Best Practices: Cyber Security

Best Practices
Written By Chase Reid

At Stonekeep Investments, we take our cyber security seriously and follow industry best practices. We are confident that our client accounts and personal information are safe. However, we are continuously looking for potential vulnerabilities.

We have identified YOU as a threat.

As you may know, we seek out opportunities to help clients (and non-clients) beyond traditional investment management and financial planning advice. Please think about your current cyber security hygiene and consider implementing some of the tips/recommendations below. Securing your data and devices not only protects you but also helps protect everyone else who is connected to you as well!


 

#1 - Keep Software Up-To-Date

The majority of successful cyber security attacks are linked to out-of-date software! Make sure you always leave your automatic software updates turned on and that you are not delaying these updates.

Be aware that many companies will stop supporting certain versions of their software over time as newer versions are released. Outdated hardware like old computers and phones may also present vulnerabilities as they may not be able to run the most up-to-date software.

If you are using a USB or other type of external drive that is not straight out of the package, be sure to scan this device for malicious software before opening it.

 

#2 - Multi-Factor Authentication (MFA)

Mistakes happen. Either by you or by a company that is in charge of protecting your information. One of the best ways to keep mistakes from compounding into bigger cross-platform issues is to enable multi-factor authentication (this includes two-factor authentication) whenever possible. There are many forms of MFA such as verification texts or authenticator apps.

Never give anyone a code that you did not generate. They may be trying to hack through your multi-factor authentication under the guise that they need to verify you.

#3 - Up Your Password Game

Do not reuse passwords! I know that is easier said than done, but password managers are a game changer! There are a lot of good ones out there, but I use LastPass and love it. You create an account using a unique complex password and enable multi-factor authentication. The base version is free and can be used on either desktop or mobile (upgrade to use both). Once installed, it will start saving and updating your login information and making it easier to maintain unique passwords across all of your platforms.

Reusing the same password for every website leaves you susceptible to cross-platform vulnerabilities because if one website gets hacked, they can take your login information from that site and quickly try every other popular application. Password managers will warn you if there is a known data compromise for one of the companies that have your information so you can quickly change your password on that platform (and any other site that uses that password).

 
 

#4 - Protect Your Info

Make sure all your devices are locked. If available, enable lost device capabilities to find or remote wipe your device.

Do not send emails with your personal information, logins, passwords, or credit card/account numbers. If you must send this information over email, use an email that puts limitations on the content by having password protection, time limitations, and/or other protective measures. Password-protected PDFs are also a valuable tool when used properly.

When connecting to public wifi, pay extra attention to the websites you are visiting to make sure they are encrypting your browsing information. If you do not see the lock next to the website address, then your data may not be encrypted. If you absolutely must proceed on these unencrypted websites, consider using a VPN or connecting to your own cellular hotspot.

Shred/tear before throwing away things that have sensitive information (full account numbers, social security numbers, etc…)… okay that one isn’t exactly cyber-related but do it!

 
 

#5(a) - Awareness

This may sound cheesy, but anyone who is connected to the internet in any way is vulnerable. Almost all cyberattacks stem from a user volunteering information freely, by clicking a link, or downloading a malicious package. One of the best things you can do to reduce your risk is to just be aware and exercise caution when things look suspicious.

Still one of the most prevalent types of attacks is a phishing attack. If you receive a suspicious email asking you to volunteer information or to verify who you are, stop and think about the potential that something might be up. Instead of clicking on the link sent to you in an email or text, try searching for it in a web browser to make sure you are going directly to that website. On a computer, you can also hover over a link and it might show you in the bottom left of your browser where this link will take you. Look for “https://” in the web address and for spelling errors such “www.facebooks.com”. If you do click on the link, look for the lock next to the web address indicating a secure connection.

If something seems “phishy” and you know the person - try contacting that person through a different medium to confirm with them that they are in fact communicating with you on the other platform.

#5(b) - Awareness

Share your new knowledge with others. If you are the tech person in the family make sure that you are helping others stay safe. Parents have the duty to protect their children from making these mistakes as well (parents check out this link to the CISA’s tips for keeping children safe online).

No one is 100% cyber safe if they are connecting to the internet at all. There is often a tradeoff between cyber security and convenience in many cases. However, I urge everyone to evaluate how cyber safe they currently are and consider implementing some of the tips/recommendations above.

 

Protecting yourself online will also help protect others around you.

 
 
Chase Reid
Previous

Review: First Quarter of 2022
Next

Review: Fourth Quarter of 2021