Cybersecurity Spring Cleaning for Your Finances
When’s the last time you brushed up on your financial security habits? According to the UN, digital theft impacts up to 17% of the global population (mostly due to security breaches at large companies), and McAfee estimates that the annual cost of cybercrime is $500 billion per year. The exact numbers are difficult to pin down because cybercrime evolves and changes constantly, which means it is critically important to make sure your cybersecurity habits stay up to date. The best offense is a good defense when it comes to the safety of your financial and non-financial accounts.
We emphasize password security because it is critical—but it is so tempting to let good habits slide. It is not enough to use variations of the same password. If it is easy for you to remember, it’s easy for a hacker to figure out. Just think about how many accounts you have online—email, banking, investments, online retailers that may have your credit card information saved by default—and you see how important it is to safeguard every account.
Never reuse passwords, and be sure to use long, complex passwords that are tough to guess. The latest recommendation is to use “passphrases” like “MYTeam@HalpernFinancial1sTrulyAmazing” (for example) because these types of phrases are easier to remember and the length makes them tougher to crack.
Of course, if you have a lot of passwords (as most people do), it is almost impossible to remember them. Do not be tempted to reuse passwords. Instead, use one of the following solutions:
- Use a password manager software. A password manager means you only need to remember one password to unlock all of your passwords. There are a number of these programs, and each has different features, such as generating secure passwords, syncing across devices, and alerting users immediately to any password breaches.
- Never store passwords in a plain text document like a Word document or Excel. If you prefer not to use a password manager, you can use a locked note on an iPhone or iPad to store passwords.
- A plain old paper list is also a secure way to store passwords because it cannot be digitally hacked (as long as you do not leave the list lying around the house for anyone to see). However, keeping track of passwords this way is labor-intensive and can make it tempting to fall back on passwords that are too simple to be truly secure.
- Do not use the password saving feature in your Internet browser. Anyone who gains access to your computer or your phone will have access to everything!
- Use two-factor authentication wherever possible (especially for email and financial accounts). This is an extra layer of protection used to ensure the security of online accounts beyond just a username and password. Whenever you log into an account from a new device, two-factor authentication will confirm your identity by sending a code to your phone or other device.
- And of course, never use any password on the annual “100 Worst Passwords” list! (“123456” was the #1 worst password of 2018.)
Be Cautious When You Click
You probably know about phishing, a common digital crime where fraudsters attempt to trick you into providing sensitive information via a link in your email. But did you know about vishing (voice phishing over the phone) and SMShing (phishing over text)? Whatever the medium, never give out your login information or financial information to someone who contacts you unsolicited.
Before you click a link in an email, be sure to hover over the link with your mouse to ensure it goes to the URL it claims.
You can even “hover” over links on mobile devices by holding down on the link (as opposed to tapping) but you need to be very cautious not to accidentally click! When in doubt, don’t click.
If you are not sure whether an email is legitimate or not, go directly to the company’s website (do not click anything in the questionable email) and contact customer service to confirm its legitimacy.
Protect Your Credit
Freeze Your Credit Report (and Your Children’s Credit Reports!)
Unfortunately, 143 million Americans’ personal information was exposed in the 2017 Equifax security breach. As a result of that breach, now it is free to freeze your credit report at all the major bureaus.
Freezing your credit report means that no one can access it fraudulently—but when you do have a legitimate need to use your own credit history, you will have to unfreeze it (for example, when you get a new credit card or loan of any kind). You will have to find out which credit bureau your lender uses, and unfreeze your report with that bureau so they can access it to verify your creditworthiness.
Make sure not to lose your PIN—you will need it when you want to unfreeze your credit.
Freeze your credit at:
Unfortunately, criminals may target minors’ credit information because typically they are a fresh slate with no negative credit events. We highly recommend freezing your children’s credit reports as well. (Make sure not to lose the PIN!)
Here’s how to contact each credit bureau about children’s credit files:
Check Your Credit Report Annually
Every year, you are entitled to a free credit report from each bureau. In the past, the best practice was to check your annual report from just the big 3 credit bureaus: Experian, Transunion and Equifax. However, these are not the only credit bureaus—they’re just the biggest. Now, more and more experts are recommending that consumers keep tabs on the Innovis credit report as well. Companies you interact with may use the Innovis report for identity verification or fraud prevention. When you receive your credit reports, make sure all your personal and account information is correct.
Check your credit report for the 3 major bureaus annually here:
- AnnualCreditReport.com: The government-mandated source for credit reports from Transunion, Equifax and Experian
- Innovis Free Credit Report
Don’t Rely Only on Credit Monitoring Services
Credit monitoring services like Lifelock will alert you to changes in your credit history so you do not need to pore through your credit reports with the major bureaus each year. If a security breach occurs at a major company, they may offer credit monitoring services for free (as was the case with the recent Experian security breach).
Note that credit monitoring will not protect you from criminals opening fraudulent accounts. It will alert you to any activity on your credit report. The credit monitoring company will also help you to scrub fraudulent information from your credit reports. Freezing your credit is the only way to prevent access to your credit report, but of course freezing your credit means you need to take the extra step to "un-freeze" your report when you need it for a legitimate reason.
The unfortunate reality is that once your personal information is out there, it’s out there. The best you can do is be vigilant and try to block future attacks on your credit score and identity. In the 21st century, monitoring your credit activity and guarding your private information is akin to previous generations guarding valuables in a safe deposit box at the bank.
Want even more financial cybersecurity advice?
Download the checklist from Retired FBI Special Agent Jeff Lanza