in your home and change default passwords as soon as they are set up in your home.
- Consider creating a separate password-protected guest network for your guests, not connected to any smart devices in your home.
Travel
- Do not log in to bank accounts or financial accounts from public WiFi networks (e.g., airport, hospital, hotels, coffee shops, etc.).
- If you want to use public WiFi networks, make sure to use a Virtual Private Network (VPN) before accessing any website.
- Avoid sharing personal vacation plans or photos publicly via social media until after you have returned from your trip.
- When traveling abroad, use a spare device and use VPN for the duration of your trip. Assume your device is compromised on your return home and reset the device for your next trip.
- Do not log in to any accounts from shared computers (e.g., computers in a hotel, hospital, coffee shop, etc.).
Phishing
- The majority of credentials and account compromises are initiated via a phishing attack, which is when fraudulent communications appear legitimate.
- Always review the web domain to confirm emails and web addresses belong to a well-known domain (e.g., google.com vs goggle.com).
- Do not click on links or open attachments from unknown domains, websites, emails, and text messages.
- Bookmarks trusted links/website that you visit often as opposed to access them from a link in an email or text.
Data Sharing
- Do not share personal information over the phone, in email or text message if you don’t know that the person on the other side is who he/she claims to be.
- Personal information (e.g., phone number, email address, company) shared via social media (LinkedIn, FB, etc.) could be exploited by spammers and fraudsters. Limit how much information you share and with whom. Lock down the privacy settings on all accounts.
- Limit access to location data for each specific app. For example, on iOS devices it can be controlled under Settings > Privacy & Security > Location Services.
- Limit access to tracking information. For example, on iOS devices it can be controlled under Settings > Privacy & Security > Tracking.
- Only give permission to applications for what they need. For example, iOS apps need to ask permission to access photos, location, contacts, and camera which makes your information available to the app developer.
Identity
- Subscribe to a reputable credit and identity theft monitoring services to monitor existing lines of credit. Regularly check your credit report to detect any signs of identity theft or unauthorized accounts.
- If deemed appropriate, additional measures such as a credit freeze at each of the major credit bureaus could also prevent fraudsters from using your identity to establish new lines of credit.
By implementing these recommendations and staying vigilant online, you can significantly reduce the risk of falling victim to cyberattacks and keep your personal information secure.
Remember, cybersecurity best practices are continuing to improve as we counter the new ways criminals try to part us with our money. Incorporating and aligning these best practices with your financial planning strategy can reduce your vulnerability to cyber threats while maintaining a financially secure future. With the right tools, education, and proactive planning, you can navigate the digital landscape confidently and securely.
Interested in how we can help?
Disclaimer: Information provided is for educational purposes only. HBWM does not provide tax, legal, compliance, or accounting advice. In considering this material, you should discuss your individual circumstances with professionals in those areas before making any decisions. Further, HBWM makes no warranties with regard to such information, or a result obtained by its use, and disclaims any liability arising out of your use of, or any tax position taken in reliance on, such information.