Category: Cybersecurity Step-by-Step

Cybersecurity Step-by-Step #11: 2-Factor Authentication

Published in: Blog, Cybersecurity Step-by-Step |

Your financial well-being is our highest priority, and one of our goals for 2018 has been to walk you through the necessary steps to protect your online data. To make it more manageable, we have been sending you one new action item every month. If you missed the previous steps, we have listed them below with a link to the detail so that you can easily catch up.

Step Eleven:  Try 2-Factor Authentication

Why? 2-Factor Authentication adds a very effective second layer of security to your online accounts. 2-Factor Authentication (known as 2FA) means that two steps are required to confirm your identity. The first step is to enter your username and password. The second step is to enter a code sent to your mobile device. (The second step can also be accomplished using email, secret questions, tokens, or verbal verification by phone.) When you use 2FA, you are protected even if your password is stolen because the password thief is unlikely to have access to the second step of the authentication. (Learn more about 2FA by watching this 2-minute YouTube video)

If you’ve never used 2-Factor Authentication, we strongly encourage you to give it a try. It sounds complicated, but it isn’t as difficult to use as it may sound. Once you’ve tried it, we believe you will be convinced that the added security is worth the small amount of hassle to set it up.

Where to begin? If you aren’t sure, start here:
1. Start with your email. Gmail, Microsoft Outlook and Yahoo all offer 2FA. These services allow you to set up 2FA to apply only when logging in from a new device, so you won’t have to type in the extra code if you are logging in from your home computer or mobile device. If you aren’t inclined to do it to protect yourself, do it to protect your loved ones! Remember that if your email gets hacked, the cybercriminals can read ALL the correspondence and gather information that others may have shared with you.

2. Bank accounts should be your next priority. After all, most cybercriminals are in it for the money. Most banks offer 2FA and will allow you to designate trusted devices so that you will only have to go through the steps when you log in from an unknown device.

3. Once you have an increased sense of confidence using 2FA, you can add 2FA to other accounts – including those held at Schwab. Consider using it with shopping accounts such as Amazon, eBay or Etsy. Go to TwoFactorAuth.org to find a list of website services that offer 2FA.
Watch for our final cybersecurity step in December – everything you ever wanted to know about ransomware!

List of Previous Steps:

Step One: Place a freeze on your credit history at the top three credit agencies.
Step Two: Update the operating software on your computers, tablets, and smartphones, and continue to update as new patches become available.
Step Three: File your tax returns as early as possible.
Step Four: Use unique passwords on every site (and try a password manager).
Step Five: Never (ever) email sensitive information and always insist on encryption.
Step Six: Avoid using public WiFi networks.
Step Seven: Monitor your financial activity.
Step Eight:  Avoid Spear-Phishing Scams.
Step Nine: Open your online “my Social Security” account now.
Step Ten: Protect your digital legacy.

To review the previous steps, visit our blog.

Cybersecurity Step-by-Step #10: Protect your Digital Legacy

Published in: Blog, Cybersecurity Step-by-Step, Get Smart |

Your financial well-being is our highest priority, and one of our goals for 2018 is to walk you through the necessary steps to protect your online data. To make it more manageable, we are sending you one new action item every month. If you missed the previous steps, we have listed them below with a link to the detail so that you can easily catch up.

Step Ten:  Protect your Digital Legacy – Name a Digital Fiduciary in your Estate Plan

Why? Most of us have accumulated a significant amount of digital property online, including personal and financial data, email, photos, and social profiles, that will need to be managed after we die. In an effort to protect your data and your privacy, most online service providers have very strict terms of service that restrict access to your digital assets. So, when it comes to passing on your digital legacy, handing over your password list is not enough to provide a trusted confidant with the legal authority to carry out your wishes after your death.

Fortunately, a new law known as the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA) has been adopted in most states (including California). This law allows you to give legal authority to a named digital fiduciary to manage your digital legacy. (Learn more about RUFADAA.)

