Protecting your financial data just keeps getting more and more complicated and time-consuming. Yet if you don’t take the proper precautions, the vulnerabilities that exist could cost you enormously if your data is compromised or worse yet, your identity is stolen.
The Equifax breach occurred 18 months ago and shocked the nation. See prior Insight Article The Equifac Breach One Year Later. There were dozens of others in recent years including Anthem, eBay, JP Morgan Chase, Home Depot, Yahoo, Target, and Sony PlayStation, just to name a few.
Names, Social Security numbers, addresses, birth dates, or driver’s license numbers may have been exposed by any one of these data breaches. All are critical pieces of information used by identity thieves to impersonate people and conduct fraud. Even if someone didn’t use your information yet, they still could. The hackers, or whoever they sold the information to, could be waiting for the perfect time to pounce and use your information to make purchases, file income tax returns, redirect Social Security checks, or whatever else their evil mind can imagine.
It is wise to assume that someone has all of your information and could use it at any time. Just when we think it is okay to relax, it is actually time to buckle down on your cybersecurity tactics in order to protect your financial data and your identity.
There are a whole host of security tactics we can deploy to protect ourselves. In this article, I present the top 8 cybersecurity tips that I personally use to protect our family’s data against not only the Equifax breach but any security breach in general. Three of these have been discussed in the previous article, but I’m presenting all 9 here so you have everything in one place…
9 Ways to Protecting Your Financial Data
Regardless of whether you were a victim of this Equifax breach or not, it is worthwhile to consider placing a freeze on your credit. Freezing your credit will give you peace of mind that nobody can access your credit files, not even you, until you unfreeze it.
Unlike credit monitoring or fraud alerts, a security freeze stops an identity theft from happening rather than alerting you to potential fraud after it has happened.
Apply a credit freeze at each of the 3 credit bureaus:
- Equifax: 866-349-5191
Freeze your credit
- Experian: 888-397-3742
Freeze your credit
- Transunion: 888-909-8872
Freeze your credit
You will be supplied with a special PIN that only you know. That PIN must be used to gain access to your credit file or to add new credit in your name. You will need to unfreeze the accounts whenever you apply for a loan, for example, so that creditors can see your file.
To lift your freeze, for example in the case of applying for a loan, simply contact the bureau used by the lender and provide your PIN to lift the freeze for a designated time. This can be done online or over the phone. It may take a few days for the freeze to be lifted so be sure to do it a few days in advance of applying for a new loan.
Although an inconvenient process, the freezing of your credit accounts is the best thing you can do to protect against the Equifax breach or any other breach.
The good news is that earlier this year the credit bureaus made freezing and unfreezing of your account a no-charge event. See their respective websites for details.
With all of your online shopping, banking, investment, email, and social media accounts, it is easy to amass several dozen accounts. If you are a small business owner, you can probably double that number. Each account needs a unique password with combinations of letters, numbers, and special characters. And they all need to be changed every 90 days or so. That is far too many passwords to keep track of!
Don’t cheat and use passwords over and over. Do not store your passwords in your browser. Doing so may be convenient, but browsers are known to have security vulnerabilities. Check your browser preferences and make sure there are no saved passwords in there!
Look into a high-quality password manager. For about $50 – $60 per year, you will be able to generate complex and unique passwords for each of your accounts, store them in an encrypted application, share across devices and with your spouse, and have a peace of mind that your passwords are in a secure place. Another advantage of some of the password manager apps is that you can store credit card information securely and other sensitive information.
You will only need to memorize the one password that provides you access to the encrypted application.
Set Up 2-Factor Authentication
In addition to securing your passwords, it is good to go an extra step and set up 2-factor authentication on your financial accounts. What this does is provide an additional layer of protection that the user entering the password is really you. The way it works is after you enter your password, the system will send you a 6 or 8 digit code to your mobile device (or email). You usually have 10-15 minutes to enter that code into the login screen of the account you are trying to access.
You will now have 3 pieces of data to enter in order to log into your financial account: your user name, the password, and now this 6-8 digit code.
The 6-8 digit code is good only for that one login session. If you want to access that same financial institution later in the day, you will have to repeat the 2-factor authentication process. It only takes a couple of minutes and is well worth the extra layer of protection for those accounts that contain confidential financial information.
Proper use of passwords and 2-factor authentication are two very useful ways in protecting your financial data.
Set Up Credit Card Alerts
Another must-do is to set up credit card alerts so that you know when a transaction has occurred. You can set this up within your account security settings for each credit card. Generally, the alert can be set up to come to you as a text message or an email and you can set it up for anything over an amount you designate, for example, $10. Then, every time a transaction over $10 occurs, you will get the alert.
