Why is cybersecurity so important?
The internet is fraught with scammers and rip-offs. And since our entire lives live online, it’s more important than ever to learn how to protect yourself.[toc]
Cybersecurity 101: Use Complex Passwords
When it comes to playing it safe online (read: best cybersecurity practices), one of the best ways to protect yourself is to make sure you avoid using the same password for every website.
Also, please don’t use “password” as your password! Passwords should be a random string of alpha-numeric characters and symbols, such as b0R@m3ir or !@$#!@K$223.
Basically, your password needs to be something someone could never guess.
Since creating and remembering potentially dozens of random passwords is completely impossible for the human brain, you’ll need help to keep track. Fortunately, free password manager widgets are available for your web browser.
Two common managers are LastPass and Dashlane. Both of these password managers run on the “freemium” business model – offering a free base service as well as an upgraded paid version. For most people, the free version works just fine.
Unfortunately, no password manager is foolproof.
Speaking from experience, both LastPass and Dashlane are imperfect. They may sometimes not save a new password or new login information. Still, the software is much better than the dangerous alternative of using the same password for every site.
Use Anti-Virus Software
The next best step for managing your cybersecurity game is installing a quality anti-virus program. This takes just a few minutes and can be a relatively painless process.
Popular consumer expert Clark Howard suggests a variety of free anti-virus programs on his website. Like the password apps, many anti-virus offerings run on the “freemium model.”
At Define Financial, we use a combination of BitDefender and Avast on our computers.
Keep Your Software Updated
Our next cybersecurity tip comes from Bree Fowler of Consumer Reports. She recommends updating anything and everything on your personal computer. This means updating your:
- Operating System (OS), be it Windows 10 or whatever large predatory cat Apple is now on
- Web Browser, be it Chrome, Firefox, or Safari. If you’re using Microsoft Internet Explorer, stop to ask yourself why. Seriously, why are you still using Microsoft Internet Explorer?
- Your Anti-Virus software
Now that I’ve told you to update your software, you should know there are many common scams that pretend to update your software but actually end up infecting your computer.
Here’s how you can spot the difference: When you are legitimately updating your computer’s existing software, you’ll be doing this from within that very software – and not from a pop-up or banner ad you see on a website.
For example, if updating Avast Anti-Virus, open your existing Avast program and select “Update.”
Here’s what you shouldn’t do: You should never click on an online link that says any variation of…..
URGENT: YOUR SOFTWARE IS DANGEROUSLY OUT OF DATE. CLICK TO INSTANTLY UPDATE MEOW!
One red flag of bogus invitations to install nasty stuff on your computer is the severity of any given warning.
The more urgent and perilous the message, the higher probability it’s a total scam.
One virus circulating the internet right now begins with a prompt to update Adobe Flash. If you think your Adobe software needs updating, go straight to the source, www.Adobe.com. Do not click on anything anywhere else. The same applies for any other software you have that may need updating.
No matter what, go straight to the source!
Enable Two-Factor Authentication (2FA) to Improve Cybersecurity
As a financial planner, I’ve sat through more than one presentation on cybersecurity. One thing I’ve learned is that enabling two-factor authentication is the best way to stop hackers.
With two-factor authentication, you are prompted to enter a one-time passcode each time you log on. This passcode can be delivered via email, as an SMS message (text message) to your phone, or be on a physical or software-based token.
If possible, choose anything except SMS (text message) delivery.
Tech guru Bill Winterberg warns that SMS is the least secure delivery option available. However, 2FA via SMS is better than no 2FA at all.
Always Use a VPN over Public WiFi
Using Public WiFi without a VPN is asking for trouble. (This is such a basic concept, that maybe this should be moved to cybersecurity 101!)
Using Public WiFi without a VPN is akin to publicly broadcasting your personal information.
If you log into any account over public WiFi – be it Facebook, your bank, or your email – that information is available for anyone sophisticated enough to see it.
What’s public WiFi? It’s the WiFi at your local coffee shop, hotel, or the airport. If you think you’re safe using WiFi at a conference that’s only accessible via a password, think again.
I’ve gone to more conferences than I can count where WiFi login information – password included – is displayed on tabletops for everyone to see.
If everyone can see the password, what’s the point of having a password!?
Consider this. Would you waltz into a Starbucks and layout the following for any passer-by to see:
- Bank Account Statement
- Investment Account Statement
- Mortgage Statement
- Home Address
Basic common sense screams, “No!”
