Written by Brandon Grundy, CFP®.

Enhancing Your Security

It’s scary out there in cyber land. Crooks are lurking around every corner and its easier for them to strike as we demand more convenience from our devices. Or, at least that’s how it sounded while I attended another continuing education seminar on cyber security a couple of weeks ago. The content was geared toward advisory firms, but the details are applicable to anyone with a computer or smartphone.

Some of the high points dealt with changing recommendations about password formats and the importance of using password managers.

While experts used to recommend passwords ranging from about 8-10 characters, they now suggest that “length is strength”. Length is better than complexity, though I don’t fully understand the technical reasons why. It seems the longer the password the longer it takes a hacker to crack it, and they might move on to someone else’s password instead. A simple way to accomplish this is to use sentences as passwords, such as “ilikeitwhenthegiantswin”, or something that’s easy for you to remember but long enough to be difficult to crack.

You can make using longer passwords even easier by employing a password manager, such as Dashlane or LastPass. These subscription services use encryption to store your passwords and then work with your web browser to autofill your credentials once you’ve logged into the password manager’s website. So, at least in theory, you could create all sorts of crazy passwords and not need to remember them. Free versions are available, but it’s worthwhile to pay perhaps $10 or less monthly for more functionality. There are numerous practical benefits to this. But an important one is that by not physically typing your logins all the time you’ll be making it more difficult for hackers to monitor your keystrokes (which, apparently, is laughably easy for them to do).

It’s a little paranoid perhaps, but I don’t have any presumption of privacy while online, so taking extra steps like this provides piece of mind. Longer passwords and, ideally, the addition of a password manager is low hanging fruit when it comes to shoring up your personal cyber security. I’ll be addressing more methods in the coming weeks.

In the meantime, here are some helpful tips from the FBI’s cyber site. Some may seem obvious. But hackers often use the obvious ways in, such as duping you into clicking a bad link in an email, so don’t take the simplicity of these suggestions for granted. As technology races along, we all need to do a little (or a lot) more to protect ourselves.

Examine the email address and URLs in all correspondence. Scammers often mimic a legitimate site or email address by using a slight variation in spelling.
If an unsolicited text message or email asks you to update, check, or verify your account information, do not follow the link provided in the message itself or call the phone numbers provided in the message. Go to the company’s website to log into your account or call the phone number listed on the official website to see if something does in fact need your attention.
Do not open any attachments unless you are expecting the file, document, or invoice and have verified the sender’s email address.
Carefully scrutinize all electronic requests for a payment or transfer of funds.
Be extra suspicious of any message that urges immediate action.
Confirm requests for wire transfers or payment in person or over the phone as part of a two-factor authentication process. Do not verify these requests using the phone number listed in the request for payment.
Install or Update Your Antispyware Technology: Spyware is just what it sounds like—software that is surreptitiously installed on your computer to let others peer into your activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-up ads on your web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the Internet or at your local computer store. Be wary of ads on the Internet offering downloadable antispyware—in some cases these products may be fake and may actually contain spyware or other malicious code. It’s like buying groceries—shop where you trust.
Keep Your Operating System Up to Date: Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure your computer has the latest protection.
Be Careful What You Download: Carelessly downloading e-mail attachments can circumvent even the most vigilant anti-virus software. Never open an e-mail attachment from someone you don’t know and be wary of forwarded attachments from people you do know. They may have unwittingly advanced malicious code.
Turn Off Your Computer: With the growth of high-speed Internet connections, many opt to leave their computers on and ready for action. The downside is that being “always on” renders computers more susceptible. Beyond firewall protection, which is designed to fend off unwanted attacks, turning the computer off effectively severs an attacker’s connection—be it spyware or a botnet that employs your computer’s resources to reach out to other unwitting users.

https://www.fbi.gov/investigate/cyber

Have questions? Ask me. I can help.

Created on 18 February 2020.