Cybersecurity: What You Need to Know

By Dan Moisand | September 13, 2016 | Comments Off on Cybersecurity: What You Need to Know

 

When a reporter asked renowned bank robber, Willie Sutton, why he robbed banks, Sutton famously quipped, “Because that’s where the money is.”

We at Moisand Fitzgerald Tamayo, LLC invest a considerable amount of time and money on our systems, processes, and procedures to keep your information secure. It is important to note should our efforts in this regard fall short, we do not actually have possession, aka custody, of any of your assets. Even if someone manages to hack our system, they cannot get to your funds without also foiling the systems of the financial institution holding your funds.

We have confidence that our favored custodians (Schwab and TD Ameritrade) are doing a good job with respect to security. Should they have a breach, in order for a crook to actually get any cash, the thieves would need to execute their transactions without you, us, or the custodian noticing. In addition, both Schwab and TD Ameritrade offer a reimbursement guarantee as long as you take reasonable steps to keep unauthorized parties out of the systems.

Schwab’s Security Guarantee

TD Ameritrade’s Asset Protection Guarantee

Every so often, we hear of another cybersecurity issue at some well-known company. Cybercriminals don’t usually get cash directly. Instead, they are looking to hack these systems to steal data to sell.

It is perfectly understandable to feel uneasy when big companies or government agencies have a data breach. After all, they have enormous budgets, sophisticated systems, and highly trained staff.

The data on these matters, however, show it is highly unlikely someone will hack a system and directly steal money electronically from a bank or brokerage firm account. What is far more likely is you will be duped into executing a bogus transaction or providing access to nefarious people who will execute a bogus transaction. The victim of a cybercrime is often the weakest link in the security chain because convenience is put ahead of security.

The victim of a cybercrime is often the weakest link in the security chain because convenience is put ahead of security.

We learned recently of a case in which a homebuyer was contacted via email with instructions to wire money for the closing on the property. She followed the instructions, presented the request to her bank, and funds were wired. Unfortunately, the woman had wired money to a crook posing as the closing agent.

The bank simply responded to what looked like a legitimate request and the actual closing agent, realtor, title agency, and attorneys had no clue this was happening because all the communication came via email. (Note: our firm will NOT facilitate wire transfers to third parties based on an email request.)

People often weaken security in order to make things quicker or more convenient. And email can be very convenient.

These things don’t just happen to individuals either. Emails from various imposters have resulted in the improper wiring of over $2 billion from corporations to cyber-thieves. The pervasiveness of these duping incidents is so high the generation most likely to be fooled are not the elderly but Millennials. See “Surprise! Millennials More Likely to Be Scam Victims Than Boomers.”

 

Protect yourself from cybercrimes

In July, we learned a house was robbed in the Suntree area of Melbourne. Why was it chosen by the thieves? The leading theory from the police is simply because the house was the only one on the block without an alarm.

Most thieves prefer an easy target to a challenging one. Thus, the harder you work to make yourself a challenging target, the better your odds are of NOT becoming a victim.

The three areas experts most often say require attention are:

  • Protecting your credit
  • Limiting access to your personal information
  • Limiting access to your computer, tablets, phones, and other devices

 

Protecting your credit

Once cyber thieves steal your data, they typically sell your personal information like Social Security and account numbers to criminals who then open credit accounts in your name, tap the credit and disappear.

Perhaps the best way to prevent this is to freeze your credit. This prevents anyone, including you, from opening new credit accounts. Once frozen, you use a PIN to unfreeze your credit when you are ready to open a new account. There is a nominal fee which varies by state but typically runs around $10 to freeze or unfreeze.

We wrote about freezes in the “Scams: Be smart, not fearful” portion of our January newsletter post. It included links to the various credit bureaus. We also liked the Federal Trade Commission’s page of Frequently Asked Questions about credit freezes.

 

Limiting access to your personal information

Create and use strong passwords for your computer and online accounts. Where possible, use at least eight characters with a mix of upper and lower case letters, numbers and symbols. It is recommended you use different passwords for different sites and change them regularly. See our post How To Prevent Identity Theft for more on how to create and manage strong passwords and this PC Magazine post of reviews for password manager programs.

If offered, set up “two-step,” “dual factor,” or “two-factor” authentication. This type of authentication involves providing a second point of identification beyond the typical user name and password structure. A hacker who steals your password won’t be able to get into your account unless he also has the second point of identification.

The most common form involves providing answers to security questions you select. An easy way to make security questions even more effective is to not answer the security questions truthfully. For instance, if asked for your mother’s maiden name, answer with your uncle’s first name or even a random word that you will remember. It is harder for someone to figure out your wrong answer than your correct answer.

