Why include cybersecurity on a website that is focused on retirement?

The simple answer – if your life savings were stolen, wouldn’t that affect your retirement well-being?

You may be thinking that hackers are not interested in you and you are not a target.  Sorry, you are a target!  The fact is, there are many ways hackers earn a living and most of these include non-targeted or  random attacks.   Some hackers work for weeks, or months, to target major organizations.   These are more sophisticated hackers that are going after a “big score”.  For the most part, the rest of the hacker world uses a “wide-net” approach – using automated tools that scan the internet for access to poorly configured home or business routers, or by sending tens of thousands of phishing emails, and texts, hoping for those who open the poisoned attachment or click the dangerous link enclosed. 

Tips to help you protect yourself and your family –

Use Strong and Unique Passwords:

Make sure your passwords are complex, long and unique. Avoid using obvious choices like birthdays or names. Here is a list of the most common “worst” passwords – https://en.wikipedia.org/wiki/List_of_the_most_common_passwords.  I can’t stress enough how important it is to have a unique password for EACH account you have.  You may think that is too hard to do, but I have a friend that says he can’t remember anything.  I asked him to make a simple sentence he could remember.  He chose “My favorite place to go is New Hampshire.  “Great” I said, now take the first two letters of each word as the basis of your unique password scheme.   For him, it was “myfapltogoisNeHa”, which would be his password “root phrase”, and to make it unique for his bank, First National Bank, I asked him to add FiNa to the end of the phrase, making his new bank password – “myfapltogoisNeHaFiNa”. So he only has to remember the phrase and the rule.  Guess what?  He now remembers his unique passwords! If you still feel that you won’t be able to remember your passwords, consider using a password manager to keep track of your passwords. 

Two-Factor Authentication:

Enable two-step verification where available.  This may also be called MFA or mutli-factor authentication.  This adds an extra layer of security by requiring you to verify your identity by using a second method, aside from just entering your password.  You most likely have used two-factor authentication as most financial institutions will send you a text message with numbers that you enter onto their log-in page.  The other type of two-factor is using an application such as the Microsoft or Google Authenticator (Android) (IPhone) .  Each institution will have its own list of two- factor authentication methods, so check how you can enable two-factor authentication for your own security.

 

Regularly Update Your Software:

Keep your operating system, browser, and other software updated. Updates often include patches for security vulnerabilities. Most browsers will auto-update, but you can check by opening the browser and going to “Help”, here you can check for updates.

 

Secure Your WiFi Network:

For clarity, every home and business that has WiFi has a device that is connected to the Internet, either by FIOS (Verizon fiber) or coax cable from the “cable company”, which could be Comcast, RCN, COX, Charter, or many others.  The Internet is “routed” through the router, and connects to the users in the home or business via the WIFi network.  One major purpose of the router is to act as a gateway and protect your inside network from being accessed from the outside.  This is of major importance because, if the router did not provide this separation and protection, anyone, anywhere could simply connect to your home devices and place software allowing them to capture all of your traffic, stealing anything that is sent over the network.  Just as scary, are examples where hackers got into home video monitors, like baby monitors, and speak over the monitor to people in the house!  

Three basic things to secure on your router are WiFi access, the router administrator password, and external administrator access.  First, always protect your home WiFi with a strong password.  Never leave it “open” (without requiring a password) and it is also recommended to change the WiFi password from the one that came with the router.  Virtually all routers will have stronger encryption protocols for WiFi access already enabled.  Usually, you may be able to choose from WPA-2 Personal or WPA-3.  Do not choose WPA as it is no longer considered secure.  These encryption protocols are used to secure the connection between your wireless router and your laptops, cellphones, and other household smart devices.  Second, change the default Administrator password.  This password allows access to administer the router.  The router administrator can change all the settings within the router.  Anyone that can log into your router as Administrator owns the router and your home network!  The administrator password is commonly found on a label on the router itself.  Follow the router instructions, log in, and change the administrator password, then write it down and keep it near the router.  I recommend taping it to the router. Third, check your router to make sure “external administration access” (or something similar) is turned off.  This setting is found within the Administrator settings.  The importance of these settings is that “you” are accessing all of the Administrator settings from a local WiFi connection, or what we call “from the inside”. Most routers also allow remote access from the Internet side, or “outside”.  Having this remote access turned off protects against a hacker (on the outside) being able to take control by simply trying the most popular passwords until they guess yours.  Please understand that there are thousands of hackers that use automated tools to find and try to connect to your router.  If you look into your router’s log file, you will see have already had many attempts to gain access.  Their automated tools constantly scan, find and try to break in, make sure your router’s external access is disabled (turned off) and your router’s updates are current.  The default setting is usually “off”, but it is important to double-check that it is indeed, off.