Consult with your estate attorney to learn how you can incorporate this new development into your estate plan. You can also consider excluding specific information or online accounts that may not be appropriate.

Once you have named a digital fiduciary, some advance preparation will make the task more manageable.

Prepare a list of your online accounts and passwords. We strongly recommend using an online password manager (See Cybersecurity Step #4) because this can be time-consuming and difficult to keep current. Don’t forget to include the passcodes to your devices!

Prepare instructions. Be sure that your wishes are clear and in a safe place where they can be found. Keep in mind that your Will becomes a public document after your death, so be sure to keep your instructions and your passwords in a separate location.

 

List of Previous Steps:

Step One: Place a freeze on your credit history at the top three credit agencies.

Step Two: Update the operating software on your computers, tablets, and smartphones, and continue to update as new patches become available.

Step Three: File your tax returns as early as possible.

Step Four: Use unique passwords on every site (and try a password manager).

Step Five: Never (ever) email sensitive information and always insist on encryption.

Step Six: Avoid using public WiFi networks.

Step Seven: Monitor your financial activity.

Step Eight:  Avoid Spear-Phishing Scams.

Step Nine: Open your online “my Social Security” account now.

To review the previous steps, visit our blog.

 

Cybersecurity Step-by-step #9: Open Your “my SOCIAL SECURITY” Account

Published in: Blog, Cybersecurity Step-by-Step, Get Smart |

Your financial well-being is our highest priority, and one of our goals for 2018 is to walk you through the necessary steps to protect your online data. To make it more manageable, we are sending you one new action item every month. If you missed the previous steps, we have listed them below with a link to the detail so that you can easily catch up.

Step Nine:  Open your online “my Social Security” account now (Yes, we mean ASAP!)

Why Now?  A cybercriminal with your social security number and address may be able to create a “my Social Security account” in your name and potentially claim your benefits before you do.

What is a “my Social Security account”?  The Social Security Administration has shifted to an online platform. An online mySSA allows you to view your social security information, as well as apply for and manage your benefits. Now that the online platform is in place, the Social Security Administration has stopped mailing estimated benefits statements to anyone currently under age 61. So, if you are under age 61 and working, you should visit this site annually to make sure that your earnings are reported correctly.

What are the steps to set up my account?

  1. Unfreeze your credit history at Equifax: In order to verify your identity, the Social Security Administration will ask you for personal information and compare it to information retained by Equifax. You will need to temporarily lift your credit freeze at Equifax to allow the Social Security Administration to make this comparison. Simply call (800) 685-1111 and follow the prompts. (Note: you will need your PIN)
  2. Open a my Social Security Account: Visit https://www.ssa.gov/myaccount/ and follow the prompts.

Visit this link to learn more about why you should set up an online Social Security Account.

 List of Previous Steps:

Step One: Place a freeze on your credit history at the top three credit agencies.

Step Two: Update the operating software on your computers, tablets and smartphones, and continue to update as new patches become available.

Step Three: File your tax returns as early as possible.

Step Four: Use unique passwords on every site (and try a password manager).

Step Five: Never (ever) email sensitive information and always insist on encryption.

Step Six: Avoid using public WiFi networks.

Step Seven: Monitor your financial activity.

Step Eight:  Avoid Spear-Phishing Scams

 

 

 

Cybersecurity Step-by-step #8: Avoid Spear-phishing Scams

Published in: Blog, Cybersecurity Step-by-Step, Get Smart |

Your financial well-being is our highest priority, and one of our goals for 2018 is to walk you through the necessary steps to protect your online data. To make it more manageable, we are sending you one new action item every month. If you missed the previous steps, we have listed them below with a link to the detail so that you can easily catch up.

