If you need a good scare to get ready for Halloween, try this: key the words “latest cybersecurity threats” into your search engine and see how many hits you get. It shouldn’t surprise anyone to learn that hackers are out there, every minute of every day, figuring out new ways to attack the websites that we all depend on to conduct our daily financial business.
But just in case you needed a little additional proof, consider this: In 2022, the FBI received more than 800,000 cybercrime-related complaints, representing financial losses exceeding $10 billion. For those of you keeping score at home, that’s just under 2,200 cybercrimes per day. In other words, just because you haven’t given much thought to your online security lately doesn’t mean the cybercriminals have taken a vacation.
Now, this doesn’t mean you should unplug your computer and swear off credit cards (although limiting your credit card debt is usually a good idea—but that’s a topic for a different article). The fact is that in this digital age, there’s not much of any way to avoid transacting business online. But that doesn’t mean that you can’t be smart about how you do your online transactions. Here are a few guidelines that can go a long way toward keeping you—and your finances—safer from online predators.
- Keep important personal information out of email. Sure, it’s easy to just email your Social Security number, driver’s license number, or life insurance policy number to your agent, your banker, your CPA, or a prospective employer—but don’t do it! Most email is not encrypted, and hackers can scoop your data. Many banks, investment companies, accounting firms, and other entities that deal with clients’ or customers’ financial data offer a secure site for communicating or uploading sensitive data. Failing that, either fax it (to a carefully confirmed number that is attended to avoid prying eyes) or mail hard copies. For extra security with surface mail, use a trackable method like US Postal Service Priority Mail, FedEx, or some other service.
- Keep an eye on your accounts. Most banks and credit card companies have greatly improved their fraud monitoring and alerting capabilities, but that shouldn’t relieve you from reviewing your account statements on a regular basis. Look for charges or payees you don’t recognize. Even a small charge of less than a dollar can signal that an identity thief has your number and is checking to see if it works. Chances are, the next charge won’t be so small.
- Let’s talk about passwords. Yes, we all know what a pain it is to change a password that we’ve finally managed to memorize. But hackers use powerful programs that can crack passwords, and your best defense is to always present a moving target. Handy apps like Dashlane, Keeper, 1Password, and others can help you keep track of everything (Pro tip: you also need to periodically change the password for your password manager app, unless you have an app that uses the increasingly popular—and secure—biometric login method, synchronized with your face, thumbprint, or some other personal characteristic.) We’ve all heard the cautionary tales about how certain high-profile accounts were hacked because the account owners used easily-guessed passwords like—well, “password”—or “12345.” You’d think people would learn, but year after year, “password” and “12345” show up in annual listings of “worst passwords.” Furthermore, it’s not enough to alter or add one or two letters to numbers in order to increase password security: hackers are long accustomed to trying “passw0rd,” “p@ssword,” and even “password1.” Patterns generated by your keyboard should also be avoided. “Qwerty,” the first six keys from left to right on the top alpha row of a standard keyboard, is on the “Hacker’s Greatest Hits” list, as is “zaq1zaq1” (what you get when you key the far left column of characters). And don’t even think about using words like “login,” “admin,” or “welcome.” Similarly, your name and the names of your family members—or alphanumeric variants on them—are password no-nos. If you don’t relish the idea of trying to compose your own strong passwords, consider using a random password generator, like the one that comes with the Safari web browser that is standard on Macintosh computers or the one available in the Google app. In many cases, these randomly generated passwords can be synchronized across your various devices. Others favor programs that allow them to keep their different passwords in an encrypted—password-protected—“virtual vault,” usually on a handheld device, for easy reference when accessing various secure websites (this also helps to alleviate frustrating memory lapses and the frequent need to reset login information). The important thing to remember, cyber-security experts say, is that a password need not necessarily be random in order to be secure; it just needs to be sufficiently complex (with enough digits, letters, or special characters), and it needs to be hard for anyone but the user to guess. Also, for maximum security online, you should avoid re-using passwords or using the same password for different accounts. Finally, many sensitive sites use two-factor authentication that requires a code or other input sent from the site to a device such as a mobile phone. Two-factor authentication is a powerful deterrent to would-be hackers—as long as you keep your mobile phone securely in your possession.
- Are you sure you want to click that link? An innocent-looking link in an email or Facebook post—even if it’s from someone whose name you recognize—can lead down a rabbit hole toward a world of hurt. If the email is mostly blank except for the link, don’t click it. If it’s telling you about a prize you’ve won and all you need to do is click to claim it, don’t click it. If something looks odd—for example, the name of the sender is familiar but the email address isn’t—don’t click it. The same goes for many pop-up windows on web pages. Be careful where you click, and you’ll avoid tons of digital heartache. When in doubt, trash it.
At Aspen Wealth Management, we want our clients to have all the information we can provide to help them build sound financial plans. That includes providing practical information to help them stay safe online. To get concise, convenient updates on financial topics that matter to you, why not subscribe to “Purposeful Planning,” our Alexa skill?