October is cyber security awareness month. Here at Wealthstream, we take security seriously and discuss it often as a team. We would like to take this opportunity to help educate our clients on the steps that you can take to help mitigate the risk of being a victim of a cyber-attack.
A strong passphrase is at least 12 characters long and includes a combination of letters, numbers, and symbols. When in doubt, lean toward making your password longer rather than more complicated. Avoid using personal information, such as an address, dog’s name, or spouse’s name, which a hacker
may be able to learn through research. Finally, avoid reusing passwords across different accounts.
The best way to manage unique passwords is through a password manager application. A password manager is software created to manage all your online credentials like usernames and passwords. All passwords are stored in one place, and the application helps generate new passwords when adding new online accounts.
Many institutions will ask if you want to add 2 factor or multi-factor authentication (MFA) when logging on. Say yes, especially when it involves financial information. Types of MFA can include:
An extra PIN (personal identification number)
The answer to an extra security question
An additional code that is either emailed to an account or texted to a mobile number
A biometric identifier like facial recognition or a fingerprint
A unique number generated by an “Authenticator App”
A secure token, which is a separate piece of hardware (like a key fob that holds information) that verifies a person’s identity with a database or system
Think before you click
Links in emails, tweets, texts, posts, social media messages, and online advertising are the easiest way for cybercriminals to get your sensitive information. Think before clicking on links or downloading anything that comes from a stranger or that you were not expecting.
If you’re at the office and the phishing email came to your work email address, report it to your IT manager or cyber security officer as quickly as possible. If the email came to your personal email address, do not click on any links (even the unsubscribe link) or reply back to the email and just delete it. An additional step may include blocking the sending address from your email program, too. See below for some common signs of a phishing attempt.
Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public Wi-Fi, and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot for a more secure connection.
Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup. Use the 3-2-1 rule as a guide to
backing up your data. The rule is: keep at least three (3) copies of your data, and store two (2) back up copies on different storage media, with one (1) of them located offsite.
Think before posting about yourself and others online. Consider what a post reveals, who might see it, and how it might affect you or others. In particular, posts that show you and your family away on vacation or celebrating milestone birthdays reveal a lot to the general public.
The signs can be subtle, but once you recognize a phishing attempt, you can avoid falling for it. Here are some quick tips on how to clearly spot a phishing email:
Contains an offer that’s too good to be true
Language that’s urgent, alarming, or threatening
Poorly-crafted writing with misspellings and bad grammar
Requests to provide personal information
Urgency to click on unfamiliar hyperlinks or attachments
Strange business requests
The email you receive has an address that doesn’t match the company it’s coming from
When you receive a suspected phishing email, call the sender using an independent source to get the phone number needed to confirm the email you received is authentic. Do not respond to the email or call the phone number on the email because if the email account has been compromised, the bad actor can impersonate the sender.
Even after taking proper precautions, new scams and more sophisticated malicious software continue to trip us up. What does it mean for your data and device if it becomes infected with a virus, and what damage can it do?
A computer virus interferes with the performance of your device by replicating itself and spreading throughout the operating system. A virus can damage programs, delete files, and reformat or erase your hard drive, which results in reduced performance or even crashing your system entirely. Hackers can
also use viruses to access your personal information to steal or destroy your data.
If you notice any of the following issues with your computer, it may be infected with a virus:
Slow computer performance (taking a long time to start up or open programs)
Problems shutting down or restarting
Frequent system crashes and/or error messages
Unexpected pop-up windows
New applications (toolbars, etc.) that appear without you downloading them
Overworked hard drive (the fan makes sounds and seems to be whirring and working
Email that sends autonomously from your accounts
Browser lag or redirects
Malfunctioning antivirus programs or firewalls
Start by running a full system scan using your antivirus software and an anti-malware program. Review the threats and take any action that you can (the software should guide you through this). If you are unable to delete the virus or infected files from your software, try restoring your computer to an earlier backup before you begin having problems.
Delete all of the temporary files on your computer. The method of clearing those files differs between systems, but these processes are easy enough to research and implement for the average user. If your computer is malfunctioning and preventing you from accessing files to delete, you can try booting up in safe mode. Safe mode restricts certain programs so you can work to fix the issue without interruption.
In some cases, you may need to reinstall your operating system. If you aren’t familiar with how to do that, take your device to a local store that offers computer services and have a professional take a look.
Notify your financial advisor. We at Wealthstream Advisors have procedures to limit further damage. This may include working with the custodian to temporarily restrict money movement and change online access.
If money has been stolen from you due to the breach:
Report the crime to your local police, who will file a formal report and refer you to additional resources and agencies that can help.
File a complaint with the FBI’s Internet Complaint Center (IC3) immediately at https:www.ic3.gov/default.aspx
Contact the three credit bureaus – Equifax, Experian, and TransUnion – to request a fraud alert on your account and a freeze on your credit report.
What happens to your digital footprint when you are no longer around to manage it? Establishing a plan to enable your loved ones to protect your digital assets is key in today’s world. Here are just a few examples of important online assets.
Credit card accounts
Social media accounts
Photos saved online or on the cloud
A logical first step is to compile a secure list of your digital assets along with passwords and other accessibility information. For those of us with expansive footprints, this alone is a daunting task, not to mention several other important considerations in establishing a sound digital estate plan.
To help tackle these challenges, we are working to create a comprehensive digital estate planning guide.
Keep an eye out on our website for this Insight in early 2023.