In today’s world, we must be vigilant to protect ourselves from cyber threats. Big-corporation security breaches that make headlines each year are out of our control; however, there are ways to reduce our vulnerability in the cyber world. Here are tips to keep your information safe:
Implement general security guidelines
- Use strong passwords for your computer/tablet/mobile devices:
- How simple are your passwords? Consider using unpredictable letter/number combinations. Also avoid using variations of one password.
- How often do you change them? Every 90 days is ideal.
- Where do you store your passwords? Saved in a file on your desktop or on a scratch piece of paper isn’t a good idea. There are both free and fee-based services that can help you remember them all. (See who PCMag says the Best Password Managers of 2017.)
- If separating work/personal information isn’t an option, consider encrypting files/emails on your personal devices.
- Review your security settings on social media, email programs, and Internet browsers. Clear their history often and limit stored cookies.
- When you’re away from home, don’t advertise it. This includes in your “away” messages at work and on social media. Use non-specific language to let people know when you’ll be in touch (e.g., “I won’t have access to email between [date] and [date]”).
Take physical steps to increase your personal security
• Lock your computer when you’re away from it.
• Cover/unplug webcams when not in use.
• Don’t leave your phone unattended, especially if you receive work-related information on the device. Mobile devices are an easy way for thieves to gain access to personal information.
Avoid social engineering and phishing attacks
- Social engineering often involves using human emotion to help persuade victims to give personal information that can later be used against them or someone else. (For example, in this social engineering trick video, a hacker uses social engineering to convince a phone company to give her someone’s personal information in about two minutes – and lock him out of his own account.) To minimize your risk, the Department of Homeland Security’s U.S. Computer Emergency Readiness Team recommends the following:
- Don’t respond to email solicitations for personal information, including following links sent in email.
- If someone calls you to verify personal information, ask for his/her name, company, and call-back number and hang up. Look up the phone number to see if the call is legitimate before calling back to discuss the matter at hand.
- Verify the website’s security before making purchases or providing identifying information.
- Pay attention to the URL of a website.
- Using your mouse, hover over the hyperlink. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
- Phishing attacks may appear to come from legitimate organizations, such as charities. For example, attackers often use recent disasters or public scares, such as fake hurricane relief funds, IRS scams, etc. To avoid many of these:
- Do your research and learn more about the charity before donating.
- Remember that the IRS will never call for information. They correspond through written letters.
At Redwood, we take your financial security seriously. When dealing with us, be sure to make all checks payable to Fidelity Investments or TD Ameritrade, as these are our custodian. (We won’t ask you to write checks to Redwood or any entity other than the accounts related to you.)
In addition, we limit trading capabilities to Redwood staff only to ensure our clients’ safety in the event their custodian login is compromised. We also physically call our clients when doing a third-party wire transfer (i.e., wire to close on a house) to ensure the transaction is initiated by the client.
For more ways to keep your information safe, read our Proactive Ways to Avoid Identity Theft newsletter article.
And lastly, don’t hesitate to contact your advisor if you ever have any questions or concerns about the security of your account(s). Thank you for your continued trust.