Financial Planning and Investment Management: Haven Wealth Planning Financial Planning and Investment Management: Haven Wealth Planning
Exercise personal cybersecurity techniques while traveling.

Your Personal Cybersecurity Toolkit: 5 Simple Techniques Designed to Protect Your Digital Life

Bad actors can use the personal information you share online to steal your identity. It can also lead to fraudulent use of your credit card and bank account. Here are 5+ personal cybersecurity techniques to consider in your daily life. Think you have it covered?

Read on to see if you have any cybersecurity gaps. Or share this personal cybersecurity piece with that family member who could benefit from a well-intentioned reminder.

Learning Points

Transforming Headlines into Everyday Practices

As conflicts continue throughout the world, the United States, its allies, its partner countries and their respective industries face daily cyberattacks. Nation-state cyber actors engage in malicious cyber activities and exercise increasingly sophisticated cyber capabilities.

For example, while writing a draft of this piece, The Wall Street Journal published an article detailing how “hackers linked to the Chinese government broke into a handful of U.S. internet service providers…in pursuit of sensitive information.”[i]

The City of Arkansas City, Kansas reported a cybersecurity issue early Sunday morning, September 22, 2024, involving its Water Treatment Facility. As a result, the city switched to manual operations and is working with relevant “cybersecurity experts and government authorities”.[ii]

Other groups opportunistically exploit vulnerabilities that are known to exist in a firm’s infrastructure, software, and systems.

Attacks and intrusions on large firms and cities make headlines. The capabilities displayed by hackers can also mean your financial and personal information stored online are at risk.

While there is no single solution for shielding your information online, there are some reasonable, everyday actions you can take.

Think you’ve got it covered? Practicing good personal cybersecurity can decrease your own personal financial and identify theft risk.

Let’s review some actions and techniques you can take to help shield yourself from cybersecurity threats.

Start Implementing Your Own Personal Cybersecurity Toolkit

When you put your financial information onto the internet, even behind “secure” websites, it’s important to stay vigilant and take precautions. Today, there are cybersecurity professionals have a view on security that it is not a question of “if”, but rather a question of “when” an online service gets compromised.

So, if you value your personal information remaining secure, you simply don’t want to put it on the internet.

While no service or approach is going to offer you total peace of mind, here are some specific, actionable, and approaches to consider.

Exercise personal cybersecurity while you're using Bluetooth connected devices.

Personal Cybersecurity Toolkit: Password Manager

Reflect for a moment on how many online accounts you and your family use throughout the year. Many of them contain personal and financial information.

If you are not already using a password management tool, there’s never been a better time to start using one.

A password, or credential, management tool should be designed to securely store, organize, and manage your passwords, passcodes, and passkeys. Today, password managers have additional features like password generators and VPN tools. A password manager can also review your password security by enforcing strong password policies and facilitating secure access.

If you’re still unsure about password management tools, here’s a good primer covering the basics. In addition to using a password management tool, you should consider using strong passwords of at least 12 characters. Most password managers have strong password generators so that you can create a unique, strong password for each of your accounts.

An Action Item to Consider: Find a password manager that you trust, meets the needs of your family, and fits your budget (not just the first-year teaser price). While it’s relatively easy to migrate from one password manager to another, you don’t want to have to do it more than is necessary.

Personal Cybersecurity Toolkit: Multi-factor Authentication

Another item to consider for your personal cybersecurity toolkit is adding multi-factor authentication.

According to the Cybersecurity & Infrastructure Security Agency (CISA), “multi-factor authentication (MFA) is a strong authentication method. It requires two or more factors to gain access to the system. Each factor must come from a different category above (e.g., something you know and something you have). MFA may be referred to as two-factor authentication, or 2FA, when two factors are used.”

Creating a second check on your account access could lessen the chances of an account getting compromised.  MFA requires you to enter your normal password and provide a second piece of information. For example, an authentication app provides a unique, time-specific numeric code. An online service’s MFA could require you enter a code sent via text message or use facial recognition before the service grants you access.

If your password becomes compromised, a bad actor will also need to gain access to your authentication service before gaining direct, user-level access to your account. Here’s some more MFA information from CISA.

Using a third-party authentication app can be a more efficient experience and secure than text-based two-factor authentication. If you choose to use an authentication app, remember to print the backup codes connected to that specific account. Store your printed backup codes in a safe place. Don’t be tempted to store the printed backup codes online or on your computer.

Note that if you have the option to use phishing resistant MFA like FIDO or Public Key Infrastructure-Based, that will be preferrable to SMS or Voice based MFA.