Step Eight:  Avoid Spear-Phishing Scams

What is Spear-Phishing?  You may have heard of the term “phishing” which refers to online scams to obtain your personal information (Click here for examples). “Spear-phishing” involves a more targeted approach (spearing one fish at a time) by using information already obtained to impersonate the people and businesses you trust to lure you into providing more sensitive information, or access to your computer or financial assets. The following are spear-phishing examples:1

  • An email from an online store about a recent purchase. It might include a link to a login page where the scammer simply harvests your credentials.
  • An automated phone call or text message from your bank stating that your account may have been breached. It tells you to call a number or follow a link and provide information to confirm that you are the real account holder.
  • An email stating that your account has been deactivated or is about to expire and you need to click a link and provide credentials. Cases involving Appleand Netflix were recent sophisticated examples of this type of scam.
  • An email that requests donations to a religious group or charity associated with something in your personal life.

How to avoid Spear-Phishing:

  1. Be suspicious. If an email requests sensitive information or asks you to click on a link, be suspicious, even if it is from someone you know. Be even MORE suspicious when the communication includes upsetting or exciting statements that may be a ruse to distract you from clues you might otherwise notice.
  1. The best defense is to call and verify that the sender was the true author of the email. Instead of clicking on links, go to the website by typing the URL address directly into your browser.
  1. Never transfer or wire assets without verbal verification. Never. One favorite strategy of spear-phishers is to intercept fund transfers and substitute account numbers. Whenever you are transferring funds, double-check verbally that you are transferring the funds to the correct account.
  1. Follow our Cybersecurity Step-by-Step recommendations: If you take these steps to improve your cybersecurity, you will become a very difficult target to spear! To review the previous steps, visit our blog.

Read more about Spear-Phishing

 

List of Previous Steps:

Step One: Place a freeze on your credit history at the top three credit agencies.

Step Two: Update the operating software on your computers, tablets and smartphones, and continue to update as new patches become available.

Step Three: File your tax returns as early as possible.

Step Four: Use unique passwords on every site (and try a password manager).

Step Five: Never (ever) email sensitive information and always insist on encryption.

Step Six: Avoid using public WiFi networks.

Step Seven: Monitor your financial activity.

1 “What spear phishing is (with examples) and how can you avoid it” Aimee O’Driscoll, Comparitech, May 29, 2018. https://www.comparitech.com/blog/information-security/spear-phishing/#gref

Cybersecurity Step-by-step #7: Monitor Your Financial Activity

Published in: Blog, Cybersecurity Step-by-Step, Get Smart |

Your financial well-being is our highest priority, and one of our goals for 2018 is to walk you through the necessary steps to protect your online data. To make it more manageable, we are sending you one new action item every month. If you missed the previous steps, we have listed them below with a link to the detail so that you can easily catch up.

Step Seven:  Be Vigilant – Monitor Your Financial Activity

Why?  Scammers rely on the probability that you are not paying close attention. The sooner you spot a problem, the more likely you can minimize the cost and the hassle of repairing your record.

The following are our top four recommended strategies to monitor your financial activity:

  1. Open ALL your mail. Look for unexpected bills and confirmations of activity you didn’t initiate. If you aren’t receiving mail, that could be a problem too.
  1. Look at your bank and credit card statements regularly. Seems basic, but now that we get those statements online it’s easy to forget. If you frequently forget, consider going back to paper. Be sure to also look for “subscription creep”.  Free trials and discount subscriptions often convert to full price and can add up to significant costs.
  1. Use an expense-tracking app. These apps can consolidate all your spending activity so you’ll only need to look in one place to review everything. Many apps have built-in alerts to let you know if there is unusual spending activity. (Learn more)
  1. Review your credit report annually (at least). Even though you have already placed a freeze on your credit history (see Step One), you will still need to make sure that your current lenders report accurate information. You can receive a free annual copy of your credit report from each bureau by visiting annualcreditreport.com.

List of Previous Steps:

Step One: Place a freeze on your credit history at the top three credit agencies.

Step Two: Update the operating software on your computers, tablets and smartphones, and continue to update as new patches become available.