It’s the same for commonsense cybersecurity. Don’t connect to unsecured WiFi.
The secure solution is to use a Virtual Private Network (VPN). A VPN is a piece of software that you install on your computer or mobile device that allows you to use a WiFi connection securely.
Fortunately, password managers like Dashlane now come with a free VPN. You just have to enable it when you want to browse privately.
Another easy solution is to use your mobile phone’s hotspot as long as it has a complex password. This is a private, secure connection and is much safer than using public WiFi.
Beware of Suspicious E-mails
If I had a nickel for every spammy e-mail I’ve received, I could pay someone good money to write this blog post for me. Unfortunately, it doesn’t pay to get spam.
In fact, it’s quite the opposite.
Clicking on spammy e-mails can cost you hard earned money. So, let’s avoid those spammy e-mails by being familiar with some online spammers – and the tactics they use to trick us.
If you ever see a notice, or a bill, or a contract from someone unfamiliar, it’s likely garbage. And if you click on it, you’re in for a world of hurt.
So don’t click on strange emails!
One dead give away is an official-sounding address from an unrelated URL (or domain).
In the image above, we have “email@example.com.” DocuSign has its own domain (web address). It’s DocuSign.com. Whoever has control of vsimportservices.com is trying to pull one over on you.
You can use this same strategy for anything to sniff out things that don’t make sense.
Another good example would be PayPal@Garbagecan.com. Obviously, PayPal has its own domain. It’s PayPal.com. PayPal wouldn’t be sending you an email from GarbageCan.com or anything.
Ditto for eBay@UnrelatedThing.com. That’s not from eBay. Don’t click on it!
Even outside of the holiday season, I have received countless spammy e-mail messages about pending or delayed shipments. These have come from “USPS,” “UPS,” and “FedEx.”
Don’t fall for it!
The United States Post Office (USPS) is not in the habit of using email messages or phone calls to communicate shipping exceptions, warns Anthony Giorgianni of Consumer Reports.
Instead, you can expect a notice at your door. If you get a phone call from USPS, it’s likely a scam. The best move is to hang up.
Do not provide these fraudsters with your personal information – as the fraudsters will attempt to glean your birthdate, Social Security number, or other personal information. Scammers use this information to perpetrate identity theft, as well as other crimes. (This is another good reason why it’s always good to freeze your credit report, too.)
Avoid Deals that Sound Too Good to be True
As the old saying goes, if it’s too good to be true, it probably is.
Giorgianni warns of two ways scammers try to separate you from your money. The first warning is for any random website offering a popular product at an insanely low-price. When you see this, don’t immediately enter your credit card information.
Your best bet is to Google the site name and the word “scam” to see what the deal is.
Craigslist also warns that all transactions made through the website should be done in-person. By doing this, you’ll avoid 99 percent of scams on the site.
If you’re holiday shopping on Craigslist, there’s no reason to make an exception to their rule. Run screaming from anyone on Craigslist that insists on paying via a wire transfer without ever meeting in person.
Don’t Email Sensitive Documents with Account or Social Security Numbers
At Define Financial, we use Sharefile to securely transmit sensitive client information.
What counts as sensitive information? It’s anything that contains:
- Bank account numbers,
- Investment accounts numbers,
- Social Security numbers, and more.
You never want to e-mail anything that has any of that above info. Documents that include the above would be:
- Bank account statements,
- Investment account statements,
- Social Security benefits statements,
- Tax returns,
- Credit reports, and more.
Instead of e-mail, upload that information to a secure server, such as Sharefile.
Unfortunately, many people miss the mark on this. I’ve even had tax professionals email documents that contain my Social Security number! What a classic rookie move.
Fortunately for me, my credit is frozen. You’ve likely already had someone make this same mistake with your own sensitive information. It’s one more reason why you want to freeze your credit immediately.
Don’t Give Out Personal Information to Callers
Ok. This tip isn’t specifically related to being online – but it’s a critical tip nonetheless!
Get a phone call (from the fraud department) asking to verify your personal information?
Hang up – and then call the number listed on the company’s website (bank, brokerage, etc.). Don’t call the number of the person who calls you!
Remember: Don’t give out your personal information to whoever randomly calls you!
Protect Yourself from Online Scammers
If you’re not actively trying to protect yourself from hackers and scammers, the best time to come up with a strategy is now.
Most of the techniques listed above are free and only take a few minutes of effort to employ. Best of all, they help ensure your safety, privacy, and security when shopping online.