Gmail, Hotmail, Yahoo and AOL all offer the enhanced level of security additional authentication provides. You may also set up dual-factor authentication on your client portal at our firm by emailing Tommy Lucas at [email protected]/ or calling him at extension 116.

Beware of public Wi-Fi. The best practice is avoid logging in to any Wi-Fi that you do not know to be secure. You are likely better off using your cellular network. If a network doesn’t require a WPA or WPA2 password, it’s probably not secure. The Federal Trade Commission (FTC) website has some good tips on using public Wi-Fi.

Beware of phishing scams. If you have ever received an email asking you to verify your account information from an institution you do not do business with, you have seen a phishing incident first hand. Don’t take the bait. “Phishing” is basically an attempt to lure you into sharing personal information, open a dangerous email attachment, or click on a malicious web link. The attempts commonly take the form of emails with urgent warnings about your financial information, fake delivery notices or invoices, fake voice mail, fax attachments, security alerts that pop up while you are browsing on the internet, or calls from a technician who “noticed an issue” or other such notice about your computer.

No bank, brokerage, or governmental agency will email or call you to verify a Social Security or account number. Don’t give confidential information or access to your computer to strangers.

No bank, brokerage, or governmental agency will email or call you to verify a Social Security or account number. Don’t give confidential information or access to your computer to strangers.

Back up your data regularly. One result of phishing ploys is to install “ransomware” on your computer. The criminals hold your data hostage until you pay them to release your data. A good backup system often helps restore your devices and data to a prior, ransomware free condition. It may also save your favorite files like photos in the event of a hardware failure.

Do not include personal information in email. This includes full account numbers, social security numbers, copies of tax returns, or passwords. To send documents to us, use your client portal. If you can email, you can upload to the portal. Hopefully, others you share documents with such as tax or legal professionals use some sort of secure file-sharing service. Password-protecting an attachment is better than nothing but not as safe as using a secure portal.

Be smart on social media. Be discrete about posting personal information and review your privacy settings. Permanently delete read emails regularly. Delete emails in your “deleted items” or “trash” folder. We are required by securities regulations to archive business related emails to or from you, so if needed, we can retrieve copies for you.

Shred your paper records. If you don’t have a shredder, feel free to bring documents to either of our offices and we will shred them for you. We keep copies of most documents we collect or are distributed to you through our work. This article about what to keep and for how long explains the basics for many types of documents.

 

Protecting your computer, tablets, phones and other devices

Put a good password on your device. With no password, all a criminal has to do is grab your device to easily find valuable personal information. When not using the device, shut it off or at least log-out.

Keep your operating system up-to-date. You can set up your devices to do this automatically. These updates can be annoying, but update anyway. Many involve security patches.

Choose a more secure browser. Microsoft’s Internet Explorer has long been considered the browser with weakest security features among the most popular browsers. Chrome and Firefox still seem to be among the strongest.

Limit external device connections. Only connect external devices such as an external hard drive, disk player, or a thumb drive to your device if you trust the party providing the device.

Run a security check/scan on your computer. Delete whatever shouldn’t be on your device.

Disable the preview panel function in Outlook. There have been incidents in which the mere act of previewing an email in Outlook allowed malicious code on a PC even though the email was not actually opened.

Use and keep up-to-date anti-virus software. PC Magazine has reviews of security apps for android phones and of anti-virus software for computers. Macs, iPhones, and iPads are generally considered safer but they are not perfect. You will find several well-known security apps in the iTunes app store.

Use a firewall and password with your home internet and Wi-Fi connection. Failure to do this makes your home’s connection even more vulnerable than the public Wi-Fi we warned of above.

Assess Your Security. We’ve covered quite a bit in this post but to go deeper, we believe this post has many helpful ideas and can act as a checklist for assessing the state of your security.

Hire someone to perform these tasks for you. Best Buy’s Geek Squad will come to your house or you can take your computer to a Staples or Office Max and they’ll set you up. Or try other reputable IT professionals to secure your Internet connection and Wi-Fi.

 

Bottom Line:

We work hard to protect your money and your information but you need to be diligent and proactive as well. No one can guarantee that any of us are 100% safe from cyber and identity related crimes but we can make ourselves less of a target and make the bad guy’s attempts more difficult. The more diligent you are about security, the safer your financial condition will be.

