Cybersecurity threats are a major threat to your retirement planning. Thirty or more years ago, protecting against cybersecurity threats wasn’t an issue. Today, institutes are hacked, data is leaked, and it can put your retirement at risk as a result.

We don’t want this episode to scare any of our listeners. Instead, we want to empower you by providing the steps that you need to take to secure your retirement against a potential cyberattack.

Understanding Our Obligation to Clients as a Financial Advisor

Before we dive deep into how you can protect against cybersecurity threats, we must mention that as a financial advisor, we must do everything in our power to protect our clients and ourselves.

The Securities and Exchange Commission (SEC) requires that, as financial advisors, we’re always being trained to ensure that we protect our clients against cybersecurity attacks to the best of our ability.

Unfortunately, there are always risks of cyber threats, but we can make it a big challenge for hackers. We know that if you follow the keys steps below, you will not be an easy target for hackers that would love to obtain your information or gain access to your accounts. Using the following list can help you remain safe on the internet.

14 Steps to Protecting Against Cybersecurity Threats

1. Create a Different Password for Each Site That You Use

Passwords are the gateway to your email, social, banking, retirement and other financial accounts. If you have a weak password, it can easily be cracked using a brute force attack. However, and more importantly, you want your password to be:

• Long and include upper- and lower-case letters, numbers, and a special character
• Different for all sites that you use

Why?

Imagine someone figuring out your Facebook account’s password and then they look through your account settings, find your email address and try logging into your email account. If the passwords are the same, they’ll now have access to your email and can request password reset links and take over many accounts at once.

If you’re like most people and know it’s going to be a real challenge to remember passwords for dozens of websites, you can use what is known as a password manager. A few options are:

• LastPass
• 1Password
• Bitwarden
• NordPass

On top of having a unique password for all your accounts, we do recommend changing your passwords every 30 days and at the very least, once a year.

If an institute gets compromised, changing your password every quarter, six months, or when a site asks you to will help protect you if a leak does occur. 

2. Enable Two-Factor Authentication

If a site offers two-factor authentication, enable it. Why? 

Two-factor authentication takes time to get used to, but it adds an extremely powerful level of protection to your account. We like using text messages for authentication because that means the person would need to hack your phone in person, which is extremely unlikely.

 You’ll need to:

• Put your password into a site
• Verify it’s you through a text message, email or application that sends you a code that changes every time

You’ll still need to redo your password every six months. These two simple steps go above and beyond in terms of assurance that you have as low of a risk of having your account compromised as possible.

3. Keep Software and Devices Updated

All your Internet-connected devices should be updated as soon as a patch or update is available. Keeping your PC, mobile phone, tablets, laptops, and other internet connected electronics updated ensures that your device has the latest software, which may add useful features, but more importantly often eliminates bugs and security holes.

4. Beware of Phishing Attacks

Phishing attacks have been around since the creation of email, yet they still accounted for 40% of breaches in 2022. Be aware of phishing emails and social media messages.

The hacker will be “phishing” for information and even include dangerous links that load a virus onto your device. Hackers will make the email look like it’s official and from:

• Friends or family
• Financial institutions
• USPS, FedEx, or other delivery services

Some hackers will even send you a text with one of these links. Do not click on those links. Instead, go to the official website and see if there’s an issue. Amazon emails and texts are one of the most faked and they often say there was a “problem with your delivery,” along with some sort of link for you to click.

Log into your Amazon account to confirm there’s a problem because these links are often malicious.

NOTE: The IRS will never contact you via e-mail or text.

5. Secure Your Home Network

For a moment, consider all the devices that you have logged into your home network. Your Wi-Fi, router, Nest (ecobee), Alexa devices, cameras, and so on connect to your home network. Smart devices can be hacked.

You want to have strong, unique passwords on your router and change to a high-end encryption when available.

6. Be Mindful of Public Wi-Fi

We learned about this issue from a cybersecurity professional that we talked to in the past. You may log into a public Wi-Fi at Starbucks, hotel, or at the airport, but the hacker can create a Wi-Fi that they control that allows them to access your information.

This hack is a little more advanced. Imagine that a hacker sitting in Starbucks creates a Wi-Fi name “Starbucks Guest,” and you log into it. Now, they can filter your traffic and gain access to your accounts.

If the Wi-Fi requires a password, it’s often encrypted and safe. However, if you can log into the Wi-Fi without a password, this is where the real risks exist. 

7. Backup Important Data Regularly

Important files can become corrupt, you may delete them, or someone else may access them. You may also lose a device with important files. You can and should backup your data regularly. There are options to do this offline, but most people use a cloud service or something like:

• Dropbox
• Carbonite
• Box
• OneDrive
• Amazon Cloud Drive
• iCloud 

Regular backups will also help preserve data if you fall victim to ransomware.

8. Educate Yourself

Spend time educating yourself on recent advancements in cybersecurity. A little education can go a long way in helping you protect against new attacks that may circumvent old security measures.

9. Secure Social Media Accounts

More than half of the world’s population is on social media – that’s a lot of people. You want to secure your:

• Facebook
• Instagram
• Twitter (X)

Navigate to your account’s settings and adjust your privacy settings. Some people put a lot of information on their social media accounts, and a hacker or thief can use this information to exploit you in some way.

For example, there are stories of people posting vacation pictures on a public social media account, and a thief finds their house number and breaks into their home. You can avoid this by strengthening the privacy settings on your account and posting less identifying information about yourself.

10. Encrypt Sensitive Data

Encryption is a bit of a complex topic for anyone who isn’t tech-savvy, so we recommend a simple approach: avoid sending sensitive data online. If you call us and ask us to send you a statement, we won’t send it directly via email because it’s risky.

Using secure financial portals that are encrypted is an option, but you can install encryption on your devices, too.

In the body of your email, never ever send:

• Account information
• Password
• Identifying information 

11. Secure Mobile Devices

If you’re on your cell phone playing with apps, talking to your grandkids or spouse, there’s a good chance that you have a lot of sensitive data on your device. We recommend adding a layer of security to access your smartphone and mobile devices, such as:

• Pin number
• Password 
• Biometric face recognition
• Thumbprint

Securing your phone so that you’re the only one who can use it is very important. We also recommend setting up the “Find my Phone” setting on the phone so that you can remotely erase data on the phone and locate it if it has been stolen.

12. Limit Access to Personal Information

If someone asks you to provide personal information, such as your name, address, or date of birth, be very cautious when providing this information. While this information may not be enough to do anything too malicious to your account, anything else may be a security risk.

Hackers will take this information and use it to try to find more, to learn as much as they can about you.

Unless you know the person that you are talking to and can verify it’s them, be very cautious of providing any information. Hackers may even call you with scary news, such as “your grandchild Stephanie has been in a car accident, and we need your credit card information on file.”

Instead, be cautious of these calls, texts, or messages and be 100% positive that you know the person you’re giving your information to on the phone, in email, via text or so on.

13. Use Secure Browsing Practices

Be wary about information that you send online and be sure to use safe browsing practices. For example, you’ll want to:

1. Visit only trusted websites
2. Look for the “https” in the website URL
3. Be wary of pop-up ads
4. Don’t download anything from unofficial sources

14. Regularly Review Account Activity

A regular review of the activity on your account will help you:

• Identify if an account is compromised
• Freeze accounts before serious damage occurs

If you go six months without reviewing your accounts and information, you risk allowing someone to steal your data for this length of time.

While we covered a lot in this article (you can listen to the podcast here), it’s important to go through each step one at a time. Following these simple steps will help you protect your data and identity online.

Click here to view our recent books on securing your retirement.