Cyber crime is proliferating; investment accounts are a big target. You can enhance your defenses with these best practices.
By Russ Hill CFP®, AIFA® from Halbert Hargrove Global Advisors LLC | December 2015
As a fiduciary and wealth manager, a critical part of our firm’s role is to help clients manage their financial risks. This encompasses far more than market risk: Theft is a major consideration. That’s why we have in-depth conversations with every Halbert Hargrove client about what they need to do to protect their personal and financial information to keep their accounts safe.
Cyber hacks, identity theft, data breaches, email scams, viruses, malware—they’re all happening 24/7. Today’s sophisticated technology presents massive opportunities for cyber criminals. As we repeatedly caution our clients, protecting wealth is a never-ending pursuit. Most investment organizations work hard to remain on top of the latest security software, hardware and processes, but clients must remain vigilant as well.
The 10 practices below summarize the most important measures we urge clients to take.
1. Use strong, complex, frequently replaced passwords—and use multi-factor ID whenever possible. If you want to make it virtually impossible for hackers to compromise your devices and privacy, your password configurations are a major defense. Passwords should be as obscure as possible, making use of nonsensical combinations of symbols, numbers, and upper-and-lower-case numbers. Change them frequently, switch them up, and consider using a secure password manager application to help you manage them.
Critically, multi-factor authentication can provide a pivotal additional layer of security. This means relying on a two-step verification process to protect what’s yours. Multi-factor authentication can come in many forms, such as your fingerprint on your smart phone, a security “dongle,” or a second passcode generated by a separate device like your mobile phone. Major Internet sites—Facebook, Google+, and PayPal to name a few—offer this added security. Upon request, some financial institutions will provide you with a “security token” that generates a code that you must enter in order to access your bank or investment account.
And make sure all devices where you store data are encrypted—including laptops, smart phones, and tablets.
2. Stay alert to intruders while on the Internet or when opening emails or downloading files. It’s like driving a car: Defensive driving can prevent mishaps. Don’t respond to emails that look suspicious. A fraudulent sender’s location is a dead giveaway; other tells can be more subtle. Never enter personal information on websites you don’t absolutely trust. Make sure that any payments made are on a https:// secure site. Never download pirated software (you can be sure it carries malware!). If in doubt, don’t click on it.
3. Use antivirus software and firewalls on your personal devices. There are a number of nimble antivirus programs on the market. Some are free, some you can utilize via low-cost subscription. Even if your device runs a tad slower, it’s well worth a few seconds’ wait. And firewalls are fundamental to the security of every device that connects you with the wider world.
4. Require verbal confirmation of financial transfers from your accounts. If you work with a financial advisor or broker, make sure that any emailed requests for transfers of your funds to an outside institution require a verbal confirmation.
An all-too-common scenario: A hacker obtains private account information, hacks into an email account, and sends a request for a transfer of funds to an outside account. In this case, working with someone who knows you—and recognizes your voice in a follow-up phone call—can make all the difference.
5. Use Wi-Fi with care. When using Wi-Fi hotspots, can you trust the host? Hackers are known to park in public places, hosting “public” Wi-Fi with an innocuous-sounding moniker. If you travel frequently and don’t have a Virtual Private Network (VPN) provided by your company, you may want to consider subscribing to a reputable VPN service provider. And make sure your home Wi-Fi is password-protected.
6. Password-protect sensitive documents sent via email. If you’re sending an email that contains sensitive information like Social Security and account numbers, you can protect those documents with a password. It’s surprisingly easy to train yourself on this—give yourself five minutes—whether you’re sending a Word doc or a pdf.
7. Keep your operating systems up to date on all computers and mobile devices. When you use newer OS versions, you’ll receive far more security patches to stay current with the most robust security measures. You should also consider updating your browser settings to block cookies and other files that store your user data.
8. Be thoughtful about what you share on social media. Exclude personal information like your phone number, address, upcoming vacations. If you use Facebook or other major social media sites, make sure your settings are “Friends Only.” Review the privacy policies of all these sites and make sure you’re comfortable with them. Periodically audit any third-party applications you’ve authorized to connect to your social media profiles (such as OpenTable and Instagram); disable those you don’t use.
9. Keep a close eye on your financial statements. If someone is siphoning an account, the sooner you find out about it, the better. This includes statements from banks, credit cards or other lenders, and investment organizations.
10. Wipe clean any devices you’re getting rid of … and always shred your sensitive paper documents. Don’t overlook 20th Century criminal tactics. When selling or disposing of old devices, erase all your personal data. And remember: Unshredded sensitive documents sitting in a can by the street are the ultimate in easy access.
Think of these practices as 10 habits of highly secure people. There’s definitely time and diligence involved in reducing your vulnerability to cyber (and sidewalk) crime. Todays’ hackers can be spectacularly cunning—but you can be spectacularly disciplined. The ounces of prevention are well worth the peace of mind.
Russ Hill CFP®, AIFA® is CEO and Chairman of Halbert Hargrove, based in Long Beach, CA. Russ specializes in investing, financial planning and longevity-awareness solutions.