 

 

 

 Contact Us

Moisand Fitzgerald Tamayo, LLC is an Orlando, Tampa and Melbourne, Florida based fee-only financial planner serving central Florida and clients across the country. Moisand Fitzgerald Tamayo, LLC specializes in providing objective financial planning, retirement planning, and investment management to help clients build, manage, grow, and protect their assets through all phases of one’s life and the many transitions in between. If you have any questions or would like to discuss anything further, please give us a call or send us a note. If you are not a client and wish to receive emails notifying you of new posts – no more than once per month – fill out the subscription information in the sidebar to the right. For more frequent updates, follow us on FacebookLinkedIn, or Twitter.  

Important Additional Information & Disclosures

Please remember that past performance may not be indicative of future results.  Different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment, investment strategy, or product (including the investments and/or investment strategies recommended or undertaken by Moisand Fitzgerald Tamayo, LLC-“MFT”), or any non-investment related content, made reference to directly or indirectly in this blog will be profitable, equal any corresponding indicated historical performance level(s), be suitable for your portfolio or individual situation, or prove successful. 

Due to various factors, including changing market conditions and/or applicable laws, the content may no longer be reflective of current opinions or positions.  Moreover, you should not assume that any discussion or information contained in this blog serves as the receipt of, or as a substitute for, personalized investment advice from MFT. 

Please remember that if you are a MFT client, it remains your responsibility to advise MFT, in writing, if there are any changes in your personal/financial situation or investment objectives for the purpose of reviewing/evaluating/revising our previous recommendations and/or services, or if you would like to impose, add, or to modify any reasonable restrictions to our investment advisory services. To the extent that a reader has any questions regarding the applicability of any specific issue discussed above to his/her individual situation, he/she is encouraged to consult with the professional advisor of his/her choosing. MFT is neither a law firm nor a certified public accounting firm and no portion of the blog content should be construed as legal or accounting advice. Tax advice is given only to clients and only when agreed to by MFT. A copy of the MFT’s current written disclosure Brochure discussing our advisory services and fees is available for review upon request.

Please Note: MFT does not make any representations or warranties as to the accuracy, timeliness, suitability, completeness, or relevance of any information prepared by any unaffiliated third party, whether linked to MFT’s web site or blog or incorporated herein, and takes no responsibility for any such content. All such information is provided solely for convenience purposes only and all users thereof should be guided accordingly.

Please Note: Limitations:  While MFT does NOT pay for recognition, awards, or publicity, neither rankings and/or recognition by unaffiliated rating services, publications, or other organizations, nor the achievement of any designation or certification, should be construed by a client or prospective client as a guarantee that he/she will experience a certain level of results if MFT is engaged, or continues to be engaged, to provide investment advisory services. Rankings published by magazines, and others, generally base their selections exclusively on information prepared and/or submitted by the recognized adviser. Rankings are generally limited to participating advisers. No ranking or recognition should be construed as a current or past endorsement of MFT by any of its clients.  ANY QUESTIONS: MFT’s Chief Compliance Officer remains available to address any questions regarding rankings and/or recognitions, including providing the criteria used for any reflected ranking.

Historical performance results for investment indices, benchmarks, and/or categories have been provided for general informational/comparison purposes only, and generally do not reflect the deduction of transaction and/or custodial charges, the deduction of an investment management fee, nor the impact of taxes, the incurrence of which would have the effect of decreasing historical performance results.  It should not be assumed that your MFT account holdings correspond directly to any comparative indices or categories. Please Also Note: (1) performance results do not reflect the impact of taxes; (2) comparative benchmarks/indices may be more or less volatile than your MFT accounts; and, (3) a description of each comparative benchmark/index is available upon request.

 

Posted in News, Commentary & Events

About Dan Moisand

Dan Moisand is a fee-only financial advisor with Moisand Fitzgerald Tamayo, LLC. He is a regular contributor for multiple outlets, including Florida Today, MarketWatch, and The Wall Street Journal. His writing and financial advice have also been featured in Financial Planning, Investment Advisor, Wealth Manager/Advising Boomers, Forbes, Smart Money, and The New York Times, among other publications. He is the only two-time winner of the Journal of Financial Planning’s “Call for Papers” competition and has been named a top financial planner and advisor by multiple publications. Investment News named Dan one of the “twenty most influential men and women” in the history of financial planning. He currently serves on the Board of Directors for the CFP (Certified Financial Planner) Board.

WANT TO KNOW WHEN WE POST NEW MATERIAL?

As a Sanctuary From The Noise®, we only post information we believe timely and important to the long term financial success of our clients. Follow us to receive emails - no more than once a month - about new posts.
!
!
!
Follow Us

We keep your information private and make stopping our emails as easy as starting them.

Something went wrong. Please check your entries and try again.