Strong Foundations: Personal Cybersecurity for Families

Your family’s digital life deserves the same care and protection as your home. From online banking to school apps, everyday tools can expose personal data to real threats. This guide offers practical and personal cybersecurity techniques to help you feel more confident and in control. You don’t need to be a tech expert to protect your family online. Discover which habits can strengthen your family’s digital foundation

Transforming Headlines into Everyday Practices

The United States government, private-sector, critical infrastructure networks, and those of allies, face daily cyberattacks from advanced persistent threat (APT) actors. Nation-state cyber actors are engaging in malicious cyber activities, demonstrating increasingly sophisticated cyber capabilities, and ability to avoid and conceal their movements.

For example, while writing a draft of this piece, Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive on October 15 in response to a nation-state cyber actor attack that started in August 2025.  The emergency directive states that this highly sophisticated “nation-state cyber actor poses an imminent risk, with the potential to exploit vulnerabilities…gain unauthorized access to embedded credentials and Application Programming Interface (API) keys.”[i] Affected federal agencies have been advised to take “emergency action.” These types of technology supply chain attacks can exfiltrate data undetected, install backdoor access code for future access, and “lead to a full compromise of target information systems”.

Separately, the U.S. Office of the Director of National Intelligence (ODNI) released a March 2025 report, stated that the “PRC’s campaign to preposition access on critical infrastructure for attacks during crisis or conflict… and its more recently identified compromise of U.S. telecommunications infrastructure… demonstrates the growing breadth and depth of the PRC’s capabilities to compromise U.S. infrastructure.”[ii]

Other groups opportunistically exploit vulnerabilities that are known to exist in a firm’s infrastructure, software, and systems.

Attacks and intrusions on large firms and cities make headlines. The capabilities displayed by hackers can also mean your financial and personal information stored online are at risk.

While there is no single solution for shielding your information online, there are some reasonable, everyday actions you can take.

Think you’ve got it covered? Practicing good personal cybersecurity can decrease your own personal financial and identify theft risk.

Let’s review some actions and techniques you can take to help shield yourself from cybersecurity threats.

Start Implementing Your Own Personal Cybersecurity Toolkit

When you put your financial information onto the internet, even behind “secure” websites, it’s important to stay vigilant and take precautions. Today, there are cybersecurity professionals have a view on security that it is not a question of “if”, but rather a question of “when” an online service gets compromised.

So, if you value your personal information remaining secure, you simply don’t want to put it on the internet.

While no service or approach is going to offer you total peace of mind, here are some specific, actionable, and approaches to consider.

Password Manager

Reflect for a moment on how many online accounts you and your family use throughout the year. Many of them contain personal and financial information.

If you are not already using a password management tool, there’s never been a better time to start using one.

A password, or credential, management tool is personal cybersecurity tool designed to securely store, organize, and manage your passwords, passcodes, and passkeys. Today, password managers have additional features like password generators and VPN tools. A password manager can also review your password security by enforcing strong password policies and facilitating secure access.

If you’re still unsure about password management tools, here’s a good primer covering the basics. In addition to using a password management tool, you should consider using strong passwords of at least 16 characters. Most password managers have strong password generators so that you can create a unique, strong password for each of your accounts. You can also consider using passphrases, a string of unrelated words. A key element of a strong password is that it is unique and not reused.

An Action Item to Consider: Find a password manager that you trust, meets the needs of your family, and fits your budget (not just the first-year teaser price). While it’s relatively easy to migrate from one password manager to another, you don’t want to have to do it more than is necessary.

Baseline Security Measure: On your phone, consider using an 8- to 10-digit passcode and de-activating biometrics. Ideally, use a random passcode generator rather than creating one you think is random. Avoid using 6-digit passcodes.

Multi-factor Authentication

Another item to consider for your personal cybersecurity toolkit is adding multi-factor authentication.

According to the Cybersecurity & Infrastructure Security Agency (CISA), “multi-factor authentication (MFA) is a strong authentication method. It requires two or more factors to gain access to the system. Each factor must come from a different category above (e.g., something you know and something you have). MFA may be referred to as two-factor authentication, or 2FA, when two factors are used.”

Creating a second check on your account access could lessen the chances of an account getting compromised.  MFA requires you to enter your normal password and provide a second piece of information. For example, an authentication app provides a unique, time-specific numeric code. An online service’s MFA could require you enter a code sent via text message or use facial recognition before the service grants you access.

If your password becomes compromised, a bad actor will also need to gain access to your authentication service before gaining direct, user-level access to your account. Here’s some more MFA information from CISA.

Using a third-party authentication app can be a more efficient experience and secure than text-based two-factor authentication.

