Broker Check

It's Cybersecurity Awareness Month: 7 Steps to Protect Yourself

October 12, 2022

Over 50% of consumers have fallen victim to a cybercrime, with a third of those attacks taking place in the past year alone. So there are 263 million American consumers. 131.5 million have been hit by cybercrime, with 44 million attacks in the past year. Cybercrime is an increasing concern as more and more of our daily tasks take place online. Think about your financial life alone. It’s likely you do the majority of your upkeep online—deposit checks, pay credit card statements, check your brokerage accounts, contribute to your 401(k), etc.1

October is Cybersecurity Awareness Month, which makes this the ideal time to review a few simple ways to keep yourself and your devices protected from hackers.

Step #1: Use a Password Manager

About two-thirds of people use the same password across multiple accounts, both personal and professional. The primary reason is, of course, the ease and convenience of only remembering a few different passwords. The problem is, that this also creates an easy and convenient way for hackers to access multiple accounts within minutes.2 

But trying to memorize multiple passwords is difficult, and writing them down on sticky notes isn’t secure either. Instead, consider implementing a password manager on all your devices.

Password managers like LastPass, Dashlane, or 1Password, offer secure storage of your login information and additional sensitive data (like credit card numbers). Instead of trying to memorize various unique passwords, you just need to remember one singular login for your password manager. From there, it can autofill login info anytime you need to access accounts.

Password managers are especially helpful for small business owners who must collect sensitive information from customers or share login information with employees. Rather than text, email, or instant message sensitive information, data can be shared via an encrypted message from your password manager.

Any companies mentioned are for illustrative purposes only, and should not be considered a solicitation for the purchase or sale of the securities. Any investment should be consistent with your objectives, timeframe, and risk tolerance

Step #2: Consider Multi-Factor Authentication

Multi-factor authentication (MFA) sounds sophisticated, but it’s actually a simple way to add an extra layer of protection to your accounts. This type of password protection is increasing in popularity, especially for companies at high risk of a breach—think banks, credit card companies, and email providers. Many employers and IT departments at large companies are requiring MFA from their employees as well.

According to the FBI, MFA typically uses a combination of:

  • Things you know (like a username and password)
  • Things you are (face or fingerprint scan)
  • Things you have (like a device or app that gives you a constantly changing access number)3

For example, you could log in to an account with a username and password, and then have a code texted to your cell phone. Or, you could log in on your computer, but be required to confirm with an app on your phone. Either way, if a hacker gets ahold of your username and password, they are still missing the second component needed to access your account.

Step #3: Use Caution When Clicking Links

This can be tricky since it requires you to follow your intuition more than anything else. Think of the phrase, “if it quacks like a duck,” and use your common sense to determine if something online looks suspicious.

The most common place to run into suspicious links is right inside your inbox. While your spam filter will catch a lot of malicious emails, some still slip through the cracks. If you get an email from a company you’re familiar with (like your credit card company, internet provider, etc.) and it asks you to verify personal information or click on a link, proceed with caution.

Here are a few things to check before engaging with a suspicious-looking email:

  • Email address: This is usually the biggest giveaway. If the email address doesn’t match previous email correspondences from the company, it’s likely a fake.
  • Typos: Is the copy in the email full of typos or grammatical errors? Most large companies have very polished, clean email correspondences with customers.
  • Hover: Try hovering over the link to see the destination. If the link doesn’t look legitimate, don’t click it.
  • Discrepancies in branding: You may notice the logo, branding, or even the name of the company is slightly off. Any discrepancies should be taken as a sign that this is not coming from a legitimate account.

If you have any suspicions, search online for the company’s customer service number (don’t use any provided in the email itself). Call and verify whether the email is legitimate. Companies also appreciate knowing when they’re being imitated so they can let other customers know.

Step #4: Stick to Secure Wi-Fi Connections

If you have Wi-Fi at home, make sure the password is changed from the default setting. This should be something unique and secure—not your address, street name, or other easy-to-guess information.

Anyone within 300 feet of your router can access your Wi-Fi. That means someone sitting in a car or a next-door neighbor could access your Wi-Fi if it has weak (or no) password protection. Not only is this a security risk, but it can also slow down your connection speed and increase your internet bill.

Having a secure and unique password also helps deter “sniffing.” This is when hackers get access to what’s being transmitted between your router and devices.

Use Caution With Public Wi-Fi

Always be cautious when using public Wi-Fi, especially unsecured networks. Hackers have the ability to mimic legitimate networks by creating an “evil twin.” These fakes look just like the real ones (sometimes they even have stronger signals), but they give the creator the ability to access your device and personal information once you’re connected.

To prevent having your information accessed, consider using a virtual private network (VPN). This creates a barrier between you and the Wi-Fi network. If a hacker tries to access your device through a malicious network, the VPN encrypts your data and protects your device from a spyware attack.

Step #5: Keep Your Antivirus Software Up-To-Date

If you don’t already have antivirus software on your devices, install some as soon as you can. This serves as your first line of defense against hackers, while continually monitoring the overall health of your devices.

Once you have antivirus software installed, you should set it to automatically scan your devices on a regular basis. Your antivirus software will likely require regular updates to ensure it’s continually protecting against the most recent threats.

The majority of antivirus programs use three types of detection:

  • Specific detection for identifying malware
  • Generic detection to scan for known pieces of malware
  • Heuristic detection to identify viruses and scan suspicious files

Step #6: Secure Your Cell Phone

Most smartphones give you the choice to require a passcode or password before the phone can be used. This is a simple and smart way to help protect your private information. The more numbers or letters used, the harder the passcode is to crack.

If you’re out in public, say at an airport or café, it might be tempting to use a public charging port to charge your phone. Unfortunately, even if you use your own cord, it is possible for these public ports to carry malware. This type of hacking is called “juice jacking,” where the port is used as an entry point into your device.

Instead of plugging into public ports, consider keeping a portable charger with you instead. 

Step #7: Protect Your Social Media Accounts

Around seven in 10 adults use some form of social media. Like email, this is a common entry point for hackers looking to access personal information they can use on your other accounts. If you haven’t checked on your profile in a while, take a look at your privacy settings. As platforms do routine updates, it’s possible your default settings may have changed. Be sure you have a good understanding of who can see your posts (everyone or only your friends?) as well as your profile information (name, date of birth, relatives, job title, etc.).4

But remember, even if a profile is private, your information will be compromised in the event the platform is hacked. Try to remove any information from your profile that could be used to access other accounts, such as date of birth, phone number, or place of work.

If someone sends you a message and it sounds out of character for them or the message urges you to click on a link, it’s likely the account has been hacked. If possible, try contacting the user another way, and report the profile if it’s confirmed to be compromised.

Keep Your Information Protected Online

The best way to protect yourself is to use caution and common sense. If something feels off, or someone is requesting information you’re uncomfortable sharing, then trust your instincts. Cybercrimes are costly and incredibly disruptive, especially when they involve your financial well-being.

1, 2021
2 Comparitech, 2022

3, 2021

4, 2021

The content is developed from sources believed to be providing accurate information. This material was developed and produced by FMG Suite to provide information on a topic that may be of interest. FMG Suite, LLC, is not affiliated with the named representative, broker-dealer, state- or SEC-registered investment advisory firm. The opinions expressed and material provided are for general information and should not be considered a solicitation for the purchase or sale of any security.