3 Essential Cyber Security Habits
Posted March 5, 2021
Posted March 5, 2021
The internet is one of the greatest tools ever invented (thank you, Al Gore!). The internet has helped create the ability for any user to access all the information available worldwide instantly. Unfortunately, this also means that people’s personal information and privacy are always at risk while connected to the internet. Practicing good cybersecurity fundamentals is crucial to keeping data secured while still enjoying the internet and other technology.
An important thing to remember is that nothing is ever going to be completely secure. Even for people who don’t use the internet, nefarious individuals can get confidential information from discarded paperwork (i.e., doctor bills, Social Security statements, credit card bills, etc.). Even if you don’t have to worry about computer hackers, there are still real threats that can lead to identity theft and frustration.
Being a wealth management business that works with retiring individuals means dealing with clients with many banking and investment assets that also bank online. Online banking means that these clients access their financial accounts through their bank or custodian’s website using a username and password. The website password creates the first and easiest point of entry for any bad actors. A weak password is usually the easiest way for a hacker to access a user’s website portal and one of the easiest things to prevent.
Many tools are available for consumers to create and remember complex passwords that essentially cannot be brute force hacked. For somebody that uses only Apple devices, Apple provides a Keychain feature that will generate a complex password and store that password across all devices. It is an elegant feature that keeps you from using the same simple password repeatedly because you can’t remember 300 different passwords for every website you log in to. Several password manager programs exist on the market for non-Apple users or people with mixed brand hardware that work across all other platforms. The password manager that I like is called 1password and will work on every different smartphone model, tablet, and computer. As the program’s name suggests, you only have to remember the one password to open the program and the program does all the rest (make sure that one password you have to remember is a great password and not Password123).
The importance of using unique passwords for every website you log into is because security breaches do happen. A breach means that a hacker gains access to a company’s internal information, resulting in compromised usernames and passwords. If a compromised password is used for all of your other websites, then all of a sudden, every single account you have across the internet is vulnerable. If you have a unique password for every website, you only have to worry about resetting one password and limiting your vulnerability when a password is compromised.
The following security setting you should always follow is to use a passcode for your mobile devices. Turning on this setting is a simple thing to implement and seems to be standard practice, but it’s always good to remind people. Most people’s smartphones have access to all areas of their lives (banking, emails, text messages, photos). The only thing standing between that information and a nefarious actor is that passcode. The most critical step to securing your phone is to make sure that you turn on the “Erase Data” feature in the passcode settings. At least on Apple devices, this security feature automatically deletes the phone’s data after ten failed passcode attempts. Don’t worry about accidentally deleting your phone’s information because, after the first five failed attempts, the phone will lock for one minute. After the 6th failed attempt, the iPhone will lock for five minutes. After the 7th failed attempt, it locks for 15 minutes, and then after attempts eight, nine, and ten, it locks for an hour.1 These delays are not only useful for preventing people from getting into your phone quickly, but they also help prevent small children or grandchildren from accidentally erasing your phone when they are playing with the device.
When you go to a website, have you ever noticed that some URLs start with HTTP:// and others begin with HTTPS://? The difference is that a website that starts with HTTPS:// has an SSL certificate, meaning that the website is secure and that you have an encrypted connection with that website. The SSL certificate makes sure that any data you enter is shared safely with that website. Without the SSL certificate, any form you fill out with your personal information or credit card information can be intercepted by a hacker snooping around. However, a website with an SSL certificate will form an encrypted connection with the website’s server to transfer your information safely. It is such an essential part of safe web surfing principles that Google now penalizes websites in search results for not having an SSL certificate installed on their website.
While this isn’t necessarily an issue of cybersecurity, using cloud storage to back up your computer and phone contents is a great way to ensure your information’s recoverability in the event of a lost device. Many different cloud storage providers (Google Drive, Microsoft OneDrive, Apple iCloud, Dropbox, etc.) provide similar pricing and security features.
You have probably heard the term “the cloud,” but what is the cloud? When you put information in the cloud, all you are doing is moving your information onto that company’s servers (computers). The company maintains security by storing its customer’s information in secured data centers and typically having redundant backups at different locations. These security features help prevent customer information loss and are much more robust than just having your information only stored on your computer or phone.
Thayer Financial, L.L.C. (“Thayer Financial”) is a registered investment adviser offering advisory services in the State of North Carolina and in other jurisdictions where exempted. Registration does not imply a certain level of skill or training. This website’s presence on the Internet shall not be directly or indirectly interpreted as a solicitation of investment advisory services to persons of another jurisdiction unless otherwise permitted by statute. Follow-up or individualized responses to consumers in a particular state by Thayer Financial in the rendering of personalized investment advice for compensation shall not be made without our first complying with jurisdiction requirements or according to an applicable state exemption.
All written content on this site is for information purposes only. Opinions expressed herein are solely those of Thayer Financial, L.L.C., unless otherwise specifically cited. Material presented is believed to be from reliable sources and no representations are made by our firm as to other parties’ informational accuracy or completeness. All information or ideas provided should be discussed in detail with an advisor, accountant or legal counsel prior to implementation.