Ep. 223 – Protecting Against Cybersecurity Threats
In this Episode of the Secure Your Retirement Podcast, Radon and Murs discuss fourteen common practices to help you protect yourself against cyber security threats. The purpose of this isn’t to scare you but to empower you to be on the internet safely.
Listen in to learn the importance of having strong and complex passwords for your home and office networks and avoid using one password for multiple sites. You will also learn the importance of being mindful when opening emails, using public Wi-Fi, sending sensitive data, and more to avoid cyber-attacks.
In this episode, find out:
- Use unique and strong passwords and avoid using one password for multiple sites.
- Enable two-factor authentication – this adds a layer of security that’s strong.
- Keep software and devices updated to have the freshest security measures in place.
- Beware of phishing attacks – look at every email with a mindset of caution.
- Secure your home network by setting up stronger passwords and different encryptions.
- Be mindful of public Wi-Fi that doesn’t require a password to log in to avoid hacking.
- Back up important data regularly for easier retrieval if data is lost.
- Educate yourself – read, listen, and watch to stay alert on ways to protect yourself against threats.
- Secure social media accounts – adjust privacy settings and be careful of those watching you.
- Encrypt sensitive data – use secure ways or avoid sending sensitive data via email.
- Secure mobile devices in case they were to get into the wrong hands.
- Limit access to personal information – be careful what you share unless you know who you’re sharing it with.
- Use secure browsing practices – beware of fake website phishing for data.
- Regularly review account activity – don’t go for six months without looking at your account activity.
Tweetable Quotes:
- “The more diversified you could be in your passwords, the more protected you will be.”– Murs Tariq
“You need to be very careful before your open an attachment or click on a link; look at every email with a mindset of caution.”– Radon Stancil
Resources:
If you are in or nearing retirement and you want to gain clarity on what questions you should be asking, learn what the biggest retirement myths are, and identify what you can do to achieve peace of mind for your retirement, get started today by requesting our complimentary video course, Four Steps to Secure Your Retirement!
To access the course, simply visit POMWealth.net/podcast.
Here’s the full transcript:
Radon Stancil: | Welcome everyone to Secure Your Retirement podcast. Murs and I are very happy to be able to chat with you and kind of try to do what we do all the time every single week is to give you something of value. Today we’re going to talk about something that I will tell you is a really big deal to us and that is protecting ourselves, you protecting yourself against cybersecurity. And I tell you, we are doing everything we can here as a firm and that I think it’s across the board, all the financial institutions, the places that are worried about having a breach, that is a very sensitive topic. In fact, it is a part now of the Securities and Exchange Commission’s criteria that we as financial advisors are always being trained and making sure that we’re doing everything we possibly can to protect our clients and ourselves against cybersecurity. And it’s huge. It’s a big deal. |
I’ll just tell you a story before we get into the list because really what we’re going to try to do today is kind of say, okay, what are some things you can do? This all got prompted by the way, I had a conversation today in the office with a client and they said, “Hey, how do I protect against somebody getting into my…” And she has her money over at Charles Schwab. And she said, “How do I do that?” And we just started talking. And kind of said, well, we’ve done a couple of podcasts on this. We’ve interviewed some people within cybersecurity. And every time we have a conversation with somebody in that world, they’re like, man, people are always working to do better at becoming cyber attackers. But here’s the thing that I thought was very interesting. | |
We can almost virtually make it impossible for them if we follow some of the things that we’re going to talk about today, but they’ll be very slick. They will attack you by going in and logging in and watching you email. So it’s not just your financial stuff. The way they get to the financial stuff is actually watching your email. That’s one of the most common things that we’ve had occur. And so we’ve got protocol here. We’ll talk about that a little bit as we go here. But here’s the key that I want you to get from this particular episode. This is not to scare you away from being on the internet. What it is is to say if you’re educated, you can actually transact on the internet. You can actually have your financials on an internet face. | |
By the way, they’re there no matter whether you are or not. Some people say, I don’t want to have my stuff on the internet. It’s there, it’s already there. All the institutions are putting it out there. It’s just a factor of whether or not you want to access it. So the key is what do we do to make it safe? So I’m going to kind of turn this over to you, Murs to get us started and kind of start talking us through and we’ll try to work through these different steps you can take. | |
