Broker Check

Cyber security tips from an FBI agent

| August 14, 2018
Share |
In July, we hosted a brunch and seminar at the Ridgewood Country Club for our clients and friends.  The seminar focused on identity theft and keeping ourselves and our information safe.  We were joined by FBI Agent Migliaccio who is an expert in identity theft and fraud and we enjoyed an interesting and interactive session.
Many of the questions that arose from the audience were specific to computer and online safety and while this is not Agent Migliaccio's area of expertise, we are fortunate to have another contact at the FBI who does specialize in this area.  We passed along these questions to Agent Riley who came back with some great advice, and we are happy to share this excellent information with all of you.  Please get in touch if you have any other questions and we will do our best to have them answered by these experts! 

What are your top tips for staying safe with email?

Assume everything that you put into an email will be read by everyone. Never, ever put personal information (DOB, SSN, etc.) in the body of an email. Don’t send attachments with personal information in them unless it’s absolutely necessary, and ask the receiver to delete the email after they receive it. The less your information is floating around the internet, the better.

If the email you use offers two-factor authentication, use it. Basically, it’s an added layer of login protection. So, in addition to entering your password, another form of verification is required. For example, a code might be sent to your phone via text message, and once you enter that code (after entering your password) you can access your email. It’s similar to the various questions we’re asked when we call the bank or the credit card companies. Here’s a link to an article that explains the concept pretty well:

https://www.pcmag.com/feature/358289/two-factor-authentication-who-has-it-and-how-to-set-it-up

Do you recommend using third party providers like LifeLock?

It’s fine to use these services. Some are better than others, so research the companies thoroughly beforehand. These companies mainly monitor your credit reports, and will alert you if they see something out of the ordinary.

As a reminder, everyone is able to get free copies of their credit reports from the three major reporting agencies once per year via annualcreditreport.com. You can get all three at one time, or you can stagger them however you like. I recommend getting one every four months (for example, Equifax in January, Transunion in May, and Experian in September), that way you might catch something strange after four months instead of 12.  I realize that some people may not have the time to do this, so it’s not a bad thing to pay for a company to handle it. Whether or not you choose to hire a monitoring service, we should all be on the lookout for suspicious activity with our credit. The internet has made it very easy for credit cards and other personal information to be stolen, so consistent monitoring is a must.

I clicked on something and now my computer is acting funny.  What should I do?

Document what’s happening with the computer. It will help whoever may end up troubleshooting your machine. Run a virus/malware scan, and see if that fixes the problem. If you don’t feel comfortable trying to fix the problem on your own, there are companies you can hire to look at your machine (ex. Geek Squad). Again, do your research and ask for recommendations before paying anyone. 

Actually, before paying someone, there are other (free) alternatives to consider. Ask around. There may be someone in your company’s IT department who will look at your machine if you ask them nicely. Or, there could be someone who lives near you who is very talented with computers (high school/college student, for example) who can take a look.

How do I know if a Wifi connection is secure?  Should we use public wifi?

Aside from your own, personal wifi connection (that should be password protected) or a connection that you helped to set up, assume that no wifi connection is secure. If you’re at a friend’s house, make sure they’re using WPA2, which is currently the safest wifi protocol. Confirm this especially if you plan on looking at or logging into personal accounts.

Absolutely assume no public wifi connection is secure!  Unless you absolutely have no choice and something needs to be sent electronically right then, do not ever send any personal/private information using public wifi. It’s not secure. If you are connecting to the internet via public wifi, limit your usage to very generic activities (news, sports, etc.).

As an alternative to public wifi, most of our cell phones have what’s called a mobile hotspot. This turns your phone into a password protected wifi access point that you can log into. Check with your provider before using it to see if you have that feature. However, if you do not have an unlimited data plan, I would not recommend using it. It consumes a lot of data, and in addition, it will run your battery down faster than normal. But, it is much, much better than public wifi.

How do people hack in to my email in the first place? And how do I make sure they cannot?

Unfortunately, there are many ways that the bad guys can get into your email. They range from something simple like looking over your shoulder when you type into your password, to hacking into the company that you use to access your email.

There is no 100% foolproof method to keep the bad guys out. But, there are some simple measures that can make it a lot more difficult. If you write down passwords, don’t leave them where someone could easily get to them. Change your passwords 2 or 3 times per year. Use two factor authentication.

Is it safe to look at financial statements and other important documents online?  I know all financial institutions do it…should I go back to paper instead?

Again, nothing is 100% secure. But, you can make it more difficult for people to get ahold of your information. Limit where you access personal information from. It should be on your computer, with up-to-date virus and firewall protection, on your home password-protected network. Accessing such information from anywhere else is potentially dangerous. Nothing wrong with getting paper copies, but be aware, some companies will now charge you a fee for receiving paper copies of your statements.

 

Securities and advisory services offered through LPL Financial.  A registered investment advisor.  Member FINRA/SIPC.  The FBI, LPL and Parks Wealth Management are separate entities. 

Share |