Steps to Improving Your Online Account Security
Kathy Longo, CFP®, CAP®, CDFA Tuesday, 16 May 2017
We had no idea that global headlines would be full of stories about on-line threats just days before we published a blog on enhancing cybersecurity! In fact, the ink “dried” on our newest post a few days before the most recent tech scare hit the news. Although the solutions in the following article are not 100% “hacker-proof”, they will offer the best protection from threats like ransomware, malware and identity theft. We hope our blog will help improve your online security.
The first personal computer introduced about 40 years ago filled an entire room, and has now shrunk to the size of something that fits in our back pocket. Just as technology has improved over time, so have the security protocols that are required to help protect us from digital theft. These security protocols that have been written by experts to help protect our critical and private data.
In an increasingly digital and technological world it can be overwhelming to grasp what the best practices are when it comes to ensuring that our data is safe and secure. The best place to begin is to understand where and how data breaches can occur, and then determine the best options to defend yourself from these types of threats.
BETWEEN THE COMPUTER AND THE CHAIR
There is a saying among IT professionals that the main cause for a computer issue is between the computer and the chair…. That means YOU, the user. While this is not a very polite or nice statement, statistics show that the number one risk for security breaches is the user.[i] Having a little bit of knowledge about how to identify potential threats before you fall prey to them is extremely important.
Rule Number One: NEVER provide anyone access to your computer over the phone unless you initiated the request are absolutely certain that they are a registered representative of a licensed IT support team like Apple support, Google or Geeksquad. Even then, it is highly unusual for them to request remote access to your computer.
Rule Number Two: Never provide payment information of any kind to anyone over the phone who is offering to fix your computer speed or remove malware. There are pieces of software that you can buy and install that will assist with this. A good rule of thumb is that if your computer is not working properly, and you don’t know how to fix it yourself, you should take it to a reliable computer repair store and have it serviced.
Rule Number Three: If you don’t know who the email is from, do not open it. If you open an email from someone you don’t know and it looks suspicious, do not click through any links or respond to the email. Keep in mind that we live in a time of online coupons and digital subscriptions, so it is OK to open your Barnes and Noble emails and click through to the coupons. Avoid opening any emails from people or businesses that you don’t know or have never heard of. And, when in doubt, don’t open…delete.
PASSWORD MANAGEMENT & SECURE ACCESS
Did you know that the average American has 130 accounts registered to them? Of those accounts, about 34 of them are password protected. That is quite a lot to remember which makes it not so surprising that people are cutting corners when it comes to the complexity of the passwords they select. This is very poor practice though, since correct password management is critical to online security.
There Are Two Components to Selecting a Password That Will Help Ensure Your Account Security: Complexity and Diversity
- Complexity: Ensure that your password is between 10 and 18 characters and uses a combination of uppercase letters, lowercase letters, numbers and special characters. One example would be YHg3w@x4vn67Tqj*. Though not easy to remember, this is a very good password, for exactly that reason. This likely goes without saying, but do not use the password provided above as your own.
- Diversity: As complicated as it may sound to have an average of 34 different passwords, everyone needs to select a unique password for each account they have. If you choose a complex password and then use the same one across all accounts, then if one account happens to be breached someone has a skeleton key to all your sensitive information.
The best way to store and keep track of your complex and diverse passwords is a password management tool. Most of these tools are cloud-based and many of them don’t charge a fee to keep you organized and protected. With these password management systems, you will have one master password to remember to login to the program, and then the tool will store the rest. Password management tools also work in apps so that, across all your devices, your passwords will auto populate in the sites and applications where you need to login. This ensures that you don’t have to constantly login to the password management system each time you want to login to your Amazon Prime account. If you are interested in finding a password management tool our recommendations are TrueKey, 1Password, LastPass and Dashlane.
A WORD ABOUT TWO-FACTOR AUTHENTICATION
More and more often, membership sites and applications are offering two-factor authentication and we recommend using this option whenever it is available. Typically, it will require setting up a second method of verifying your identity, usually by sending a text or an email. Lately, however, particularly with banks and credit card accounts, the second factor is touch ID. This is a phenomenal second factor since it is fool proof. It takes about two seconds to set up on any device that has a finger print scan. If it is offered by your banking and financial institutions we most definitely recommend using it. There are also tools you can download so that you are in control over the two factor authentication whether the application or member site offers it or not. Two factor authentication protocols increase your online data security exponentially.
DEAR SIR OR MADAME, I AM PHISHING.
There are 4.3 billion global email users and each and every day 269 billion emails are sent.[ii] That is a staggering statistic and is demonstrative of the fact that we are digital communicators. Email is what regular mail used to be…on steroids. But the fact remains that a paper envelop is more secure, in many ways, than an email. At least opening a paper envelope is safer.
Phishing is the practice of sending an email to a group of people or an individual that contains a virus or a link to a virus. Ransomware is one of the most common types of viruses and can be very costly. It traps the information that is stored on your computer and requests payment to unlock the data. They often threaten to delete the data completely if it is not paid in a given amount of time. The best way to defend yourself against these types of data hacks is to lookout for generic email salutations [Dear Sir or Madame], financial information requests, the request to open an attachment from a person or business you don’t know, or personal information requests.
Using the security protocols outlined in this article and maintaining a password protected, two factor-authenticated cloud storage system for your files and data is the best method of storing and protecting your data and keepsakes like pictures and documents. We cannot slow the pace of invention and ingenuity, but we can certainly take the necessary steps to stay ahead of those who may wish to use the power of technology for less than admirable undertakings. By educating yourself and taking the time to implement these suggestions you will be in a better position to protect your online data and have a more enjoyable digital experience.
About the Author
Kathy Longo, CFP®, CAP®, CDFA
Kathy Longo brings over 25 years of expertise and experience to Flourish Wealth Management. Kathy is wholly dedicated to improving the life of each client and finds joy in making complex matters simple and easy to understand. She excels at asking the right questions, uncovering new possibilities and implementing the most advantageous strategies for success. Playing such a pivotal role in her clients’ lives remains an honor and a privilege. After earning a degree in Financial Planning and Counseling from Purdue University, she began her career at a small firm in Palatine, Illinois where she worked directly with clients while learning to build a viable, client-centric business. Over the years, she gained extensive knowledge and wisdom working as a wealth manager, financial planner, firm manager and business owner at notable, various sized companies in both Chicago and Minneapolis.