An Action Item to Consider: Make time to enable multifactor authentication on your financial and other online services, like email, that have your personal information. Pair this personal cybersecurity activity with configuring your password manager discussed earlier.

Computer Chart

Personal Cybersecurity Toolkit: Keep Your Device and Software Updated

We’ve all been there. It’s Wednesday morning, and your laptop has been crawling with system update downloads in the background. Then, the update prompt shows up on screen five minutes before your next meeting.

As tempting as it is to kick the proverbial update can down the road as long as possible, there is usually a good reason to find time sooner rather than later to install patches and software updates.

Keeping your devices up to date can decrease the likelihood of your device exposing your personal and financial information to unauthorized actors. Microsoft, for example, often pushes its latest fixes on Tuesdays, also known as Patch Tuesdays.

The same logic applies to your other personal devices, like phones and tablets.

Another related technique for your cybersecurity toolkit is to judiciously uninstall applications that you no longer use or don’t really need. Outdated software and apps can be vectors to spread malware and conduct vulnerability exploits.

Besides, it frees up storage for more family photos and videos of your kids being goofy.

An Action Item to Consider: Update devices and software during your “off hours” each week. Regularly back up the data on your phone to an encrypted hard drive. Make it second nature, like checking your email for the seventeenth time today. On second thought…

Personal Cybersecurity Toolkit: Avoid Unsecured, Public Wi-Fi Without a VPN

If you’re on the road frequently, it’s tempting to hop onto the free Wi-Fi available at the local coffee shop or in the hotel lobby.

Unfortunately, “just checking your email” through an unsecured wireless network could expose your laptop and the information to outside actors. Specifically, if you use an unsecured Wi-Fi connection, you could become the victim of Wi-Fi eavesdropping, malicious hotspots, and malware distribution. The sensitive information you are sending over an unsecured Wi-Fi network could be intercepted and used later.

For example, a packet sniffer on an older Wi-Fi network could gather your log-in credentials and later use them to gain access to a service or a network containing your financial or personal information.

Depending on your bandwidth needs and how long you plan to stay connected, consider activating the mobile hotspot function on your cell phone. That’s a simple personal cybersecurity technique to consider when you’re in a pinch.

If you need a more robust internet connection, first connect to a VPN service for a more secure connection to the services you’re using. Even with HTTPS, which means data is encrypted while it’s transmitted, a VPN can provide additional peace of mind when you’re traveling.

Be aware of your surroundings, too. Securing your digital assets and data is important. Securing your physical devices is just as important. Don’t leave your devices unattended, even for a moment. If you’re working with sensitive personal or company information, be aware of shoulder surfers (and window reflections).

Another personal cybersecurity tool to consider is backing up your personal devices to an encrypted hard drive and only storing information on encrypted devices. That way, if your phone, laptop or tablet is ever lost, you still have your information and won’t have to worry as much about losing the data.

An Action Item to Consider: If you don’t have access to a VPN service, and find yourself using unsecured public Wi-Fi with frequency, consider buying an annual VPN license from a reputable provider. As a matter of practice, if you directly plug your device’s data cable into a charging port in a public space, you could unintentionally provide bad actors with access to your machine. Instead, connect your own charging plug and cable directly to a wall outlet.

Coffeeshop WiFi Personal Cybersecurity Toolkit

Personal Cybersecurity Toolkit: Reduce Bluetooth Discovery Mode Time

Wireless headphones and other Bluetooth-enabled devices make connecting devices less cumbersome.

Similar to the risks posed by connecting to public Wi-Fi, your Bluetooth-enabled device could allow unauthorized users to access the device.

If you’re operating a device like your phone or laptop in public and the device is in Bluetooth discovery mode, someone waiting for the opportunity could intercept the connection. While unlikely, it’s possible.

Not sure when your iPhone is in Bluetooth discovery mode?

Currently, this occurs when you go to Settings, then Bluetooth, and turn on your Bluetooth service. When activated, your Bluetooth settings will display a message stating that, “This iPhone is discoverable as “” while Bluetooth Settings is open.”

If you like using your Bluetooth headphones while you’re waiting for your flight or riding the train, you can pair the headphones to your phone or laptop while you’re at home or the office. Then, when you’re traveling, your phone will recognize your headphones as a pre-configured Bluetooth device. You can then connect the two while your device is in “hidden” Bluetooth mode.

So, if you’re not actively using a Bluetooth connection, save your battery and turn it off when you’re out and about. The same logic goes for other network connectivity tools like GPS and near-field communications (NFC) capabilities.

