Let’s get the scary stuff out of the way upfront: Cybercrime costs the global economy as much as $575 billion annually, according to a 2014 report by the Center for Strategic and International Studies and Intel Security. The US takes a $100 billion hit, the largest of any country, according to Politico.
A report from former US intelligence officials counted 40 million people whose personal information was stolen within the past year.
Online theft is huge, and it only seems to be getting worse. Hardly a week goes by without some story about hackers penetrating a computer system somewhere. Corporations, individuals, even White House servers were hacked last week. I sometimes wonder just how difficult it is for a determined bad guy to access grandma’s checking account or your neighbour’s IRA and grab those assets.
I am not the only one thinking about this. New York State Department of Financial Services issued a report on cybersecurity in the banking sector, where more than 150 organisations rely on third-party service providers for critical banking functions. The regulators want the banks to tighten security.
So should you.
We spend most of our time in financial markets looking at ways to deploy our capital: What assets to buy or sell, how much we should save for retirement, whether we should own more of these stocks and less of those bonds.
We don’t spend so much time thinking about the ways we can lose that money — to fraud and to common theft. We should be more vigilant, especially as we move our lives online, with digital access to our checking and savings accounts, our online portfolios, even our taxes.
It is impossible to make yourself hack-proof, but you can make yourself less vulnerable.
It all starts with some common-sense security steps. Three ways you probably can improve your existing practices: Develop better email habits, beef up password security and (as always) remember that your behaviour is the root of most of your problems.
Get your email act together
Every day, your inbox fills with all manner of junk. Some of it is merely time-wasting nonsense, but let’s not forget about the really dangerous stuff: phishing schemes, malicious viruses and malware. It seems the only reprieve we get are those rare occasions when the main servers in Russia — a.k.a. Spambot Central — gets temporarily knocked offline.
It’s more than a huge productivity killer, it’s a financial hazard. That $100 billion a year we mentioned above comes out of everyone’s pockets. Even if you have not been hacked, you are paying for it in some way. Banking costs are higher as financial firms spend hundreds of millions of dollars a year on security.
People have tried a variety of ways to tackle this: Filters, whitelists, email verifiers and trusted ID services; disposable email addresses from sites such as Mailinator; “junk” email addresses from Hotmail, Yahoo or Google. And still the danger keeps coming.
I have a few tricks I use to keep the really nasty stuff under control, such as:
View email as plain text: All of the bad links, embedded viruses and other malware go away when you select “view as plain text”. Sure, you lose all of the graphics and links, but you lose the threats as well.
Create a primary email address: This is your main address – for colleagues, clients and peers. Never share this email address. Don’t subscribe to anything using this address – no internet mailing lists, no subscriptions, nada. Use this address alone for your finance- and business-related emails. Anything unrelated is junk; treat it that way. Block the domains of senders. Mark junk mail as junk.
Use an email forwarder: I have been a big fan of Leemail.me. Instead of giving out my email address, I use Leemail to auto-generate an address whenever I want to share my email with an unfamiliar company. It forwards my email from the company to me. When I want to shut that sender off, I flick a button.
Tracking the companies that share or sell your email address is invaluable. The basic version of Leemail is, astonishingly, free, and the upgrade is only a few bucks a year.
Don’t hit “unsubscribe”; get blacklisted instead: There are a number of companies that provide email services to third-parties, shops such as Constant Contact, Vertical Response and iContact. They are the middlemen between businesses and consumers. And while they claim to be “opt-in only” and not spammers, in truth, they are subject to whatever bad behaviours their clients engage in. They all have become legal quasi-spammers.
On every email these companies send, there is an unsubscribe button – Never Click That. When you do, you are not unsubscribing. Rather, you are verifying that your email address is legitimate.
Instead, go to the company website and track down the customer service number. Call customer service and insist on having your email or domain “blacklisted.” That’s the only way to ensure you will truly be unsubscribed.
Password security: If you were like I was five years ago, you had one simple password that you used for everything – Amazon, Facebook, ‘Wall Street Journal’ – everywhere. This could’ve been disastrous. Now all passwords are different. Avoid the common errors, such as using birthdays or your kids’ names. Never use sequential numbers. And for goodness sake, don’t use “password” as your actual password.
Put all of your passwords on a document named something other than “My passwords.” I find burying passwords somewhere in a spreadsheet to be useful. Print out a copy and place it in your safety deposit box with other important papers.
Your biggest risk? You.
I have said all too often that when it comes to investing, people are their own worst enemy. Behavioural problems are rife in security as well. Get into the practice of thinking about security, and soon it becomes second nature.
Most of this is common sense. However, many people are still vulnerable. With smarts and a bit of awareness, you can make your financial assets much more secure.
— Washington Post
