I’m going to let you in on a little secret. The secret is that there is no secret to protecting yourself online. There are a handful of things you can do that take a matter of minutes:
1. Turn on multi-factor authentication (also known as MFA or 2-Factor Authentication). Multi-factor authentication means you need your password and an additional one-time use code to access an account. That code can be provided on demand by an app on your mobile device or sent to you as a text message or email. If you take nothing else away from this, it should be to turn on multi-factor authentication for your email, social media, and financial accounts. Even if your password is guessed, an attacker still needs this second piece of information to access an account. Here are links to multi-factor authentication for popular email providers and social media platforms. You can also search for “Multi-factor authentication (insert service name here)” to get you pointed in the right direction.
2. Set your computer and your browser to update automatically. This helps to ensure that known security vulnerabilities are patched.
a. Operating Systems
3. There is another free thing you can do to protect yourself. You can Stop and Think. Before you click on an attachment or link in an email or take other action, stop, and think. Fraudulent emails are designed to bypass your critical thinking and make you react. Usually there’s some sort of urgency – “click now or lose access” type of messages. A newer message making the rounds is a fraudulent receipt for the renewal of anti-virus software or even a fraudulent receipt for the purchase and delivery of a physical good. They “helpfully” provide a phone number for you to call, and once you are talking to them, they ask to be invited onto your computer. Once they are on your computer, they can do a lot of damage.
Instead of clicking a link in a suspected phishing email, go directly to the website of your provider and login. If you get an email with an unexpected attachment or an unexpected link from someone, contact the sender (not over email) and confirm that it’s legitimate. If you get a receipt for something you didn’t order, check your credit card statement and dispute the charge if one shows up (I doubt a charge will show up). The point is you can stop, think, and break their scam by not participating.
4. Extra credit – Start using a password manager. A password manager is one of those rare double-win products – it makes your life easier and makes it more secure. Rather than having one password (or a handful of passwords) that you use everywhere, it creates a secure, random password for each site, securely stores that password and auto-fills your login information across devices. Some password managers to consider (in no particular order) are LastPass, Keeper, Dashlane, and 1Password. You can read reviews of them and other password managers here. This one isn’t free but most of them offer a free trial or have a free version though I recommend using the paid version.
Four things that you can do to protect yourself – turn on multi-factor authentication, set your computer to update automatically, take a pause and think before acting and start using a password manager. Like wearing a seatbelt and locking your front door, these things can quickly become second nature as you take control of your online security.
Team Hewins, LLC (“Team Hewins”) is an SEC-registered investment adviser; however, such registration does not imply a certain level of skill or training and no inference to the contrary should be made. The information contained within this letter is for informational purposes only and should not be considered investment advice or a recommendation to buy or sell any types of securities. Past performance is not a guarantee of future returns. It should not be assumed that diversification protects a portfolio from loss or that the diversification in a portfolio will produce profitable results. The opinions stated herein are as of the date of this letter and are subject to change. The information contained within this letter is compiled from sources Team Hewins believes to be reliable, but we cannot guarantee accuracy. We provide this information with the understanding that we are not engaged in rendering legal, accounting, or tax services. We recommend that all investors seek out the services of competent professionals in any of the aforementioned areas.