Murs Tariq: | Yeah, I’ll start with number one and it’s going to feel obvious, but I think we are all guilty of this, which is using strong and unique passwords. I think we all get in the habit of coming up with one good password and then reusing that for multiple websites. And so think about that. If they get ahold of the one, well they’ve got ahold of all of them. And so the recommendation is to create a strong complex password and avoid using the same password for multiple sites. And also what has become more popular are these things called password managers. LastPass has it or LastPass is the name of one. Google has one, Apple has one. And then there’s plenty of other apps out there that create master passwords. And then it’ll help you create complex passwords that you don’t have to remember, which is nice. And that lets you have a different password to every single website that you use. So the more diversified you could be, just like we talk about with how you invest in your passwords, the more protected you will be. |
Radon Stancil: | Yeah, and also could you just speak on a factor here on these unique passwords about why we need to redo our passwords on a regular basis? |
Murs Tariq: | Yeah, so a lot of websites now have started to make you redo your password every 30 days. That’s probably too… I mean not as common, but once a quarter every six months or once a year, they will make you redo it just in case your password was compromised. And we always hear about institutions being compromised and you get an email that says, go redo your password just in case. So changing your password just in case there was any type of leak or anything that did happen is also going to help protect you too. |
Radon Stancil: | Yeah, I know for us as a firm, ours was quarterly until step two about when point number two came about and point two lets us replace our passwords now every six months. But here’s our step number two, enable two factor authentication. Now this is… I tell you I love this. It has to take a little bit to getting used to, but it adds a layer of security that’s really, really, really strong. Now even with two-factor, and let me explain what two-factor is. Think about this. Many of you’ve probably seen it, some institutions require it. We say you should require this any place that will allow you to have two-factor. So what two-factor means is that you’re going to have your password and then when you put your password in, it’s then going to have to either send you an email or a text, or they now have authentication applications that will send you now usually like a six digit number code. |
And that is going to change every time you log in. So I could go and log out, log right back in. I’ve got a new six numbers that have to come into play for me to log in. So now if somebody were to even figure out my password and get to one of my websites, one of my logins, and they don’t have that authentication app linked to me or my text or my email, then they’re not going to be able to get on. They’d have to have my phone or that application or the email. So my favorite is text and the reason why is because that’s with me on myself. It’s my phone. You had to hack my phone, you had to do a lot of different things in order to get to that second layer, even better than email in my opinion. And so just keep that in mind. | |
If anywhere you can do the second layer, the two factor, and even when you do two factor, you need to redo your passwords in our opinion, every six months. Doing that, we’ve almost locked out anybody from being able to get into our accounts. I mean we are doing now so far, but above what the hackers are out there going for. | |
Murs Tariq: | All right, number three, keep software and devices updated. Now I think we do a pretty good job of this. Most people do, but I think we do it for the wrong reason. So Apple releases, if you have an iPhone, they’ll release software updates pretty regularly. And when I think about the software update, I think about they’ve just introduced some new cool stuff to the cell phone, which is usually true, but also what they do in the background and they’ll usually tell you too, there’s been some bug fixes, there’s been some security issues that have been corrected, patches that have been added in. So all these different things and we’re doing it for the new fun stuff of the software. But what’s also happening as we update our softwares, as we update our mobile phones, tablets, all those things, we’re getting the security upgraded every single time because they have teams that are constantly monitoring any type of cybersecurity threats and if they have any holes in their software. And so the more you can keep those updated, you’ll have the freshest security measures that they have put in place. |
Radon Stancil: | All right, that’s going to move us on down to number four. Another very popular one is to beware of phishing attacks. And that phishing is spelled P-H-I-S-H-I-N-G. Those phishing attacks are where somebody sends you an email and in that email they can make it look official, they can make it look like it’s coming from UPS, FedEx, Amazon, and they might do that either by text or email. And in there they’re going to tell you to click on a link. And when you do that, that’s going to then load on some virus type of software program onto your computer, which now gives them some access. So you need to be very, very careful before you open an attachment or click on a link. You want to look at every email with a mindset of caution. All right? And so if you get an email and they say, go to this website, click on this website, don’t do that. Get out of the email, go to the website, don’t click on that link. |
Or what I do all the time is I’ll go up and I will click on who sent me the email. So a very popular one is we’re trying to deliver your Amazon package, I need you to click here to verify something. Then you go up and you click who sent it to you. And when you look at it is not from Amazon, it’s from some long thing from Gmail. Never, ever, ever click on those links. And so just be very careful about that. If you say you’ve got an Amazon package that’s trying to be delivered, just get out of that and don’t use the email or text. Go log into Amazon, go to your orders and look and see if there’s a thing there that needs to be done. Nine times out of 10, Amazon’s never going to contact you through that. Another one, by the way, the IRS never ever will contact you via text or email. Just keep that in mind. | |
