Skip to main content

 

Wealthstream Advisors recognized as Best Place to Work for Financial Advisors by InvestmentNews in 2024 for the fourth year in a row

Wealthstream included in Forbes SHOOK Research Top 250 RIAs for 2023

Cyber Security Awareness Month: Tips for Protection

October 7, 2022 | By Aaron Tawil, CFP® and James Perriello, CFP®
LinkedIn Icon Facebook Icon Twitter Icon Email Icon

October is cyber security awareness month. Here at Wealthstream, we take security seriously and discuss it often as a team. We would like to take this opportunity to help educate our clients on the steps that you can take to help mitigate the risk of being a victim of a cyber-attack.

Tips to help protect yourself from an attack:

Update software

Keep all software on internet-connected devices–including personal computers, smartphones, and tablets–up to date to reduce the risk of infection from ransomware and malware. Configure your devices to update automatically or to notify you when an update is available

Use long, unique passphrases

A strong passphrase is at least 12 characters long and includes a combination of letters, numbers, and symbols. When in doubt, lean toward making your password longer rather than more complicated. Avoid using personal information, such as an address, dog’s name, or spouse’s name, which a hacker
may be able to learn through research. Finally, avoid reusing passwords across different accounts.

Use a password manager

The best way to manage unique passwords is through a password manager application. A password manager is software created to manage all your online credentials like usernames and passwords. All passwords are stored in one place, and the application helps generate new passwords when adding new online accounts.

Enable multi-factor authentication

Many institutions will ask if you want to add 2 factor or multi-factor authentication (MFA) when logging on. Say yes, especially when it involves financial information. Types of MFA can include:

  • An extra PIN (personal identification number)

  • The answer to an extra security question

  • An additional code that is either emailed to an account or texted to a mobile number

  • A biometric identifier like facial recognition or a fingerprint

  • A unique number generated by an “Authenticator App”

  • A secure token, which is a separate piece of hardware (like a key fob that holds information) that verifies a person’s identity with a database or system

Think before you click

Links in emails, tweets, texts, posts, social media messages, and online advertising are the easiest way for cybercriminals to get your sensitive information. Think before clicking on links or downloading anything that comes from a stranger or that you were not expecting.

Report phishing

If you’re at the office and the phishing email came to your work email address, report it to your IT manager or cyber security officer as quickly as possible. If the email came to your personal email address, do not click on any links (even the unsubscribe link) or reply back to the email and just delete it. An additional step may include blocking the sending address from your email program, too. See below for some common signs of a phishing attempt.

Use secure Wi-Fi

Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public Wi-Fi, and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot for a more secure connection.

Back up your data

Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup. Use the 3-2-1 rule as a guide to
backing up your data. The rule is: keep at least three (3) copies of your data, and store two (2) back up copies on different storage media, with one (1) of them located offsite.

Share with care

Think before posting about yourself and others online. Consider what a post reveals, who might see it, and how it might affect you or others. In particular, posts that show you and your family away on vacation or celebrating milestone birthdays reveal a lot to the general public.

Phishing

Signs of a potential phishing attempt

The signs can be subtle, but once you recognize a phishing attempt, you can avoid falling for it. Here are some quick tips on how to clearly spot a phishing email:

  • Contains an offer that’s too good to be true

  • Language that’s urgent, alarming, or threatening

  • Poorly-crafted writing with misspellings and bad grammar

  • Requests to provide personal information

  • Urgency to click on unfamiliar hyperlinks or attachments

  • Strange business requests

  • The email you receive has an address that doesn’t match the company it’s coming from

When you receive a suspected phishing email, call the sender using an independent source to get the phone number needed to confirm the email you received is authentic. Do not respond to the email or call the phone number on the email because if the email account has been compromised, the bad actor can impersonate the sender.

What to do if your computer gets a virus

Even after taking proper precautions, new scams and more sophisticated malicious software continue to trip us up. What does it mean for your data and device if it becomes infected with a virus, and what damage can it do?

A computer virus interferes with the performance of your device by replicating itself and spreading throughout the operating system. A virus can damage programs, delete files, and reformat or erase your hard drive, which results in reduced performance or even crashing your system entirely. Hackers can
also use viruses to access your personal information to steal or destroy your data.

Spotting a computer virus

If you notice any of the following issues with your computer, it may be infected with a virus:

  • Slow computer performance (taking a long time to start up or open programs)

  • Problems shutting down or restarting

  • Missing files

  • Frequent system crashes and/or error messages

  • Unexpected pop-up windows

  • New applications (toolbars, etc.) that appear without you downloading them

  • Overworked hard drive (the fan makes sounds and seems to be whirring and working

  • Email that sends autonomously from your accounts

  • Browser lag or redirects

  • Malfunctioning antivirus programs or firewalls

Steps to take if your computer has been infected

  1. Start by running a full system scan using your antivirus software and an anti-malware program. Review the threats and take any action that you can (the software should guide you through this). If you are unable to delete the virus or infected files from your software, try restoring your computer to an earlier backup before you begin having problems.

  2. Delete all of the temporary files on your computer. The method of clearing those files differs between systems, but these processes are easy enough to research and implement for the average user. If your computer is malfunctioning and preventing you from accessing files to delete, you can try booting up in safe mode. Safe mode restricts certain programs so you can work to fix the issue without interruption.

  3. In some cases, you may need to reinstall your operating system. If you aren’t familiar with how to do that, take your device to a local store that offers computer services and have a professional take a look.

  4. Notify your financial advisor. We at Wealthstream Advisors have procedures to limit further damage. This may include working with the custodian to temporarily restrict money movement and change online access.

  5. If money has been stolen from you due to the breach:

    1. Report the crime to your local police, who will file a formal report and refer you to additional resources and agencies that can help.

    2. File a complaint with the FBI’s Internet Complaint Center (IC3) immediately at https:www.ic3.gov/default.aspx

    3. Contact the three credit bureaus – Equifax, Experian, and TransUnion – to request a fraud alert on your account and a freeze on your credit report.

Digital Estate Planning

What happens to your digital footprint when you are no longer around to manage it? Establishing a plan to enable your loved ones to protect your digital assets is key in today’s world. Here are just a few examples of important online assets.

  • Banking accounts

  • Credit card accounts

  • Social media accounts

  • Reward programs

  • Cryptocurrency keys

  • Photos saved online or on the cloud

A logical first step is to compile a secure list of your digital assets along with passwords and other accessibility information. For those of us with expansive footprints, this alone is a daunting task, not to mention several other important considerations in establishing a sound digital estate plan.

To help tackle these challenges, we are working to create a comprehensive digital estate planning guide.

Keep an eye out on our website for this Insight in early 2023.

Sign Up And Never Miss An Article