Cybersecurity: How to Protect Yourself Online

Cybersecurity and protecting yourself online has never been so important. Follow these easy steps to protect your hard-earned money and financial plan.
Cybersecurity: How to Protect Yourself Online

Why is cybersecurity so important?

The internet is fraught with scammers and rip-offs. And since our entire lives live online, it’s more important than ever to learn how to protect yourself.

Cybersecurity 101: Use Complex Passwords

When it comes to playing it safe online (read: best cybersecurity practices), one of the best ways to protect yourself is to make sure you avoid using the same password for every website.

Also, please don’t use “password” as your password! Passwords should be a random string of alphanumeric characters and symbols, such as b0R@m3ir or !@$#!@K$223.

Basically, your password needs to be something someone could never guess.

Since creating and remembering potentially dozens of random passwords is completely impossible for the human brain, you’ll need help to keep track. Fortunately, free password manager widgets are available for your web browser.

Two common managers are LastPass and Dashlane. Both of these password managers run on the “freemium” business model – offering a free base service and an upgraded paid version. For most people, the free version works just fine.

Unfortunately, password managers aren’t foolproof, so you might also consider adding important login credentials to your Letter of Instruction.

Use Anti-Virus Software

The next best step for managing your cybersecurity game is installing a quality anti-virus program. This takes just a few minutes and can be a relatively painless process.

Popular consumer expert Clark Howard suggests a variety of free anti-virus programs on his website. Like the password apps, many anti-virus offerings run on the “freemium model.”

At Define Financial, we use a combination of BitDefender and Avast on our computers.

Keep Your Software Updated

Our next cybersecurity tip comes from Bree Fowler of Consumer Reports. She recommends updating anything and everything on your personal computer. This means updating your:

  • Operating System (OS), be it Windows 10 or whatever large predatory cat Apple is now on
  • Web Browser, be it Chrome, Firefox, or Safari. If you’re using Microsoft Internet Explorer, stop to ask yourself why. Seriously, why are you still using Microsoft Internet Explorer?
  • Your Anti-Virus software

Now that I’ve told you to update your software, you should know many common scams pretend to update your software but, instead, actually infect your computer.

Here’s how you can spot the difference: When you legitimately update your computer’s existing software, you’ll be doing this from within that very software – and not from a pop-up or banner ad you see on a website.

For example, if updating Avast Anti-Virus, open your existing Avast program and select “Update.”


Update your software from within that very same software. Don’t click on random messages you come across online to update your software.

Here’s what you shouldn’t do: You should never click on an online link that says any variation of…..


One red flag of bogus invitations to install nasty stuff on your computer is the severity of any given warning.

The more urgent and perilous the message, the higher the probability it’s a total scam.

One virus circulating the internet right now begins with a prompt to update Adobe Flash. If you think your Adobe software needs updating, go straight to the source, Do not click on anything anywhere else. The same applies to any other software you have that may need updating.

No matter what, go straight to the source!

Enable Two-Factor Authentication (2FA) to Improve Cybersecurity

As a financial planner, I’ve sat through more than one presentation on cybersecurity. One thing I’ve learned is that enabling two-factor authentication is the best way to stop hackers.

With two-factor authentication, you are prompted to enter a one-time passcode each time you log on. This passcode can be delivered via email, as an SMS message (text message) to your phone, or be on a physical or software-based token.

If possible, choose anything except SMS (text message) delivery.

Tech guru Bill Winterberg warns that SMS is the least secure delivery option available. However, 2FA via SMS is better than no 2FA at all.

Always Use a VPN over Public WiFi

Using Public WiFi without a VPN is asking for trouble. (This is such a basic concept that maybe this should be moved to cybersecurity 101!)

Using Public WiFi without a VPN is akin to publicly broadcasting your personal information.

If you log into any account over public WiFi – be it Facebook, your bank, or your email – that information is available for anyone sophisticated enough to see it.

What’s public WiFi? It’s the WiFi at your local coffee shop, hotel, or the airport. If you think you’re safe using WiFi at a conference that’s only accessible via a password, think again.

I’ve gone to more conferences than I can count where WiFi login information – password included – is displayed on tabletops for everyone to see.

If everyone can see the password, what’s the point of having a password!?

Consider this. Would you waltz into a Starbucks and lay out the following for any passer-by to see:

  • Bank Account Statement
  • Investment Account Statement
  • Mortgage Statement
  • Home Address

Basic common sense screams, “No!”

It’s the same for commonsense cybersecurity. Don’t connect to unsecured WiFi.

