As a continuation of the Fee-Only Financial Advisor blog sharing group, this month’s post comes to us from Michael Garry, a Financial Advisor in Newtown, PA.
Steps to Protect your Financial Information in an Age of Increased Security Risk
Technology is exponentially expanding and proliferating our personal and professional lives more and more each day. While this brings its advantages and efficiencies, it also opens us up to many kinds of threats to our privacy and security.
Many of us feel overwhelmed about trying to understand all that comes with technology, how we use it and how we can improve our practices to avoid loss of data or exposure to data theft. The first step is to understand the various ways these threats and security breaches can occur.
As technology has advanced over the course of the past 40 years, the computer has shrunk from a machine that took up two rooms to a gadget we can hold in the palm of our hand. Studies have shown that as technology has improved, so have the security protocols for the internet. What this means is that as long as some fairly simple steps are taken to address chinks in your security armor, you will be in a good place to be able to avoid most, if not all digital security risks.
Taking a holistic approach to building a sound security model is the best way to protect yourself.
(check out the “Lifelock Review” here)
WHAT IS A HOLISTIC SECURITY MODEL?
- Identify all potential areas of risk
- Prioritize which risks are most important to mitigate
- Implement solutions that mitigate risk
- Monitor and test the solutions that have been implemented
FIVE STEPS TO IMPLEMENT A HOLISTIC SECURITY MODEL
1. Knowledge is power
The number one risk for increased vulnerability is the user…that means you. Understanding that there are threats to your security and knowing how to identify them before falling prey is extremely important. Gaining knowledge about how to identify suspicious emails and information that is prudent to not provide to anyone over the phone is a good place to start.
One example of this is a frequent phone call that people get regarding the slowness of their computer. Someone will call offering a service to help them improve their computer speed. The caller will ask you to visit a specific website and enter in their computer’s username and password so that they can remote into the computer. By doing this the user has provided the login credentials to their computer as well as complete access to the computer’s data. Also, never click on a link provided in an e-mail. If you are directed to your bank’s website, enter the bank’s website address manually versus following a link. It may be a trick.
2. Physical Security
How secure are you in what you do with your personal computing equipment? Do you have a server for your small business or at home with a locked door? If you carry laptops and tablets, do you keep them in non-descript bags? People are far less likely to go rummaging through a duffle bag for a laptop than they are to quickly swipe a small bag holding only that. Keep your phone in a holster or pocket when not in use. Phones are most often lost or stolen because people have left them on the table at the restaurant or on the counter at the grocery store.
Setup an online tracking device for your phone and tablets. One that works across operating systems and works with phones and tablets is called Prey Anti-theft. You can find your phone or tablet by logging into your account and you can also setup features like allowing the phone to take a picture of the potential thief when they press a button on the phone (not knowing that it would manifest a trigger).
3. Password Management & Secure Access
With the average adult having more than 34 password protected accounts that they are managing, it is no surprise that people are cutting corners when it comes to choosing passwords and ensuring secure access. It is paramount to protecting your information that you remain diligent in your password management.
Many of us are still walking around with very basic passwords. Using combinations of letters, numbers, symbols, and uppercase and lower case letters is highly recommended for password selection. It is also advisable to choose a long password anywhere from 8-16 characters or more. If you have difficulty remembering the passwords you can use pneumonic sentences to help you remember. For example MGmf8c&St41$ (My Grandmother found 8 cats and Sold them for one dollar).
As painful as it may sound, you need a unique password for each and every account that you have. The reason this is important is because if you use the same password, no matter how complex, for every account, then, if someone were to get their hands on that, then they would have a master key to all of your accounts.
What is most helpful in storing these passwords and keeping track of them is a password management tool. There are a lot out there, most of them are cloud based and many of them are free. With password management tools, you only need to remember one master password and the tool will remember the rest. The application will then auto-populate the sites where you login so that you do not have to remember the password all the time or login to the password management system each time. Some tools to consider are Dashlane, LastPass, KeePass and Keeper Security.
4. Utilize two-factor authentication
Always look for options and opportunities to use two-factor authentication. You have to have both something that you know as well as something that you physically have in your possession. Most common is the utilization of a smart phone. You can download a two factor authentication application which will ping your phone with a security code before you are allowed to access the accounts you have setup using the application. These two factor authentication protocols create an exponential increase in the security of your data stored online.
5. Secure email usage
Email is the primary entry point into our lives but email is not a closed envelope. An email is the digital version of a postcard in terms of security and privacy. The largest threat to our email security is the ability for hackers to send emails that we then open and unleash a virus on our computer. The biggest danger with email is something called phishing. This is when someone creates a false front email and then sends it to a group of people or just one individual.
Clicking on a phishing email can open you up to getting a virus. Ransomware is a virus that locks up certain information on your computer and the hacker requires the payment of the ransom in order to unlock the data or they will delete it after a certain period of time. Keep on the lookout for generic email introductions [Dear Sir or Madame], requesting of personal information, requesting an urgent response, requesting a financial transaction, or requesting opening an attachment.
SECURITY AND THE CLOUD
The cloud is actually your data living in servers in a data center. Local infrastructure is the data living in servers at your home or office.
Having your data next to you for security reasons is similar to storing your money under the mattress. Larger servers have much better security protocols than what a cloud provider is capable of having. On premise networks experience 60% security breached versus 27% in the cloud. This is not to say that you don’t want to take precautions when using cloud-based applications for security management.
If you utilize the tips and tricks mentioned above, you will be in a better position when it comes to securing your data. As always, if you have other questions about data security and how to better manage your online accounts, please contact us for additional resources that can help you get organized and plan ahead.
Michael J. Garry, CFP(R), JD/MBA, is the owner of Yardley Wealth Management, LLC, and an independent Financial Advisor who provides Fee-Only financial planning services and investment management in Newtown, PA, and the author of Independent Financial Planning: Your Ultimate Guide to Finding and Choosing the Right Financial Planner