Cybersecurity Tips

When it comes to protecting our finances, it’s important to practice good cybersecurity. A single incident of financial fraud or theft can have long enduring financial consequences. However, the good news is that I think everyone can reduce their exposure to fraud/theft by following some basic tips.

#1 – Freeze your credit

I’m a firm believer that everyone should freeze their credit file with the three major bureaus: Experian, Equifax, TransUnion. After the Equifax breach in 2017, the Federal Government forced the credit bureaus to provide no-cost credit freezes for everyone, so there is almost no downside to setting up a credit freeze these days.

Some people are skeptical when I suggest a credit freeze. But think about your credit file as your financial reputation! And what happens to that reputation if a scammer gets your Social Security number and other personal info? It’s possible that they could do some real damage. And the effort required to clean things up after the fact is significant.

And don’t forget your kids or grandkids. Social Security numbers are assigned at birth. It’s not unheard of for a child’s credit file being used for fraudulent purposes.

#2 – Regular updates on all devices

Keep your software up-to-date. And replace your hardware every 3-5 years if possible.

As part of the hardware update process, it often makes sense to remove “adware” from a new computer. Adware includes programs that come preinstalled by the manufacture, but serve no useful purpose other than trying to sell you stuff. Malwarebytes provides a free and easy tool for this.

#3 – Don’t worry too much about 3rd-party anti-virus software

Opinions vary on this, but most regular users likely don’t need to worry about buying a 3rd-party anti-virus program. Operating systems like Windows 10/11 and MacOS have built-in programs (assuming you activate them) which provide substantial protection. If you want extra protection, you can download the free version of Malwarebytes.

And by regularly applying software updates (see #2), your computer should have a robust line of defense already built-in.

#4 – Use encryption and backups

Most smartphones have encryption enabled by default. If you are using a Windows PC, you likely will want to turn on BitLocker. MacOS also has robust encryption options. I recommend using them.

If you are sending sensitive data to someone; i.e. your CPA or financial advisor, then use their encrypted client portal or file sharing system. If you need to share sensitive data with a friend, then you can use a program like 7zip to encrypt the data before sending or use a file sharing system.

Don’t rely on email or text messages as a secure means of communication. If you want to send written communications confidentially, consider using a program such as Signal.

It’s also a good idea to enable backups for your data. One option is the “cloud”. There are lots of services for this. The major ones are Microsoft OneDrive, Google Drive, Apple iCloud.

To be clear, the “cloud” just means someone else’s computer, so there are risks with cloud providers as well. Some people have horror stories about being locked out of their accounts and losing all of their data.

If you are worried about this and have some techno-experience, then you can add redundancy to your cloud backups by purchasing an NAS system. Or you can reduce the risk by diversifying across 2 or more cloud providers.

And going back to encryption… these days there are even services that you can use to encrypt your data before it’s uploaded to the cloud as an extra measure of protection.

In addition to mechanical failure or physical damage, backing up your data also offers protection against ransomware attacks. These attacks are where a bad actor surreptitiously encrypts the data on your computer and demands payment to decrypt and make it accessible to you again. However, if you have a recent data backup, you have the option to wipe your computer and start fresh in a matter of hours.

#5 – Use a VPN and disable Bluetooth

A virtual private network (VPN) is critical if you are using public wifi. Most VPN services are quite fast these days, so keeping your VPN on all the time usually makes good sense.

If you use Bluetooth on your phone, it’s often a good idea to turn it off whenever possible. If you have an iPhone, your Bluetooth gets turned on after each major update, so be sure to check it after applying any software updates.

#6 – Manage your passwords

Don’t reuse passwords for different services. For each service, create a reasonably long, complex password that is unique.

Password security is critical, but it’s a pain keeping track of them. For password management, I usually recommend one of two alternatives:

  1. A password program
  2. Write them down in a book

Lots of people use software programs to manage their passwords. And many of these programs are “in the cloud” so you can access your passwords on either your Mac/PC or smartphone, which provides a seamless experience. The Firefox browser offers this functionality as well as Apple’s Safari browser.

Some folks prefer a non-cloud based password program called KeePass. It’s open-source and easy to use. Just don’t forget your access key or your passwords are lost forever! And be sure to backup your KeePass file as well. I’ve found KeePass to be the best replacement for keeping a spreadsheet or Word document with passwords.

Some tech folks might gasp at me recommending keeping a physical book of passwords. But for older, less tech-savvy folks, physically writing down passwords can often be an ok solution. If you go this route, you may want to store the book in a fire-proof safe. It will be less convenient to backup a physical book of passwords, but perhaps you could photocopy the pages periodically and keep them in a safe deposit box.

It’s also important to limit the total numbers of passwords you need to manage. Avoid signing up for non-essential services where possible.

