“Eternal vigilance is the price of liberty.” This famous quote, often attributed to Thomas Jefferson, offers a valid principle that could also apply to staying safe online. As time goes on, more and more of our personal lives and our day-to-day business are being conducted online, which means that bad actors have more opportunities to take advantage of the unwary. And it’s not just the unsuspecting elderly who are being victimized; recently, a data breach at Ticketmaster exposed the personal information of 560 million customers. Similarly, two different incidents at AT&T cost the company $177 million in damages. Clearly, data security is a problem for any individual or entity that conducts business online: in other words, all of us.
Since going “off-grid” isn’t a realistic option for most of us, how can we keep our personal information and data safe from the hackers who are constantly prowling the internet? There are a few key habits that, if ingrained and practiced regularly, can go a long way toward helping you avoid being victimized by hackers, identity thieves, and other online predators.
Avoid putting sensitive personal information in an email.
Because most email is not encrypted, it’s possible for hackers to gain access to the contents. So, while it may seem easy and quick to just send your Social Security number, driver’s license number, or insurance policy number in an email to your agent—don’t! It’s much safer to provide such information in a phone call. Some companies provide “data vaults” or other password-protected, secure locations for uploading sensitive information, and these are typically safe places to send such data. If all else, fails, mail hard copy, preferably by a trackable method such as US Postal Service Priority Mail or Federal Express.
Periodically change or update your passwords.
Nobody enjoys having to switch out a password that they finally committed to memory, but hackers sometimes use sophisticated software that can try thousands of passwords per minute in a “brute force” attempt to duplicate your login credentials. Make a habit of using hard-to-guess passwords—such as those generated by many web browsers or personal computer operating systems. This is a good defense against the password-cracking programs employed by hackers. And in addition to your operating system or the security features in your web browser, there are also handy applications such as Keeper, 1Password, and others that can help you keep track of the passwords you’re using for various online accounts.
Use two-factor authentication.
While we’re on the topic of passwords and logging in, many websites that deal with sensitive financial information require the use of two-factor authentication: a code sent to a device that you must enter in order to access your account. Often, this takes the form of a text message sent to your (verified) phone number with a four- to six-digit numerical code that you must enter within a certain time frame. Two-factor authentication is a valuable defense against hackers who may have cracked your password. Without the code sent to your personal device, however, they won’t be able to get into your account.
Beware strange phone calls.
Recent advances in AI technology have, unfortunately, created new opportunities for online thieves. For example, if you get a phone call from a number you don’t recognize and the caller asks you a question that requires a “yes” or “no” answer, beware. AI technology is capable of recording your answer and then using a digitally created facsimile of your voice to perpetrate fraud, such as making “emergency” calls to friends or family, asking for money. Often, the best response to a call from an unknown or unexpected number is to either not answer or simply hang up without saying anything. And remember: Social Security, the IRS, and most banks and investment companies are never going to call you on the phone and ask you to provide personal information as “verification.” If you receive such a call, hang up immediately.
Take advantage of added security features.
At JFS, for example, clients have the option to establish a safeword or passcode for their accounts. If you choose to set this up, we will not release any sensitive information to a caller until they provide the correct safeword/passcode. This extra layer of protection ensures that even if someone were to impersonate you on the phone, your information remains secure.
Common-sense defense #1: Don’t be “quick to click.”
An innocent-looking link in an email or Facebook post—even if it’s from someone whose name you recognize—can lead down a rabbit hole toward a world of hurt. If the email is mostly blank except for the link, don’t click it. If it’s telling you about a prize you’ve won and all you need to do is click to claim it, don’t click it. If something looks odd—for example, the name of the sender is familiar but the email address isn’t—don’t click it. The same goes for many pop-up windows on web pages. Be careful where you click, and you’ll avoid tons of digital heartache. When in doubt, trash it.
Common-sense defense #2: Keep an eye on your accounts.
Most banks and credit card companies have greatly improved their fraud monitoring and alerting capabilities, but that shouldn’t relieve you from reviewing your account statements on a regular basis. Look for charges or payees you don’t recognize. Even a small charge of less than a dollar can signal that an identity thief has your number and is checking to see if it works. Chances are, the next charge won’t be so small.
Most of these tips probably seem like basic common sense. The problem is that when we’re working online, we tend to get in a hurry—and that’s when caution gets compromised. Remember: it’s okay to hesitate, to take your time, and even to spend a few minutes verifying a website, an email address, or the identity of a caller. When you’re online, an ounce or two of suspicion can save you from a ton of regret.
At JFS Wealth Advisors, we take our clients’ online safety very seriously. If you have any questions about the security of your accounts or your personal data, please contact us right away.
