Cybersecurity Tips & Best Practices For Our Modern Age
By Steve Pisano, AIF®
Whether it’s a data breach at Equifax or Yahoo or your elderly neighbor falling prey to a phishing scam, it’s hard to feel safe in the virtual world that we have created for ourselves. From centuries of experience we learned to lock our doors at night and stay aware when walking through the woods alone, but cybersecurity is new to many of us. Our parents and grandparents ingrained in us that we are not to talk to strangers as children, but there is no age-old wisdom being passed down regarding the internet.
Keeping your information secure online can seem complex, or even scary, but don’t let fear keep you from taking action. How do you protect yourself, your personal information, and your family online? Today I’d like to give you some tips and tricks that will help you be and feel safer in our cyber world.
Passwords: Your First Line Of Defense
Your first line of defense online is passwords. Your passwords are the gates between criminals and things like your financial accounts, so you want them to be as strong as possible. For passwords, strength comes from complexity. Aim to use a mix of upper- and lowercase letters, special characters, and numbers. To make them easier to remember, choose a phrase or acronym that you created yourself.
In addition to strong passwords, you want to make sure you have separate passwords. Don’t use the same one, or a simple variation of the same one, for multiple accounts. Also, avoid using your name, government ID numbers, address, or other personal information that can be easily found, such as the names of your children or pets.
Even if you have a strong password, it is good practice to change it 3-4 times a year. Don’t store your passwords somewhere they can easily be found (like a sticky note on your computer!), and, by all means, don’t disclose them to anyone! When offered, add a second barrier to entry in addition to your password with two-factor authentication.
Public Wi-Fi: Convenient But Dangerous
A public Wi-Fi network is inherently less secure than your personal, private one because you don't know who set it up or who else is connecting to it. Because of this, you should avoid using public Wi-Fi for banking and shopping transactions or to send private information. If you are away from home and need to access secure information, it is better to use your smartphone as a hotspot instead.
Home Router: Keep It Private
Your home internet connection is more secure than public Wi-Fi because it is private, so you need to keep it that way. You should password protect your home router so that only approved people can access it. Make sure to practice good password habits like those mentioned above when doing so.
You should change the router’s default settings, including the password and name or SSID. As an extra precaution, you should also stop your router from publically broadcasting its name or SSID.
Software: Keep It Current
No software is perfect when it is originally created, which is why you constantly receive software update notifications. While you may be tempted to select the “update later” button, software updates are very important. Software is updated as security weaknesses are discovered. Failure to update your software leaves you vulnerable to those weaknesses.
Cybercriminals frequently use known exploits, or flaws, in your software to gain access to your system. Regularly updating your software can prevent this from happening. This is especially important with your operating systems and internet security software. Installing security and anti-virus updates can make it less likely that you’ll become a cybercrime target.
You: Be Wise
They say that a chain is only as strong as its weakest link. The best password and the most secure technology are useless if you give your information away unwittingly. Now, no one would do this on purpose, but many people fall victim to phishing and social engineering every day.
Criminals will search the news and social media for information about you that they can use to trick you, your family, and your friends. Phishing attempts can take many forms, but be wary of attachments you didn’t ask for or don’t expect, directives to change your password, or payment instructions. If you unexpectedly receive an email with a link or attachment, even from someone you know, contact the sender to verify its authenticity before opening the attachment or clicking on the link. Never give out passwords over the phone and always confirm the identity of unknown callers. A simple guideline to follow, if you are not expecting an email and there is a call to action (e.g. click this link or download this attachment) more likely than not you are being phished.
Pay attention to URLs. Malicious websites are designed to look like real ones, but the URL may use a spelling variation or different domain (e.g., .net when it should say .com). Also, learn to recognize the warning signs of fraudulent email. Watch for poor grammar, misspelled words, overuse of capital letters, urgent or threatening language, and sender names or addresses that are vague and incorrect.
Finally, when in doubt, ask. The world of cybersecurity is new to all of us, so you don’t have to feel embarrassed if you are unsure of something. As they say, it’s better to be safe than sorry. If you receive an email or phone call regarding one of your bank or investment accounts or your taxes, feel free to double-check with us before you respond. It is Simon Quick’s mission to protect and grow your family’s financial future and that doesn’t stop at our office door. If you have questions about the security of your online accounts or how we can help you with your family’s finances, call us at 973-525-1000 or email Info@simonquickadvisors.com.
About Steve Pisano
Mr. Pisano works as Chief Compliance Officer based in Morristown, NJ. He joined Simon Quick in 2016 from Dynasty Financial Partners where he served as Chief Compliance Officer of their Investment Operations and Platform. At Dynasty Mr. Pisano was responsible for Platform due diligence and was appointed CCO of the firm’s broker dealer. Prior to Dynasty, Mr. Pisano spent 3 years at HSBC in their registered investment advisor and broker dealer Compliance Department. During his tenure he served as Regulation Coordinator for the Investment Advisors Act of 1940, leading Advisory Compliance efforts in the Private Banking, Wealth Management, and Institutional Business lines. Prior to joining HSBC, Mr. Pisano held various roles in Compliance over 7 years with New York Life Insurance Company and began his career in the Branch Examination team where he conducted mock regulatory focus exams, earning his series 7, 24, and 66 licenses. In 2017 he successfully completed the Center for Fiduciary Studies Program to earn the Accredited Investment Fiduciary designation. Mr. Pisano holds a BA with honors from York College of Pennsylvania and a MBA in Financial Management from Pace University’s Lubin School of Business. To learn more about Steve visit his LinkedIn.
Simon Quick Advisors, LLC (Simon Quick) is an SEC registered investment adviser with a principal place of business in Morristown, NJ. Simon Quick may only transact business in states in which it is registered, or qualifies for an exemption or exclusion from registration requirements. A copy of our written disclosure brochure discussing our advisory services and fees is available upon request. References to Simon Quick as being "registered" does not imply a certain level of education or expertise. No information provided shall constitute, or be construed as, an offer to sell or a solicitation of an offer to acquire any security, investment product or service, nor shall any such security, product or service be offered or sold in any jurisdiction where such an offer or solicitation is prohibited by law or registration. Additionally, no information provided in this report is intended to constitute legal, tax, accounting, securities, or investment advice nor an opinion regarding the appropriateness of any investment, nor a solicitation of any type. Past performance may not be indicative of future results. Different types of investments involve varying degrees of risk. It should not be assumed that future performance of any specific investment or investment strategy will be profitable, equal any corresponding indicated performance level(s), be suitable for your portfolio or individual situation, or prove successful.