Having this little feature not only tells you if there is a misuse of your credit card, but it’s also a great little tool to keep track of all your credit card transactions, for budgeting purposes.
Every day hackers are finding new ways to attack our personal computer systems, not just businesses. We need to protect our home systems from the invasion. Many of these computer invasions are coming through the vulnerabilities or “holes” in our browsers. Each browser has its own unique way of closing up these “holes” but none are perfect and some are blatantly bad. I won’t do a review of which browsers are better at security than others, but it is important to make yourself less vulnerable in the way that you use your preferred browser.
Many of the computer hacks coming in through the browser come from the following vulnerabilities:
- Browser “extensions” that are downloaded by the user
- Passwords stored in the browser
- Your browsing history stored in the browser
Browser extensions are usually productivity “enhancements” that you may have downloaded for shopping, coupons, Amazon, grammar, or a whole host of other aids. Be very careful about which extensions you download and ask yourself if you really need them. Browser enhancements are not generally known for protecting your financial data.
As mentioned above, never store passwords in your browser even if you use a password manager. Doing so is basically advertising that you have passwords in your browser, even if they are encrypted, we never know the extent that the browser is truly protected.
Browsing history is unnecessary and can flag advertisers, hackers, and others where you have been and allows them to set up more sophisticated tracking devices to where you log in and capture that secure information. For those sites you want to access repeatedly, it’s very simple to set up your “Favorites” so that you can go back to those sites easily without typing the long URL to get there.
Almost every home has a wireless router for the convenience of family members to access the internet from a variety of devices. Check the password for the router. If you are using the default password that came with it when it was first installed, change it to a unique password.
Back Up Your Files
It’s 2019 and this should go without saying, yet many people still do not do an appropriate backup. In case a hacker does get into your system, there is a trend to capture your files, delete them from your computer, and hold you hostage for payment to release your files back to you.
To overcome this vulnerability, I recommend backing up all your files regularly, either to a separate USB-connected hard drive or an alternative secure file server in the cloud. Costs for a USB hard drive are well under $100 one-time charge. If you elect to go with a secure file server in the cloud, those costs will vary, but you should be able to find one for about $10 per month.
Get a Private Virtual Network
If you work remotely on a regular basis, especially if you access the internet from a public WI-FI such as a library or coffee shop, you are subject to being monitored through the public WI-FI. I strongly recommend a Virtual Private Network, or VPN, for this situation. A VPN is your own private network that you access while you are connected to any public WI-FI. The VPN will route your activity away from the public WI-FI onto its own secure network. A good VPN will do all of this automatically and tell you when you are on the secure VPN. Then you can conduct your business with better security than the public WI-FI. A typical VPN will cost about $60-$80 per year.
Be Aware of Email Phishing
I can’t tell you how many times I’ve received an email from what appears to be a legitimate account that I own asking me to supply personal information. But it is not a legitimate source. The hacker has recreated a company logo and an email ID that is very similar to the actual email ID of the account in question.
The hackers further deceive by creating a sense of urgency that needs your immediate action. Sometimes they are cautioning you that your account will be canceled if you don’t click on a link within the email to verify your account information. This process is called “phishing.”
The best way to avoid the phishing hack technique is to never click on such a link within the email. Always go outside the email system and log in to your account through your browser and update any personal information directly on the account site. You may also call the legitimate account provider and ask if they sent you an email recently requesting any account or personal information.
There is no automated tool that I am aware of to help reduce your chances of being a phishing victim. This one you just need to be aware of and apply discernment in any email you receive asking for personal information.
There may be other security actions you can take to protecting your financial data, but these are the 8 that I believe are the most impactful and should be employed regularly.
About Kastler Financial Planning
We are a fiduciary firm, providing fee-only, professional financial services with affordable and transparent fees. Our core purpose is to help improve your financial situation and to help you Get Retirement Ready. We do not sell financial products. We believe everyone should have access to financial advice without the pressure or bias of product sales or commissions. KastlerFinancialPlanning.com
We perform these services either as hourly, a one-time fee-only project, as on-going financial planning, or Assets Under Management (AUM), depending on your needs. Whether you live in our backyard or across the country, we aim for a pleasant client experience through our secure, all-digital Financial Planning Process.
If you have any question on how our services may apply to you, please contact us at the number below or submit an email through our Contact Us form.
© 2021 All Rights Reserved
Kastler Financial Planning | Ortonville, MI 48462