Cyber Security: Out of Your Control - or Not?
Good chance YOU have been a victim of a cyber security attack! When a company gets hacked, you and other customers become the “victims” of the breach. That puts your identity at risk! The FTC estimates 9 million Americans are victims of identity theft each year! What’s the greatest potential for identity theft? On-line shopping! Yikes!
One in 15 consumers had their identity stolen in 2017 and there’s a new victim every 2 seconds, according to Javelin Strategy and Research. The companies that provide you services and goods become the “key” to your private information. But that doesn’t mean you don’t have any control against cyber threats. Here are several proactive steps you can take to strengthen your defense!
Your Team of Advisors
If you’re in the market for an advisor - a financial planner, an accountant, a banker or anything in between - come prepared with questions for the introductory meeting. While you’re sure to ask about the advisor’s expertise and ability to meet your needs, you should also inquire about the firm’s cyber security policies. You’ll be sharing so much personal information with your team of advisors, it’s important to ensure they’re all tough gatekeepers for your precious data. Here are some questions you can ask:
- Has your firm experienced a data breach?
- Do you have a cyber security plan and how do you train your employees to implement it?
- How do you protect my personal information?
- Do you run vulnerability scans?
- Have you evaluated the security of the custodians and software(s) you use?
Passwords: Strength in Phrases
One element of cyber security you have complete control over is password-making. You’ve probably been told to throw together random letters, numbers, and special characters to create a secure password. However, these passwords are difficult to memorize and track across multiple accounts.
Security experts have recently changed course on what constitutes smart password practices. They are now calling for passphrases, meaning a multi-word phrase such as “CaringSilkZebraFlagSticker.” When compared to randomized passwords, passphrases are easier to remember and more difficult for computers to guess.
Another layer of security that’s popping up more and more is two-factor authentication. This method of cyber security requires a user to input the correct password as well as an additional verification. This is typically a temporary numerical passcode sent by the organization via text message or email. The 2018 Global Password Security Report found that only 45 percent of organizations are currently using two-factor authentication.
If you have the opportunity to opt into dual authentication you should make the jump. It works! Just last week I was able to stop someone from logging into my personal email account by denying the two-factor request!
Email: How Secure Is It?
So much information passes through email these days and it’s easy to become complacent about using it to transfer our personal information. Sometimes we’re our own worst enemies! When you send an email, your message travels across various servers and networks until it arrives in your recipient’s inbox. While in transit, your message is vulnerable to being intercepted by hackers. Encryption can ensure your message makes it from Point A to Point B without being read by outside parties.
If you don’t have encryption software, you should use extra caution when communicating via email. As a best practice, don’t send log-in credentials, tax returns, credit card information, account statements, and other confidential information over email. The preferred method of delivery for these items should be through a secure portal or vault.
If your advisor doesn’t use a vault, consider password-protecting the document before emailing it. Then, share the password by calling the recipient. Don’t send the password in the body of the email. That defeats the purpose!
My Recent Experience
A few weeks ago, I received what I thought was a random piece of mail from an online retailer I purchased from over a year ago. To my surprise, the company was alerting me that my personal information may have been compromised in a hack. And they’d known about it for four months prior to contacting me!
Interactions like this can really break your trust in a company and sour a relationship. To make matters worse, this was their second data breach in thirteen months! Had I done my due diligence on the company prior to buying from them, I may have been able to avoid this issue. You can bet I won’t be ordering from them again!
You can’t control how others take care of your personal information, but you do have a say in which companies you engage with and how you protect your own data. Take control: Reset your passwords to use passphrases, use two-factor authentication when possible, perform due diligence on the cyber security practices of your trusted advisors as well as companies you deal with, and be careful what you send over email!