Today’s topic is an updated version of our previous posts about online safety. As cybercrime evolves, so do user tactics; we’re here to bring new ideas to your online protection strategies. So let’s dive in:
- Think of email as a newspaper. You should assume it is neither confidential nor private. Never put in an email anything that you wouldn’t feel comfortable publicizing to the general public.
- Clean out your email inbox and trash regularly. Leaving old emails that you do not recognize in your system can open the door to hackers. If you have time, eliminate contacts you don’t recognize. Keep your system clean – it will work better, too.
- When you create a password for your email, use a nonsensical phrase – research has shown that’s more effective than almost any other form of password. Here’s an example: for!blendmychanges8. The good news is that if you use a phrase, you don’t have to change your passwords as often – every few months will do.
- Don’t use the same password for your bank and brokerage accounts as you use for buying stuff at Nordstrom.com. In fact, try not to repeat passwords at all.
- Another option is to use a password manager. That will take care of more than just your email password. Examples include LastPass and Bitwarden.
- Use two-factor authorization every chance you can. Some services are not set up for 2FA; if they should be, write to them and tell them so!
- Remember your in-home internet. Make sure you use a robust password for access to your own system. My home internet didn’t allow password customization, so I changed out the modem for one that did. Do not give out your home internet password without changing it immediately afterward.
- Never, ever send confidential information via email without either using a password on the file, truncating account numbers and/or SS numbers, or redacting brokerage company names, etc. A safer way to deliver documents is via a secure portal.
- If your advisors – accountants, lawyers, recordkeepers, etc – do not provide secure portals, insist that they set one up.
- I don’t use social media, but it goes without saying – keep those accounts as private as you can, Don’t post information you wouldn’t be comfortable giving out to your whole neighborhood.
- Always log out of services you are not using. Do not just close the browser window, because this can leave you logged in to your bank account, email account, and so forth.
- Never use a public internet connection to perform any confidential task. You can mitigate the dangers of a public connection by using a virtual private network, but some services may not work with a VPN. It’s best to keep personal business on your own internet connection.
- Keep your computer and phone locked down – requiring a password or biometrics to open them, and physically, too, especially when traveling. Don’t leave a device near a window, on a car seat, or any other place that might tempt a thief.
- Recycle old hardware – printers, tablets, phones, computers – with a reputable firm. Do not keep these around if they’re not in use. Many older bits of hardware utilize unsupported versions of software that offer an easy entree to a hacker. And of course, always update your software on the machines you do use. Never use outdated software!
- “Claim” any online accounts that you have been provided. Social Security has encouraged participants to manage their accounts online. If you do not set up a username/password for your own SS account, then anyone who finds your SSN can “claim” your online account and re-route, stop, or start payments. Ditto with your bank and brokerage online accounts. Set them up, even if you don’t plan to use them.
Believe it or not, these fifteen tips are barely scratching the surface of “best practices”. If some of these items seem too technical, it might be time to find someone to help with your home technology. A safe system will perform better, and you might just sleep better at night.