#7 – Use mulit-factor authentication if possible

Two factor authentication (2FA) or multi-factor authentication (MFA) can offer an additional layer of protection for your accounts. I recommend turning it on whenever possible. Most 2FA/MFA services utilize text messages to transmit the access code, but higher-security authentication smartphone programs and physical security keys are becoming more widespread.

#8 – Use an ad blocker and private browsing

Ad blocking programs have been in the news lately as YouTube has launched a “war” on them. I find that sort of funny as the FBI actually recommends that people use an ad blocking program when browsing the internet. Cyber criminals have posted fake ads to Google search results which have led to people being directed to nefarious, lookalike websites. An ad blocking program can reduce the chance of being duped by a shady internet ad.

It’s can also make sense to enable “private browsing” by default. Private browsing isn’t really all that private. Essentially, all private browsing does is deletes saved data (i.e. cookies, history, passwords, etc.) when you close the browser program.

This allows you to start fresh each time you open the browser. This can help reduce the amount of junk that builds up in the browser over time, which can both improve security as well as functionality. However, one downside of private browsing is having to re-enter passwords each time.

Of course, I’m aware that companies like Google/YouTube make their money by selling ads, and it’s not my goal to deprive them of revenue. But in my opinion many large tech companies need to do a better job combating bad actors. Until that time, I’m siding with the FBI and recommending that people use an ad blocker as an additional layer of protection.

When it comes to ad blockers, my recommendation is to use uBlock Origin combined with the Firefox web browser on a PC or Mac. Unfortunately, I haven’t found a great ad blocking solution for smartphones.

#9 – Regular review of account transactions

It’s important to review account transactions at regular intervals, say once every week or two. This includes credit cards, checking/savings, investment/brokerage, retirement, etc. If you notice anything fishy, address it immediately.

Most financial institutions allow customers to set up various email/text alerts for certain account activity. For example, you can get notified anytime there is an online charge on your credit card, or anytime there is a withdrawal set up for your brokerage account.

#10 – Protect your phone number and email

It’s arguable that your cell phone number and email address are some of the most valuable pieces of information in your entire life. With your cell phone or email, and some rudimentary internet sleuthing, it’s possible for a scammer to do real damage. And these days, it seems like everyone wants your phone number, email or both!

One possible way to handle this is to sign up for a free phone number/email through Google. You can have them forward to your regular phone/email (including texts) and give out the “dummy” phone/email to online services. You would only provide your actual phone/email to truly essential services such as your bank or brokerage firm or email provider (in case you need to reset the password).

Also be sure to contact your cell phone provider and ask them how to secure your account from “sim swapping” or other fraudulent actions.

#10 – Take care with sending money

Payment services like Venmo and Zelle can offer convenient ways to send people money. However, be sure to triple-check who you are sending money to. If you send it to the wrong person, it can be a nightmare getting it back. Some people send large dollar amounts through these services, but I don’t advise doing so. If you lose $100, that’s frustrating, but not too bad. If you lose $10,000, that’s just bad.

The same caution applies to wire transfers. If you need to send a wire for any reason – like a real estate closing – be sure to verbally verify the wire instructions by calling a phone number you found independently. That is, if you get an email from your closing attorney or title company, go look up their phone number on your own using a search engine and call them directly on that number.

#11 – Use common sense

Here are the basics when it comes to common sense and cybersecurity:

  • Don’t click on dodgy email attachments.
  • Don’t visit dodgy websites or click on weird links.
  • Consider every email, text message, and phone call as a possible threat.
  • When it doubt, pick up the phone and verify with the sender prior to clicking. If you accidentally delete a legit message, the likely worst case is it gets resent later on.
  • Limit the amount of personal information you post on the internet. Your social media history can offer tremendous insight into your life and make you vulnerable to scams, fraud, or blackmail. It can also affect your career prospects.
  • If you want or need to use social media, implement appropriate privacy settings and maintain a disciplined approach to sharing information about yourself.

#12 – Look out for loved ones

Maintaining good cybersecurity can be especially daunting for older folks. For this reason, they are often the target of scammers.

If you are in a position to help parents or grandparents, then don’t be afraid to do what you can as every little bit can help.

And don’t forget about younger folks. If you are a parent of young children or teens, be sure to talk with them about the risks of the internet and social media.

Disclaimer: In this article I’ve listed out a few cybersecurity tips that I think are valuable. However, by no means is this list comprehensive. And obviously, I’m not a cybersecurity expert, so you should discuss all of these tips with a qualified expert prior to taking action.

about page portrait

Matthew P. Jenkins, CFA, CFP®

Matthew Jenkins is the Founder of Noble Hill Planning LLC. Matthew has over 15 years of experience working in both large and small financial services firms. Before starting his career in finance, Matthew served as a U.S. Army Ranger. Matthew values transparency and fair dealing and enjoys helping people prepare for a great retirement.

Matthew is a CFA® Charterholder and CERTIFIED FINANCIAL PLANNER™ Professional. He is also a member of the National Association of Personal Financial Advisors (NAPFA) and the Fee Only Network.