The secure solution is to use a Virtual Private Network (VPN). A VPN is a piece of software that you install on your computer or mobile device that allows you to use a WiFi connection securely.

Fortunately, password managers like Dashlane now come with a free VPN. You just have to enable it when you want to browse privately.

Another easy solution is to use your mobile phone’s hotspot as long as it has a complex password. This is a private, secure connection and is much safer than using public WiFi.

Beware of Suspicious E-mails

If I had a nickel for every spammy e-mail I’ve received, I could pay someone good money to write this blog post for me. Unfortunately, it doesn’t pay to get spam.

In fact, it’s quite the opposite.

Clicking on spammy e-mails can cost you hard-earned money. So, let’s avoid those spammy e-mails by being familiar with some online spammers – and the tactics they use to trick us.

Legal Documents

If you ever see a notice, or a bill, or a contract from someone unfamiliar, it’s likely garbage. And if you click on it, you’re in for a world of hurt.

So don’t click on strange emails! I don’t think so! I’m not clicking on that email!

One dead giveaway is an official-sounding address from an unrelated URL (or domain).

In the image above, we have “” DocuSign has its own domain (web address). It’s Whoever has control of is trying to pull one over on you.

You can use this same strategy for anything to sniff out things that don’t make sense.

Another good example would be Obviously, PayPal has its own domain. It’s PayPal wouldn’t be sending you an email from or anything.

Ditto for That’s not from eBay. Don’t click on it!

Make sense?

Courier Messages

Even outside of the holiday season, I have received countless spammy e-mail messages about pending or delayed shipments. These have come from “USPS,” “UPS,” and “FedEx.”

Don’t fall for it!

Massive Virus Pretending to Be FedEx

Massive Virus Pretending to Be FedEx

The United States Post Office (USPS) is not in the habit of using email messages or phone calls to communicate shipping exceptions, warns Anthony Giorgianni of Consumer Reports.

Instead, you can expect a notice at your door. If you get a phone call from USPS, it’s likely a scam. The best move is to hang up.

Do not provide these fraudsters with your personal information – as the fraudsters will attempt to glean your birthdate, Social Security number, or other personal information. Scammers use this information to perpetrate identity theft, as well as other crimes. This is another good reason why everyone should learn how to freeze their credit.

Avoid Deals That Sound Too Good to be True

As the old saying goes, if it’s too good to be true, it probably is.

Giorgianni warns of two ways scammers try to separate you from your money. The first warning is for any random website offering a popular product at an insanely low price. When you see this, don’t immediately enter your credit card information.

Your best bet is to Google the site name and the word “scam” to see what the deal is.

If you see a deal that's too good to be true, do your homework!

If you see a deal that’s too good to be true, do your homework!

Craigslist also warns that all transactions made through the website should be done in person. By doing this, you’ll avoid 99 percent of scams on the site.

If you’re holiday shopping on Craigslist, there’s no reason to make an exception to their rule. Run screaming from anyone on Craigslist who insists on paying via a wire transfer without ever meeting in person.

Don’t Email Sensitive Documents with Account or Social Security Numbers

At Define Financial, we use Sharefile to transmit sensitive client information securely.

What counts as sensitive information? It’s anything that contains:

  • Bank account numbers,
  • Investment account numbers,
  • Social Security numbers, and more.

You never want to e-mail anything that has any of the above info. Documents that include the above would be:

  • Bank account statements,
  • Investment account statements,
  • Social Security benefits statements,
  • Tax returns,
  • Credit reports, and more.

Instead of e-mail, upload that information to a secure server, such as Sharefile.

Unfortunately, many people miss the mark on this. I’ve even had tax professionals email documents that contain my Social Security number! What a classic rookie move.

Fortunately for me, my credit is frozen. You’ve likely already had someone make this same mistake with your own sensitive information. It’s one more reason why you want to freeze your credit immediately.

Don’t Give Out Personal Information to Callers

Ok. This tip isn’t specifically related to being online – but it’s a critical tip nonetheless!

What happens if you get a phone call (from the fraud department) asking to verify your personal information?

Hang up! And then, call the number listed on the company’s website (bank, brokerage, etc.). Don’t call the number of the person who calls you!


Remember: Don’t give out your personal information to whoever randomly calls you!

Protect Yourself from Online Scammers

If you’re not actively trying to protect yourself from hackers and scammers, the best time to develop a strategy is now.

Most of the techniques listed above are free and only take a few minutes of effort to employ. Best of all, they help ensure your safety, privacy, and security when shopping online.