Step Three: File your tax returns as early as possible.

Step Four: Use unique passwords on every site (and try a password manager)

Step Five: Never (ever) email sensitive information and always insist on encryption

Step Six: Avoid using public WiFi networks

Please visit our blog to review these steps in detail.

Cybersecurity Step-by-step #6: Avoid Using Public WiFi Networks

Published in: Blog, Cybersecurity Step-by-Step, Get Smart |

Your financial well-being is our highest priority, and one of our goals for 2018 is to walk you through the necessary steps to protect your online data. To make it more manageable, we are sending you one new action item every month. If you missed the previous steps, we have listed them below with a link to the detail so that you can easily catch up.

Step Six: Avoid using public WiFi networks

Why?  Hackers can position themselves between you and the access point and they can capture the data you are sending out. Also, hackers are very good at imitating public WiFi connections and may trick you into logging directly into their networks (watch this video).

What if you are only browsing Pinterest or watching sports? Effective phishers can find ways to use this information. For example, a phisher might send you an email with a link for discount tickets to see your favorite team. You might be tempted to click on the link and accidentally download something harmful, like a virus or malware.

A password requirement for public WiFi is a good indicator that the information you send over the network will be encrypted using one of two security protocols: WPA or WEP (click here to learn more). Unfortunately, vulnerabilities have been discovered in these protocols. To protect yourself from these vulnerabilities, see Step #2 of Cybersecurity Step-by-step (listed below)

Fortunately, there are simple solutions:

  • When using your mobile phone in public, turn off your WiFi access. Use your cellular data connection.
  • When using your computer in public, you can turn your mobile phone into a secure personal WiFi hotspot (Watch these video tutorials: for iOS; for android)
  • Consider using a Virtual Private Network (VPN) Learn more

List of Previous Steps:

Step One: Place a freeze on your credit history at the top three credit agencies.

Step Two: Update the operating software on your computers, tablets and smartphones, and continue to update as new patches become available.

Step Three: File your tax returns as early as possible.

Step Four: Use unique passwords on every site (and try a password manager)

Step Five: Never (ever) email sensitive information and always insist on encryption

 

Cybersecurity Step-by-Step #5: Always Insist on Encryption

Published in: Cybersecurity Step-by-Step, Get Smart |

 

Your financial well-being is our highest priority, and in 2018 we aim to walk you through the necessary steps to protect your online data. We can imagine that although you would rather do almost anything else, you are as concerned as we are about keeping your data safe. To make it more manageable, we are sending you one new action item every month. If you missed the previous steps, we have listed them below with a link to the detail so that you can easily catch up.

Step Five:  Never (ever) email sensitive information and always insist on encryption

Why?  Phishers are experts at impersonating service providers such as mortgage brokers and tax-preparers who need to gather sensitive information. They know that when so many documents are exchanged, it can be very tempting to cut corners and attach an unencrypted document.

Whenever you must give a service provider sensitive information online, insist that they provide you with a secure encrypted method to transmit your information. If unavailable, consider sending your sensitive information by fax (they still exist!) or a reliable delivery service.

To learn more about phishing and how to protect yourself, follow this link to the Federal Trade Commission’s website.

Visit this link to view a Kahn Academy video about how encryption works.

 

List of Previous Steps:

Step One: Place a freeze on your credit history at the top three credit agencies.

Step Two: Update the operating software on your computers, tablets and smartphones, and continue to update as new patches become available.

Step Three: File your tax returns as early as possible.

Step Four: Use unique passwords on every site (and try a password manager)

Cybersecurity Step-by-Step #4: Use Unique Passwords

Published in: Blog, Cybersecurity Step-by-Step, Get Smart |

Your financial well-being is our highest priority, and one of our goals for 2018 is to walk you through the necessary steps to protect your online data. We can imagine that although you would rather do almost anything else, you are as concerned as we are about keeping your data safe. To make it more manageable, we are sending you one new action item every month. If you missed the previous steps, we have listed them below with a link to the detail so that you can easily catch up.