Murs Tariq: | All right, number five, secure your home network. So your home network, think about all the things that are wired into your home network. We’re talking about your wifi, your router, the internet coming in. But now with the advanced world that we live in, you’ve got Google at our house, we have the Nest products, so kind of like the Alexas, they can control the lights in your house, the garage doors. A lot of times your securities are linked to those products as well. The Nest cam on your front door, thermostats, everything in the smart world that we live in, and it’s all kind of geared together with your Wi-Fi and your home network. So you want to secure your home network as best as possible, which is going back to number one, use strong and unique passwords even on your wifi and your router setups as well. |
You want to look at potentially different types of encryptions that you can have set up on your wifi. There’s a few different ways to do that. They can be complex, but they are worth it if you understand how they work. But the moral here is that there’s a lot that goes on in your house and your house is supposed to be your safe place for comfort. And so you want to make sure, shore that up and make sure it does feel that way. | |
Radon Stancil: | All right, our next one here is be mindful of public wifi. This is one that we learned about through one of the cybersecurity folks that we talked with in the past. And basically a hacker can set up what looks like a public wifi. So they might go to somewhere like say Starbucks, and they might just create a wifi that they are controlling and it says Starbucks public wifi just to make it up. They’ll use the name of the place, you click on it very quickly, not even thinking and thinking that you’re hitting their public wifi. And what that’s going to do now is give that person complete access to your phone. |
So there’s a few things you could do here. The primary one is if you go to a wifi, maybe let’s say you go to a hotel, you go to a restaurant. If they have to give you the name of the wifi and a password, that’s usually going to be safe. It’s the ones out there that you just can automatically log into and click on. I don’t care if that’s a city, an airport, be very careful. In fact we have a thing. We will not do that. If it does not need to have a password, a second layer to be able to get in and be secure, then don’t go on that wifi because they can look at everything you’re doing. They can watch your keystrokes. They’re going to understand exactly how to hack you. | |
Murs Tariq: | All right, number seven, backup important data regularly. You could be using the iCloud, you could be using Google Drive, Dropbox, all kinds of products have come out that are cloud-based, or you could do it the old school way and have an external hard drive. But if you’re able to back up your data, let’s make it simple and say you lose your laptop, well at least you have retained your data in a separate place. And if it’s up in the cloud, it’s much easier to retrieve it. If you were in a scenario where there was ransomware or some type of hacking on your computer while you’ve got it backed up, if you do it regularly, you’ve got it backed up to a point before there was some negligence or somebody coming in and messing with your stuff. So it preserves the data too if you’re doing it regularly enough. |
Radon Stancil: | All right, point number eight, educate yourself. Do exactly what you’re doing right now. You’re listening to a podcast and you’re saying, “Hey, I want to learn about these things and I want to start to apply them.” This topic is a topic you’ll hear us bring up from time to time. It’s not a one and done. There are always going to be new tricks that come out there that we just want to be aware of. So take some time, read up on things, make sure that you’re watching and listening and alert. When you hear a threat go, “How do I protect myself against that threat?” |
Murs Tariq: | Number nine, secure social media accounts. So we’re talking about Twitter, Facebook, Instagram are the most common ones, and then there’s a bunch of others outside of that. And there’s every single one of those has privacy settings. Now when you first set up that account, they go with a default privacy setting and it’s your job to go in and adjust those based on how secure you want them to be because you can monitor who can be friends with you, who can see your post and all these different things. And how private do you want to be. So you want to secure those because a lot of times we are putting a lot of information on social media and there are some people out there that are genuinely just wanting to know how you’re doing. And then there are others out there that want to generally know how you’re doing so that they can take advantage of it and your habits and everything like that. So you want to secure and be careful about who is watching you on social media. |
Radon Stancil: | All right, point number 10, encrypt sensitive data. Now, I’m going to tell you for most of us, the easiest way to do this is don’t send data. Let me just say this, do not send sensitive data via email. If you were to call up our office and ask us and say, “Hey, can you send me a statement?” We will not send you anything that has sensitive data on it via email. That’s the easiest way to avoid this whole concept of just saying, how do I encrypt? Encrypt, pretty much just saying, I’ve got to make a layer that somebody can’t get to it without knowing either a password or knowing how to be able to un-encrypt that data. So what we say is make sure you use something that’s secure. In fact, a lot of financial institutions right now use portals, which means you’ve got a place out there that the data is at. |
