Cybersecurity: What You Need to Know
When a reporter asked renowned bank robber, Willie Sutton, why he robbed banks, Sutton famously quipped, “Because that’s where the money is.”
We at Moisand Fitzgerald Tamayo, LLC invest a considerable amount of time and money on our systems, processes, and procedures to keep your information secure. It is important to note should our efforts in this regard fall short, we do not actually have possession, aka custody, of any of your assets. Even if someone manages to hack our system, they cannot get to your funds without also foiling the systems of the financial institution holding your funds.
We have confidence that our favored custodians (Schwab and TD Ameritrade) are doing a good job with respect to security. Should they have a breach, in order for a crook to actually get any cash, the thieves would need to execute their transactions without you, us, or the custodian noticing. In addition, both Schwab and TD Ameritrade offer a reimbursement guarantee as long as you take reasonable steps to keep unauthorized parties out of the systems.
TD Ameritrade’s Asset Protection Guarantee
Every so often, we hear of another cybersecurity issue at some well-known company. Cybercriminals don’t usually get cash directly. Instead, they are looking to hack these systems to steal data to sell.
It is perfectly understandable to feel uneasy when big companies or government agencies have a data breach. After all, they have enormous budgets, sophisticated systems, and highly trained staff.
The data on these matters, however, show it is highly unlikely someone will hack a system and directly steal money electronically from a bank or brokerage firm account. What is far more likely is you will be duped into executing a bogus transaction or providing access to nefarious people who will execute a bogus transaction. The victim of a cybercrime is often the weakest link in the security chain because convenience is put ahead of security.
The victim of a cybercrime is often the weakest link in the security chain because convenience is put ahead of security.
We learned recently of a case in which a homebuyer was contacted via email with instructions to wire money for the closing on the property. She followed the instructions, presented the request to her bank, and funds were wired. Unfortunately, the woman had wired money to a crook posing as the closing agent.
The bank simply responded to what looked like a legitimate request and the actual closing agent, realtor, title agency, and attorneys had no clue this was happening because all the communication came via email. (Note: our firm will NOT facilitate wire transfers to third parties based on an email request.)
People often weaken security in order to make things quicker or more convenient. And email can be very convenient.
These things don’t just happen to individuals either. Emails from various imposters have resulted in the improper wiring of over $2 billion from corporations to cyber-thieves. The pervasiveness of these duping incidents is so high the generation most likely to be fooled are not the elderly but Millennials. See “Surprise! Millennials More Likely to Be Scam Victims Than Boomers.”
Protect yourself from cybercrimes
In July, we learned a house was robbed in the Suntree area of Melbourne. Why was it chosen by the thieves? The leading theory from the police is simply because the house was the only one on the block without an alarm.
Most thieves prefer an easy target to a challenging one. Thus, the harder you work to make yourself a challenging target, the better your odds are of NOT becoming a victim.
The three areas experts most often say require attention are:
- Protecting your credit
- Limiting access to your personal information
- Limiting access to your computer, tablets, phones, and other devices
Protecting your credit
Once cyber thieves steal your data, they typically sell your personal information like Social Security and account numbers to criminals who then open credit accounts in your name, tap the credit and disappear.
Perhaps the best way to prevent this is to freeze your credit. This prevents anyone, including you, from opening new credit accounts. Once frozen, you use a PIN to unfreeze your credit when you are ready to open a new account. There is a nominal fee which varies by state but typically runs around $10 to freeze or unfreeze.
We wrote about freezes in the “Scams: Be smart, not fearful” portion of our January newsletter post. It included links to the various credit bureaus. We also liked the Federal Trade Commission’s page of Frequently Asked Questions about credit freezes.
Limiting access to your personal information
Create and use strong passwords for your computer and online accounts. Where possible, use at least eight characters with a mix of upper and lower case letters, numbers and symbols. It is recommended you use different passwords for different sites and change them regularly. See our post How To Prevent Identity Theft for more on how to create and manage strong passwords and this PC Magazine post of reviews for password manager programs.
If offered, set up “two-step,” “dual factor,” or “two-factor” authentication. This type of authentication involves providing a second point of identification beyond the typical user name and password structure. A hacker who steals your password won’t be able to get into your account unless he also has the second point of identification.
The most common form involves providing answers to security questions you select. An easy way to make security questions even more effective is to not answer the security questions truthfully. For instance, if asked for your mother’s maiden name, answer with your uncle’s first name or even a random word that you will remember. It is harder for someone to figure out your wrong answer than your correct answer.
