Many of us take security for granted — until we no longer have it.
Often, it takes us or someone we know suffering a breach, such as a home or auto break-in, to make us pay attention to our own security situation.
The same goes for online security. People’s email accounts are being hacked all the time. Don’t wait for your email to be hacked. Chances are, you need to pay more attention to online security now.
The goal of this article is not to scare you, but to increase your awareness of security risks and give you some easy and immediate steps you can take to improve your online security situation.
Online security breaches are on the rise
As our use of online systems for storing personal data has grown, so has the problem of fraudulent access to that information.
Identity theft and fraud has been growing steadily in the past decades, according to reports in the U.S. and Canada. A 2014 cyber security examination program by the SEC found that three out of four advisors and firms surveyed were targets of online attacks. Most attacks were fraudulent emails, with 25% of respondents reporting losses of between $5,000 and $75,000.
Despite relatively small financial losses, these types of attacks can have broader impacts that cannot be ignored, including loss of data, breaches of privacy and compliance infractions. Perhaps most concerning, these attacks can negatively affect your reputation.
You are the weakest link in security
Maybe you don’t feel like you understand technology well enough to implement proper security. Or maybe you understand technology, but don’t want to be inconvenienced by added security — or you feel you’re just too busy to deal with it. Perhaps, you think nobody is going to bother hacking you because you’re a small operation.
These excuses make you more vulnerable to an online security breach. It’s not complicated to develop good security habits. Are you too busy to lock your door and activate your alarm system at night or when you leave your house?
Most importantly, you don’t want to have to tell your clients that the foundation of your online security strategy is hoping the hackers don’t target you. Read that line again and think about it. That probably is your current security strategy.
Five simple habits that can increase your online security
There are lots of ways to protect yourself online and some of them can get complicated, but these five habits are easy and important to adopt immediately:
1. Always use long and strong passwords
Long passwords are virtually impossible to guess, even for supercomputers capable of high-speed processing. The problem is, we humans choose short passwords that are easy for us to remember. In fact, one analysis of hacked passwords from almost 1 in 3 people use a simple password that can be found on a common list of 10,000 passwords. When hackers are trying to break into your email account or login fraudulently to a website, they try these 10,000 passwords first and it only takes them seconds.
The best way to fix this problem is to never ever use one of the 10,000 simple passwords. You know, the clever ones, like ’123456′ or ‘password’. Instead, you should always try to pick a password that is long and strong. Password length is the single most important factor in making it strong.
The problem with long passwords is that they can be hard to remember. One trick is to choose a password consisting of three or four random words strung together. For instance, take the words “correct” followed by “horse”, then “battery” and finally “staple” and put them together to make the super strong password “correcthorsebatterystaple”. Since these are four actual words, it makes it easier for you to remember, while being virtually impossible for a hacker to guess and also very challenging for a random password generating program to crack with brute force.
To make it even easier to remember a strong password, choose a string of words from a song or poem then add a number or two. For instance, “yesterdayallmytroublesseemedsofaraway65!” is a super strong password that any Beatles fan could easily remember!
2. Use a password manager
While strong passwords are the basis of online security, managing all those passwords can become difficult. Enter the password manager.
Password managers are online repositories for the multitude of logins and passwords that we need for our online life. We have passwords for email, online banking and investments, social media accounts, other web-based services, news subscriptions, online stores, registration sites, and the list goes on and on. Password managers store all your logins and passwords using one master password that you set to be a super strong password based on the examples above.
There are a variety of popular password manager programs in the marketplace. Personally, I use and recommend LastPass, which is free on your desktop and $12 annually for the mobile app version. I have also heard good things about 1Password and Dashlane and there are a growing number of similar tools out there. Avoid using your browser to store passwords as this is less secure than a dedicated application that is hosted in the cloud.
3. Never send private information via public email
Public email is any consumer email account, such as that offered by your Internet provider (eg., Rogers, Bell, Telus, etc. in Canada or AT&T, Sprint, Verizon, T-Mobile, etc. in the US) or free Gmail or Hotmail accounts. (Corporate email is owned and managed by your employer and offers additional security for messages that remain inside the network between corporate email accounts.)
Public email was never designed to be secure. Messages can be intercepted and the contents viewed. You should never email files with personal information, such as health history, personally identifying account numbers or Social Insurance Numbers.
Instead, think of how your bank sends you private information. They post your statement or sensitive correspondence on their secure banking site, then send you an email telling you to go to the secure site to read the information. In order to get to the banking site, you need to log in and often need to respond to a secondary set of personal questions (eg., mother’s maiden name). Only then do you get access to the private information.
Similar secure messaging solutions that encrypt and protect data in storage and in transit are available for financial professionals in Canada and the US.
4. Avoid phishing scams through awareness and education
“Phishing” refers to the spoofing of legitimate email or server identities in order to trick people into providing private data.
For instance, your clients or staff could be tricked into clicking an email link and exposing private information. This is how hackers install malware and steal passwords. Once an email account has been compromised, hackers will use the email account to commit fraud. For instance, say you receive an email from your client’s compromised email address demanding funds be wired to a bank account.
Only a security-aware organization with good internal security procedures can protect themselves from this kind of exploit. Establish internal security procedures that require verbal confirmation from the client of significant transactions and make sure you and your administrative team are receiving regular security updates and training.
5. Keep all software up to date
All software has security flaws, and sometimes those flaws are fixed after initial release. Set up auto-updates or implement a procedure to ensure that you’re always using the most current versions of all software. Anti-virus programs should also be updated regularly, as new threats are appearing all the time.
Better security practices are easy to implement and will serve your clients and your business well. So, stop making excuses — for the sake of your clients’ security and your own professionalism.