If you choose to use an authentication app, remember to print the backup codes connected to that specific account. Store your printed backup codes in a safe place. Don’t be tempted to store the printed backup codes online or on your computer.

Note that if you have the option to use phishing resistant MFA like FIDO or Public Key Infrastructure-Based, that will be preferrable to SMS or Voice based MFA.

An Action Item to Consider: Make time to enable multifactor authentication on your financial and other online services, like email and social media, that have your personal information. Pair this personal cybersecurity activity with configuring your password manager discussed earlier.

Keep Your Device and Software Updated

We’ve all been there. It’s Wednesday morning, and your laptop has been crawling with system update downloads in the background. Then, the update prompt shows up on screen five minutes before your next meeting.

As tempting as it is to delay installing an update, there is usually a good reason to find the time sooner rather than later to install patches and software updates.

Keeping your devices up to date can decrease the likelihood of your device exposing your personal and financial information to unauthorized actors. Microsoft, for example, often pushes its latest fixes on Tuesdays, also known as Patch Tuesdays.

The same logic applies to your other personal devices, like phones and tablets.

Another related technique for your personal cybersecurity toolkit is to judiciously uninstall applications that you no longer use or don’t really need. Outdated software and apps can be vectors to spread malware and conduct vulnerability exploits.

Besides, it frees up storage for more family moments.

An Action Item to Consider: Update devices and software during your “off hours” each week. Regularly back up the data on your phone to an encrypted hard drive. Make it second nature, like checking your email for the eighth time today. On second thought…

Avoid Unsecured, Public Wi-Fi Without a VPN

It can be tempting to hop onto the free Wi-Fi available at the local coffee shop or in the hotel lobby.

Unfortunately, “just checking your email” through an unsecured wireless network could expose your laptop and the information to outside actors. Specifically, if you use an unsecured Wi-Fi connection, you could become the victim of Wi-Fi eavesdropping, malicious hotspots, and malware distribution. The sensitive information you are sending over an unsecured Wi-Fi network could be intercepted and used later.

For example, a packet sniffer on an older Wi-Fi network could gather your log-in credentials and later use them to gain access to a service or a network containing your financial or personal information.

Depending on your bandwidth needs and how long you plan to stay connected, consider activating the mobile hotspot function on your cell phone. That’s a simple personal cybersecurity technique to consider when you’re in a pinch.

If you need a more robust internet connection, first connect to a VPN service for a more secure connection to the services you’re using. Even with HTTPS, which means data is encrypted while it’s transmitted, a VPN can provide additional peace of mind when you’re traveling. As a matter of practice, do not use free VPN services. Oftentimes, your data is the product for a free VPN.

Physical Security Matters: Be aware of your surroundings, too. Securing your digital assets and data is important. Securing your physical devices is just as important. Don’t leave your devices unattended, even for a moment. If you’re working with sensitive personal or company information, be aware of shoulder surfers (and window reflections).

If you’ve ever directly plugged your device’s data cable into a charging port in a public space, you could have unintentionally provided bad actors with access to your machine. Instead, connect your own charging plug and cable directly to a wall outlet.

Minimize Your Bluetooth Device’s Discovery Mode Time

Wireless headphones and other Bluetooth-enabled devices make connecting devices less cumbersome.

Similar to the risks posed by connecting to public Wi-Fi, your Bluetooth-enabled device could allow unauthorized users to access the device.

If you’re operating a device like your phone or laptop in public and the device is in Bluetooth discovery mode, someone waiting for the opportunity could intercept the connection. While unlikely, it’s possible.

Not sure when your iPhone is in Bluetooth discovery mode?

Currently, this occurs when you go to Settings, then Bluetooth, and turn on your Bluetooth service. When activated, your Bluetooth settings will display a message stating that, “This iPhone is discoverable as “” while Bluetooth Settings is open.”

If you like using your Bluetooth headphones while you’re waiting for your flight or riding the train, you can pair the headphones to your phone or laptop while you’re at home or the office. Then, when you’re traveling, your phone will recognize your headphones as a pre-configured Bluetooth device. You can then connect the two while your device is in “hidden” Bluetooth mode.

So, if you’re not actively using a Bluetooth connection, save your battery and turn it off when you’re out and about. The same logic goes for other network connectivity tools like GPS and near-field communications (NFC) capabilities.

Back Up and Encrypt Your Device

Another personal cybersecurity tool to consider is backing up your personal devices to an encrypted hard drive and only storing information on encrypted devices. That way, if your phone, laptop or tablet is ever lost, you still have your information and won’t have to worry as much about losing the data.

You can also use full disk, or device-level, encryption to encrypt all the information stored on your device. Each operating system has its own approach. For example, Apple devices have full-disk encryption available via ‘Data Protection’. Familiarize yourself with how to secure the data on your device in case the device is lost or stolen.