Step Four:  Use unique passwords on every site (and try a password manager)

Why?  The technology to hack and crack passwords has advanced and if you are using the same password for multiple sites, it could become the keys to your kingdom.

We hate them too, but until the need for passwords is replaced for good, we all have to dedicate precious time and memory to this security hassle. And to make matters worse, websites are requiring even longer and more complicated passwords, making them nearly impossible to remember.

Well, we have a solution! Consider using a password manager. They are relatively easy to use and a significant timesaver. We are familiar with Dashlane, LastPass and Keychain Access (for Macs), but there are several others that are highly rated.  Follow this link to a Consumer Reports article that provides everything you need to know about password managers.

Visit this link for more information about why strong, unique passwords matter.

List of Previous Steps:

Step One: Place a freeze on your credit history at the top three credit agencies.

Step Two: Update the operating software on your computers, tablets and smartphones, and continue to update as new patches become available.

Step Three: File your tax returns as early as possible.

Cybersecurity Step-by-step #3: File Your Taxes Early

Published in: Blog, Cybersecurity Step-by-Step, Get Smart |

Your financial well-being is our highest priority, and one of our goals for 2018 is to walk you through the necessary steps to protect your online data. To make it more manageable, we are sending you one new action item every month. If you missed Step One and Step Two, we have listed them below with a link to the detail so that you can easily catch up.

Step Three:  File your tax returns as early as possible

Why?  A criminal can use your stolen social security number to file a tax return and claim a fraudulent refund.  In 2018, the IRS, and State tax agencies are taking steps to combat tax-related identity theft, and the number of incidents declined in 2017. However, cybercriminals continue to find new strategies to leverage the data they have stolen. A very effective strategy to deter their efforts is to file your tax return as soon as possible. Even though you file early, you won’t have to pay the tax bill until April 16, 2018.

Visit this link for more information about tax-related identity theft, and what to do if you suspect you are a victim.

List of Previous Steps:

Step One: Place a freeze on your credit history at the top three credit agencies.

Step Two: Update the operating software on your computers, tablets and smartphones, and continue to update as new patches become available.

 

Cybersecurity Step-by-step #2: Update Your Operating Software

Published in: Blog, Cybersecurity Step-by-Step, Get Smart |
January 23, 2018

 

Your financial well-being is our highest priority, and one of our goals for 2018 is to walk you through the necessary steps to protect your online data.  We think this will be almost as fun as paying taxes, and just as important!  To make it more manageable, we’ll be sending you one new action item every month. In this email we’ll also include Step One (sent last Fall), as a gentle reminder if you haven’t yet completed the task.What was Step One? Here’s a recap:

Step One:

Place a freeze on your credit history at the top three credit agencies.

Why?  Your personal information is online, even if you are not. Your banks, the DMV, Social Security, Credit Agencies, and many other institutions store your data online. We know that cybercriminals have the ability to steal this information. Freezing your credit history will make it more difficult for cybercriminals to use this information to open bank accounts or lines of credit. Think of it as putting a club on your steering wheel. Even if the criminal can break into your car, it will be much more difficult to drive off with it.

For more information on this step, you can read our blog post on freezing your credit.


Now for Step Two:

Update the operating software on your computers, tablets and smartphones, and continue to update as new patches become available. 

Why?  Software manufacturers are constantly fixing bugs and making improvements that are available to download in “patches”. These patches not only help your device run more effectively, it will also improve your security.

This is an important step especially because of security flaws called Meltdown and Spectre that were recently detected in most devices. If you are interested, you can read more by clicking on this link: https://meltdownattack.com/. The good news is that programmers are already creating patches to protect your devices against these vulnerabilities and will continue to create new patches as new threats emerge.


If you have any questions about these steps, now or as we go forward, please don’t hesitate to call.

Warm regards,

Diane & Lexi