Bluetooth Screen

Personal Cybersecurity Toolkit: Store Less Information Online and Review Your Online Financial Activity

When you’re shopping online or paying an infrequent bill (like a toll road fare from your summer road trip), try to store as little information online as you reasonably can. That can mean shopping as guest on a clothing website that you use infrequently. Or, choosing not to save your credit card or banking information on a website for later purchases. A password manager can easily populate that information for you the next time you make an online purchase.

While many credit cards have fraud protection, consider only using a relatively low credit limit credit card to pay for regular online bills.

It may sound silly, but before you link any of your accounts or share any personal information, verify that you’re interacting with the intended financial institution or business. What do their trust and security teams share with you to review? Spending just 5 minutes reviewing a firm’s website is better than trusting a webpage because it looks like the right company.

Consider reviewing third-party assessments that can confirm a company’s specific claims about its website security. If you have your banking or credit card information stored online here are some additional actions and techniques to consider in your daily life:

  • Enable notifications/reporting: While major credit card companies are built to detect fraud before a transaction occurs, staying on top of your spending can help take correction action if it does happen. For example, you can set up transaction notifications or alerts for changes or activities in financial accounts. This can help you identify unauthorized transactions or suspicious activities.
  • Regularly monitor financial transactions: Monitor your bank and credit card statements for any unusual or unauthorized transactions. As a next step, set aside 5-10 minutes each month to review your bank and credit card statements
  • Be vigilant against phishing attacks: Don’t let yourself become a victim of phishing attempts via email, text messages, or phone calls. If somebody contacts you digitally with an urgent issue, you want to disengage immediately. Instead, contact the business or financial institution directly. For example, the Federal Bureau of Investigations published a Public Service Announcement on August 2, 2024, explaining a current “fraudulent scheme in which scammers impersonate bank representatives” who call bank customers with the goal of obtaining their physical credit card chip and PIN number. If it’s prevalent enough to merit a public service announcement, it’s something to be on guard against.
  • Do not click the link in an unsolicited text message or email asking you to update, check, or verify your account information. Instead, go directly to the company’s website to log into your account or call the phone number listed on the official website to see if something does in fact need your attention.

Your Personal Cybersecurity Checklist

Password Manager
Multi-factor Authentication
Update software and device firmware
Use a VPN. Avoid unsecured public Wi-Fi
Reduce Time Spent in Bluetooth Discovery Mode
Store Less Information Online and Review Your Financial Activity

The Next Step

When you know who and what are truly important, you can create incredible clarity about your spending and saving.

Clarity to confidently spend on things that matter. Clarity to avoid spending your hard-earned resources on things that aren’t aligned with what you want in life.

As your financial planner in Saint Louis, we can help you plan for the future and enjoy the present moment. Start feeling more confident that you are making progress toward your savings priorities.

Proactive and open collaboration with your financial, tax, and estate planning professionals can help you work towards your financial goals. Working with your financial planner in Saint Louis can provide you with the right mix of accountability, collaboration, and long-term thinking.

If you’re unsure about your next step, let’s talk.

Disclosure

This commentary is provided for educational and informational purposes only and should not be construed as investment, tax, or legal advice. The information contained herein has been obtained from sources deemed reliable but is not guaranteed and may become outdated or otherwise superseded without notice. Investors are advised to consult with their investment professional about their specific financial needs and goals before making any investment decision.

Let’s Start a Conversation

[i] Krouse, S., McMillan, R., & Volz, D. (2024, September 25). China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack. The Wall Street Journal. https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835?reflink=desktopwebshare_permalink

[ii] Environmental Services Administration. (n.d.). City of Arkansas City Faces Cybersecurity Incident. City of Arkansas City, Kansas. https://www.arkcity.org/environmental-services/page/city-arkansas-city-faces-cybersecurity-incident

Take the Next Step

314-403-2473

Contact Us

Fee-Only, Fiduciary Advisors

Haven + You.

Enjoy Your Now and Many Bright Tomorrows.

The firm is principally registered as an investment adviser with the state of Missouri, and is registered in other state(s) as applicable. The firm may only transact business with residents of those states, or residents of other states where otherwise legally permitted subject to exemption or exclusion from registration requirements. Registration with the United States Securities and Exchange Commission or any state securities authority does not imply a certain level of skill or training.

 

© 2024 Haven Wealth Planning, LLC. All Rights Reserved.

Share This

Copy Link to Clipboard

Copy