The ability to communicate and store our personal information online has certainly made our lives easier. From online bill pay to investment portfolio review to cyber shopping – it’s remarkable to think of how we use the internet compared to a decade ago. Of course, as the amount of data we store and share online grows, we must be vigilant about how we protect that information. The recent Equifax data breach, which we discussed in September’s Viewpoint, affected an unprecedented number of people, reinforcing the importance of being vigilant with our credit and personal information. As such, we want to offer a few additional tips to enhance your information security and share some of the strategies Truepoint implements to secure our digital records.
DO: Install a secure password manager
One of the best methods in securing your accounts online is to implement good password practices, like utilizing strong and unique passwords on each site. However, this can make it difficult to remember those passwords. Many web browsers like Firefox and Safari now prompt users to save usernames and passwords when visiting websites. While this feature may seem convenient, it is not a secure way to save your login information. Instead, use a password manager system that can securely store passwords for all your online accounts. These systems encrypt your passwords, help you create strong passwords, use auto-fill to simplify logins and allow you to access your credentials from multiple devices. For example, LastPass stores passwords in an encrypted “vault” and requires a master password that provides access to the “password vault.” Once the user logs in with the master password, LastPass will fill in usernames and passwords to your websites for you. LastPass is one example of a reliable password manager – there are many more out there to meet different needs and budgets.
DON’T: Share personal information over text messaging or email
Texting or emailing personal information such as credit card numbers, social security numbers or other confidential information to people you trust may seem harmless, but these communication channels are not entirely secure. If your email is hacked, then any personal information you sent could be at risk. Instead, share the information in person, over the phone, or by using a secure portal, such as Truepoint’s Client Portal.
DO: Enable two-factor authentication
Along with using strong passwords, implementing two-factor authentication (or multi-factor authentication) dramatically helps secure your information. This simply means that gaining access to a secure site will require both your password and a specific code. Upon entering your password, this code is immediately delivered to your mobile phone via text message and typically expires within a set time frame. Banks, email platforms and many other software systems offer two-factor authentication, which greatly enhances the security of your information and is worth the minor inconvenience.
There are also third-party providers to consider. One example is Duo, which verifies user identities with an easy-to-use two-factor authentication solution. Duo-enabled systems prompt the user to verify login attempts by using software installed on smartphones. Whenever a user attempts to log in to a system, Duo presents an alert on the phone asking the user to validate the login attempt. The user then confirms the login’s legitimacy.
DON’T: Click on strange links in emails
When you receive an email, be extremely cautious before clicking on ANY links or opening attachments. It is common for hackers to fake the source of emails or to use stolen accounts to send emails. If you were not expecting an email with a link, you should verify with the sender that they sent you the email. But be cautious when using email to verify the validity of the message! We have seen several instances where a stolen account was used to send emails with malicious links, and the recipient replied to the sender to verify the message’s authenticity. The hacker, using the stolen account, replied and instructed the recipient to open the link. In this case, a quick phone call would confirm the email was a hoax and inform the email’s owner that their account was compromised.
For emails that come from financial institutions or other organizations you may know, it is also recommended to NOT click on a link included in the email. Instead, type in the business web address directly into the web browser and log in from there. Whenever there is doubt as to the validity of a link in an email, it never hurts to manually type in the website address.
DO: Update your computer and apps
To combat hacking attempts, software companies have resources dedicated to removing bugs from their software. As such, it is important to regularly update your software to take advantage of these updates. Switching applications to the “automatic update” setting will ensure that these security updates will download when they become available. This effectively removes known vulnerabilities that hackers use to break into computers.
Online protection is important
As a society, we spend a great deal of time and effort protecting ourselves, our family and our property from theft or attack, and we can’t overlook our digital lives when it comes to safety. Technology will only continue to provide opportunities for efficiencies, so we must use best practices to ensure the right safeguards are in place. If you have any questions about any of these suggestions or want to learn more about specific measures Truepoint takes, please contact us.