Store Less Information Online and Review Your Online Financial Activity

When you’re shopping online or paying an infrequent bill (like a toll road fare from your summer road trip), try to store as little information online as you reasonably can. That can mean shopping as guest on a clothing website that you use infrequently. Or, choosing not to save your credit card or banking information on a website for later purchases. A password manager can easily populate that information for you the next time you make an online purchase.

While many credit cards have fraud protection, consider only using a relatively low credit limit credit card to pay for regular online bills.

It may sound silly, but before you link any of your accounts or share any personal information, verify that you’re interacting with the intended financial institution or business. What do their trust and security teams share with you to review? Spending just 5 minutes reviewing a firm’s website is better than trusting a webpage because it looks like the right company.

Consider reviewing third-party assessments that can confirm a company’s specific claims about its website security. If you have your banking or credit card information stored online here are some additional actions and techniques to consider in your daily life:

• Enable notifications/reporting: While major credit card companies are built to detect fraud before a transaction occurs, staying on top of your spending can help take correction action if it does happen. For example, you can set up transaction notifications or alerts for changes or activities in financial accounts. This can help you identify unauthorized transactions or suspicious activities.

• Regularly monitor financial transactions: Monitor your bank and credit card statements for any unusual or unauthorized transactions. As a next step, set aside 5-10 minutes each month to review your bank and credit card statements

• Be vigilant against phishing attacks: Don’t let yourself become a victim of phishing attempts via email, text messages, or phone calls. If somebody contacts you digitally with an urgent issue, you want to disengage immediately. Instead, contact the business or financial institution directly. For example, the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) released its 2024 annual report in April 2025. “The 2024 Internet Crime Report combines information from 859,532 complaints of suspected Internet crime and details reported losses exceeding $16 billion—a 33% increase in losses from 2023.” The number of documented IC3 phishing complaints was 193,407, representing roughly 22.5% of all complaints and total estimated losses of nearly $70,000,000.[iii]

• Do not click the link in an unsolicited text message or email asking you to update, check, or verify your account information. Instead, go directly to the company’s website to log into your account or call the phone number listed on the official website to see if something does in fact need your attention.

• Another way you can feel more prepared is by organizing your family’s financial and estate details. You can also summarize key professional relationships and contact information. All in a single place. Learn one approach to organizing your key details in a single document.

Your Personal Cybersecurity Checklist

Taking a Strategic View of Your Finances

Hopefully you found this personal cybersecurity checklist helpful. While not comprehensive, it is intended to be a starting point for security-mind investors to thoughtfully approach securing their data and devices. Securely using technology can help you avoid becoming an easier digital target, and to stay focused on your long-term goals.

Feel free to share this personal cybersecurity piece with that family member who could benefit from a well-intentioned reminder.

We help busy parents and professionals like you develop financial plans to address questions like:

• How can we save for a fulfilling retirement beyond our 401(k) plans?

• What does it take to save for the kids’ education and make a lifetime of memories along the way?

• These causes are close to our hearts – what are our options to give even more meaningful support?

As your financial planner in Saint Louis, we can help you get organized and start feeling more confident that you are making progress towards your savings priorities.

Working with your financial planner can provide you with the right mix of accountability, collaboration, and long-term thinking.

When you know who and what are truly important, we can help you create incredible clarity about your spending and savings priorities. Clarity to confidently save for and spend on what matters.

If you’re ready to take the next step together, let’s talk.

Disclosure

This commentary is provided for educational and informational purposes only and should not be construed as investment, tax, or legal advice. The information contained herein has been obtained from sources deemed reliable but is not guaranteed and may become outdated or otherwise superseded without notice. Investors are advised to consult with their investment professional about their specific financial needs and goals before making any investment decision.

---

[i] CISA Issues Emergency Directive to Address Critical Vulnerabilities in F5 Devices. Cybersecurity and Infrastructure Security Agency (CISA). (2025, October 15). https://www.cisa.gov/news-events/news/cisa-issues-emergency-directive-address-critical-vulnerabilities-f5-devices

[ii] ANNUAL THREAT ASSESSMENT OF THE U.S. INTELLIGENCE COMMUNITY. Office of the Director of National Intelligence. (2025, March 25). https://www.odni.gov/files/ODNI/documents/assessments/ATA-2025-Unclassified-Report.pdf

[iii] FBI’s Internet Crime Complaint Center. (2025, April 23). FBI’s 2024 Internet Crime Complaint Center Report Released. Federal Bureau of Investigation. https://www.fbi.gov/news/press-releases/fbi-releases-annual-internet-crime-report