Gmail, Hotmail, Yahoo and AOL all offer the enhanced level of security additional authentication provides. You may also set up dual-factor authentication on your client portal at our firm by emailing Tommy Lucas at tommy@moisandfitzgerald.com/ or calling him at extension 116.
Beware of public Wi-Fi. The best practice is avoid logging in to any Wi-Fi that you do not know to be secure. You are likely better off using your cellular network. If a network doesn’t require a WPA or WPA2 password, it’s probably not secure. The Federal Trade Commission (FTC) website has some good tips on using public Wi-Fi.
Beware of phishing scams. If you have ever received an email asking you to verify your account information from an institution you do not do business with, you have seen a phishing incident first hand. Don’t take the bait. “Phishing” is basically an attempt to lure you into sharing personal information, open a dangerous email attachment, or click on a malicious web link. The attempts commonly take the form of emails with urgent warnings about your financial information, fake delivery notices or invoices, fake voice mail, fax attachments, security alerts that pop up while you are browsing on the internet, or calls from a technician who “noticed an issue” or other such notice about your computer.
No bank, brokerage, or governmental agency will email or call you to verify a Social Security or account number. Don’t give confidential information or access to your computer to strangers.
No bank, brokerage, or governmental agency will email or call you to verify a Social Security or account number. Don’t give confidential information or access to your computer to strangers.
Back up your data regularly. One result of phishing ploys is to install “ransomware” on your computer. The criminals hold your data hostage until you pay them to release your data. A good backup system often helps restore your devices and data to a prior, ransomware free condition. It may also save your favorite files like photos in the event of a hardware failure.
Do not include personal information in email. This includes full account numbers, social security numbers, copies of tax returns, or passwords. To send documents to us, use your client portal. If you can email, you can upload to the portal. Hopefully, others you share documents with such as tax or legal professionals use some sort of secure file-sharing service. Password-protecting an attachment is better than nothing but not as safe as using a secure portal.
Be smart on social media. Be discrete about posting personal information and review your privacy settings. Permanently delete read emails regularly. Delete emails in your “deleted items” or “trash” folder. We are required by securities regulations to archive business related emails to or from you, so if needed, we can retrieve copies for you.
Shred your paper records. If you don’t have a shredder, feel free to bring documents to either of our offices and we will shred them for you. We keep copies of most documents we collect or are distributed to you through our work. This article about what to keep and for how long explains the basics for many types of documents.
Protecting your computer, tablets, phones and other devices
Put a good password on your device. With no password, all a criminal has to do is grab your device to easily find valuable personal information. When not using the device, shut it off or at least log-out.
Keep your operating system up-to-date. You can set up your devices to do this automatically. These updates can be annoying, but update anyway. Many involve security patches.
Choose a more secure browser. Microsoft’s Internet Explorer has long been considered the browser with weakest security features among the most popular browsers. Chrome and Firefox still seem to be among the strongest.
Limit external device connections. Only connect external devices such as an external hard drive, disk player, or a thumb drive to your device if you trust the party providing the device.
Run a security check/scan on your computer. Delete whatever shouldn’t be on your device.
Disable the preview panel function in Outlook. There have been incidents in which the mere act of previewing an email in Outlook allowed malicious code on a PC even though the email was not actually opened.
Use and keep up-to-date anti-virus software. PC Magazine has reviews of security apps for android phones and of anti-virus software for computers. Macs, iPhones, and iPads are generally considered safer but they are not perfect. You will find several well-known security apps in the iTunes app store.
Use a firewall and password with your home internet and Wi-Fi connection. Failure to do this makes your home’s connection even more vulnerable than the public Wi-Fi we warned of above.
Assess Your Security. We’ve covered quite a bit in this post but to go deeper, we believe this post has many helpful ideas and can act as a checklist for assessing the state of your security.
Hire someone to perform these tasks for you. Best Buy’s Geek Squad will come to your house or you can take your computer to a Staples or Office Max and they’ll set you up. Or try other reputable IT professionals to secure your Internet connection and Wi-Fi.
Bottom Line:
We work hard to protect your money and your information but you need to be diligent and proactive as well. No one can guarantee that any of us are 100% safe from cyber and identity related crimes but we can make ourselves less of a target and make the bad guy’s attempts more difficult. The more diligent you are about security, the safer your financial condition will be.