They might send you an email and say, “Use this link to access the portal.” But once you get to the portal, you’ve got to know a username and password that was given to you in another form other than on that email. Because again, somebody could more likely hack your email and they’re just watching. Whereas if we don’t ever send that, don’t ever send in the body of your email account information, anything that would help the person figure out where things are. And that’s going to help you a ton right there. Just don’t send sensitive data via email in particular. Text is a little bit better, but definitely not email. | |
Murs Tariq: | All right, number 11, secure mobile devices. Our phones, we can set up PINs, we can set up passwords, some phones take patterns. The most popular phone, the Apple iPhone does face biometrics. So there’s a lot of ways that we can secure our phone just before anyone can just get in it. It used to be a lot of people, all you had to do is swipe up on the phone and it unlocks it for you. So you want to make sure that there is a password to protect opening up your phone. And also I think having set up, so for Apple, I keep saying Apple because I have an iPhone, I know how they work pretty good. They have the Find my iPhone app that’s on there that if you were to lose your iPhone, you could log into your Apple account and it’ll give you the GPS as to where the iPhone is. |
That’s great. So maybe it’s lost, but what’s also another provision in there is that you can actually remotely erase that iPhone. So if you feel like it’s gone or it’s in the wrong hands, you can erase all the data that’s on there. And if you have it set up right, it’s all saved to the cloud as well. So you’re just really erasing the hard drive, but you can reset that up on a new phone when you get a new phone. So more of the story there is secure your mobile devices in case they were to get in the wrong hands. | |
Radon Stancil: | Alrighty, let’s see here. Our next one is limit access to personal information. This is one where again, I’m going to come back to the email or somebody saying, “Hey, we need to get this information from you. Please submit your date of birth.” Please do this. Please do that in order to give you access. And they’ll do it in slick little ways where they might ask for your home address and your date of birth and you’re thinking, that’s no big deal. I just was talking to a person the other day and they said, “Oh man, I got a phone call. And then when I got the phone call, before I knew it, I had already told them, verified my home address and then my date of birth.” So somebody calls up and says, I have this information for you. Then they tell you your home address. |
They’ve guessed or not guessed, but maybe they found that. And then they ask you to verify by using your date of birth and you say that. So now they don’t have enough yet to do a lot, but remember this is for them a full-time work job. So now they’ve got that data, they can log that data and now they’re just looking for the next layer. So be very careful about what you share unless you know who you’re sharing it with. You’re talking to the person you know who you’re sharing it with. When you call a financial institution, us, Charles Schwab, a bank, there are verifications that you will do, but they’re never going to ask you to give your entire social security number. For example, they’re going to say, verify this, verify that, and usually it’s going to be a couple of digits. So just be very careful about how you share your personal information. | |
Murs Tariq: | All right, number 13, use secure browsing practices. This is really internet browsing using websites. The recommendation is to use HTTPS encrypted websites. And just like Ray was saying before, be wary about the information you put on websites. Be wary about the pop-up ads that come up that look like it’s geared towards what you’re doing. Some of those pop-up ads, some of those websites, they’re all phishing websites that look legitimate, but they’re actually fake websites to start gathering some of your information. So just be very aware when you’re on the internet that there’s a lot of stuff out there. Anyone can create a website and so you want to just be headstrong around where you’re putting in your data on the internet. |
Radon Stancil: | All right, here’s our last one. Regularly review account activity. That’s, again, this is just common practice. Make sure you look, don’t go for six months and not look in an account. Just go look and say, “Hey, do I see all these transactions? Is there anything there that looks weird?” And most of us, I know for me, I look at least at my bank account, my credit cards. I kind of check that before I pay the bill. And if I see anything that looks weird, then I know that at least something might be going on. By the way, I would say of all the things, credit cards are one of the safest things because if they get hacked and somebody starts charging, then there’s protection on the credit cards. So these are just common practices, common things to do to help you when it comes to protecting yourself against cybersecurity. |
Again, the purpose of this was not to scare you, it was to empower you to be able to be on the internet and be able to do it safely. Again, I’ll tell you this, we went through 14 items here. If you get to that and you’re going, “Oh my gosh, that was a lot of good points.” And you want to see that in writing, go to the website, go look at rather our blog page, which is pomwealth.net. Go to the blog page and you can find an entire article written with these points on it. We hope this has been helpful. We’ll talk to you again next week. |