Let’s get the scary stuff out of
the way upfront:
Cybercrime costs
the global economy $575 billion annually, according to reports. The United
States takes a $100 billion hit, the largest of any country, according to
Politico. A report from former U.S. intelligence officials counted 40 million
people whose personal information was stolen within the past year.
Online theft is huge, and it only
seems to be getting worse. Hardly a week goes by without some story about
hackers penetrating a computer system somewhere. Corporations, individuals,
even White House servers were hacked last week. I sometimes wonder just how
difficult it is for a determined bad guy to access grandma’s checking account
or your neighbor’s IRA and grab those assets.
I am not the only one thinking
about this. New York State Department of Financial Services issued a report on
cybersecurity in the banking sector, where more than 150 organizations rely on
third-party service providers for critical banking functions. The regulators
want the banks to tighten security.
So should you.
We spend most of our time in
financial markets looking at ways to deploy our capital: What assets to buy or
sell, how much we should save for retirement, whether we should own more of
these stocks and less of those bonds.
We don’t spend so much time thinking
about the ways we can lose that money — to fraud and to common theft. We should
be more vigilant, especially as we move our lives online, with digital access
to our checking and savings accounts, our online portfolios, even our taxes.
It is impossible to make yourself
hack-proof, but you can make yourself less vulnerable.
It all starts with some
common-sense security steps. Three ways you probably can improve your existing
practices: Develop better e-mail habits, beef up password security and (as always)
remember that your behavior is the root of most of your problems.
Get your e-mail act together
Every day, your inbox fills with
all manner of junk. Some of it is merely time-wasting nonsense, but let’s not
forget about the really dangerous stuff: phishing schemes, malicious viruses
and malware. It seems the only reprieve we get are those rare occasions when
the main servers in Russia — a.k.a. Spambot Central — gets temporarily knocked
off-line.
It’s more than a huge
productivity killer, it’s a financial hazard. That $100 billion a year we
mentioned above comes out of everyone’s pockets. Even if you have not been
hacked, you are paying for it in some way. Banking costs are higher as
financial firms spend hundreds of millions of dollars a year on security.
People have tried a variety of
ways to tackle this: Filters, whitelists, e-mail verifiers and trusted ID
services; disposable e-mail addresses from sites such as Mailinator; “junk”
e-mail addresses from Hotmail, Yahoo or Google. And still the danger keeps
coming.
I have a few tricks I use to keep
the really nasty stuff under control, such as:
●View e-mail as plain text.
All of the bad links, embedded
viruses and other malware go away when you select “view as plain text.” Sure,
you lose all of the graphics and links, but you lose the threats as well.
●Create a primary e-mail address.
This is your main address — for
colleagues, clients and peers. Never share this e-mail address. Don’t subscribe
to anything using this address — no Internet mailing lists, no subscriptions,
nada. Use this address alone for your finance- and business-related e-mails.
Anything unrelated is junk; treat it that way. Block the domains of senders.
Mark junk mail as junk.
●Use an e-mail forwarder.
I have been a big fan of Leemail.me.
Instead of giving out my e-mail address, I use Leemail to auto-generate an
address whenever I want to share my e-mail with an unfamiliar company. It
forwards my e-mail from the company to me. When I want to shut that sender off,
I flick a button.
Tracking the companies that share
or sell your e-mail address is invaluable. The basic version of Leemail is,
astonishingly, free, and the upgrade is only a few bucks a year.
●Don’t hit “unsubscribe”; get
blacklisted instead.
There are a number of companies
that provide e-mail services to third parties, shops such as Constant Contact,
Vertical Response and iContact. They are the middlemen between businesses and
consumers. And while they claim to be “opt-in only” and not spammers, in truth,
they are subject to whatever bad behaviors their clients engage in. They all
have become legal quasi-spammers.
On every e-mail these companies
send, there is an unsubscribe button. NEVER CLICK THAT. When you do, you are
not unsubscribing. Rather, you are verifying that your e-mail address is
legitimate.
Instead, go to the company Web
site and track down the customer service number. Call customer service and
insist on having your e-mail or domain “blacklisted.” Thats the only way to
ensure you will truly be unsubscribed. If the company refuses, file a Federal
Trade Commission complaint.
Password security
If you were like I was five years
ago, you had one simple password that you used for everything — Amazon,
Facebook, Wall Street Journal — everywhere. This could’ve been disastrous. Now
all passwords are different. Avoid the common errors, such as using birthdays
or your kids’ names. Never use sequential numbers. And for goodness sake, don’t
use “password” as your actual password.
Put all of your passwords on a
document named something other than “My passwords.” I find burying passwords
somewhere in a spreadsheet to be useful. Print out a copy and place it in your
safety deposit box with other important papers.
Your biggest risk? You.
I have said all too often that
when it comes to investing, people are their own worst enemy. Behavioral
problems are rife in security as well. Get into the practice of thinking about
security, and soon it becomes second nature.
The Securities and Exchange
Commission has gotten much more serious about personal financial data security.
They have informed advisers and brokers that there is a duty to protect client
data. When we set up our wealth-management practice, we put into place specific
policies and procedures to protect clients:
● All sensitive information is
sent by secure e-mail using a third party for encryption.
● We never e-mail Social Security
numbers or account numbers or other private data via regular email.
● We went totally paperless. Our
file cabinets are empty, everything is cloud based.
● Any documents that arrive are
shredded, so even our outgoing garbage is secure with nothing usable to a
thief.
Most of this is common sense.
However, many people are still vulnerable. With smarts and a bit of awareness,
you can make your financial assets much more secure.