Be Wary of Phishing Attempts:

Be careful with emails, calls, and texts from unknown sources.  Phishing attempts often come from unknown addresses but can appear as communication from trusted sources.  Many phishing attempts have the goal of obtaining personal data or money.  This usually includes two common traps, one is email phishing and the other is poisoned websites.  The three most common phishing traps are – (1) fake statements for a service or product like Geek Squad, Symantec antivirus, Amazon, Microsoft, or another product you never purchased.  This scheme is to have you call the toll-free “support” number listed in the email to cancel the purchase but the fake support person tried to get you to download software on your computer so they can steal money and data.  Sometimes the hacker tells you to open your online bank account.  They tell you that they sent you a refund and, using the remote software they asked you to install, they edit the back’s account page to make it “look” like you have received an over-payment in your account.  Their next step to plead for you to reimburse them the “over payment”.  These fake over-payments appear to be ten’s of thousands of dollars.  They ask you to go to your bank and withdraw the amount of the fake over-payment and send it to them in the mail.  Another request they often use, is to ask you to purchase gift cards and send them the gift card information.  Remember – these are all fake and just scams to steal money from you.  (2) An email with a poisoned attachment that installs a virus that may steal data as well as install ransomware.  Ransomware “locks” your hard drive until you pay a ransom. These emails usually have poor English, are poorly written, or may be very short with an attachment named “invoice”, “bill” or “pictures”. (3) The third type of these emails will tell you that you have have won a prize or inherited a very large sum of money – but – they always need some money from you before they can “release” your big payout. Don’t fall for these scams.  If you are interested, here is a group of people that are well known for going after these types of hackers – Watch on YouTube.

 

Install Security Software:

Use reliable anti-virus and anti-malware software.  This can help protect your devices from threats. Our professional favorite is Webroot.  Since many people access their phones far more often than their PCs, hackers have adapted their focus to include phones.  Don’t overlook adding an anti-virus program to your phone.  Jump down to Webroot information

 

Regularly Backup Your Data:

Make sure to regularly back-up important data.  In the event of a cyber-attack, you won’t lose any of your critical data.  We suggest that you use two forms of backup, one can be a local external drive and a cloud-based backup.  The advantage of a local backup is speed to restore, while the cloud protects against a catastrophe at home (fire, flood, theft) from damaging your PC AND your backup.  Ransomware is still very popular.  This nasty malware, once loaded, encrypts and locks your access to your own files until you pay a “ransom”.  Sometimes, even after paying, you never get your files back.  It is for this reason it is so important to keep multiple copies or versions, in a cloud backup service.  A major reason to add cloud backup is that, if you are like many people, you keep your local external hard drive you use for back-up connected to your PC, it is common that ransomware will look for local external drives, and then encrypt those as well, making your local back-up copies, worthless.  Having all of your data safely backed-up in the cloud assures recovery even if your local system is gone.  Our favorite cloud backup is IDrive.  They have great first-year deals, and after that, the cost is still great.  Jump down to IDrive information

 

Limit Personal Information Shared Online:

Be cautious about what personal information you share online.  The less information available, the less there is for a potential hacker to exploit.  Without your knowledge and consent, there are websites that freely list you, your address, your phone numbers and other people at your address.  You might look yourself up.

 

Use Secure and Encrypted Websites:

Look for websites with “https” (note the “s”) in the URL, which are generally more secure.  The usual icon is a “lock” found on the URL address line.  Avoid entering personal information into unsecured websites. Chrome will often warn you if try to go to an unsecured website.  Here again, we like Webroot antivirus as it has an extension for your browser.  This extension is linked to their database of questionable or bad websites and when you try to open a dangerious website, Webrrot gives you a warning.  Jump down to Webroot information.

 

Educate Yourself:

Stay informed about the latest in cybersecurity threats and safety measures.  As boring as this may seem, read at least one item on current cybersecurity threats, once a month.  A few minutes could save you the loss of all your data and weeks or months of frustration.

 

In Closing…

Cybersecurity is not an abstract concept, I know several people that had close calls, ranging from $55,000 to several million – all in retirement savings accounts.  Hackers had captured their account information and were able to access the accounts.  These two situations had good outcomes only because the owners happened to get a notice or were in their accounts at the same time as the hackers.  Had they not been vigilant, they would have lost a fortune.  We want to make sure your retirement investments are safe and secure and taking the necessary focus on cybersecurity substantially improves your defense against losing your fortune to a hacker.

Remember, personal cybersecurity is not a one-time task, but an ongoing process. Stay vigilant and proactive in protecting your digital life.  Retire Happy!

Ira

FAQs

What is personal cybersecurity?

Personal cybersecurity refers to the measures and practices undertaken to safeguard your personal data and digital information from unauthorized access, damage, or theft. This includes protecting your online accounts, devices, and networks you use.

Why is personal cybersecurity important?

In the digital age, a large portion of our personal and financial information is stored online. Personal cybersecurity is crucial to protect this sensitive data from cybercriminals, prevent identity theft, and ensure your privacy remains intact.

How can I create a strong password?

A strong password includes a combination of uppercase and lowercase letters, numbers, and special characters. It should be unique and not easily guessable, like your date of birth or name. Consider using a password manager to keep track of multiple unique passwords. << Jump up to my personal password method>>

What is two-factor authentication and why should I use it?

Two-factor authentication (2FA) is an additional layer of security for your online accounts. Besides entering your password, 2FA requires another form of verification, like a code sent to your mobile device. It makes it harder for attackers to gain access to your accounts.

How can I protect myself from phishing attacks?

To protect from phishing attacks, be cautious of unsolicited communications asking for personal information. Never click on suspicious links in emails or messages. Always verify the source before providing sensitive information.

What is the role of software updates in personal cybersecurity?

Software updates often include patches that fix security vulnerabilities. By regularly updating your software, you ensure you have the latest protections against potential security threats.

How often should I back up my data?

It’s recommended to back up your data regularly. The frequency depends on how much and how often your data changes. A good rule of thumb is to back up important data at least once a week. This helps prevent data loss in case of a cyber-attack or system failure.

Here are some of our choices for improving your personal and family cybersecurity – 

 

Webroot anti-malware:

We have been using Webroot for our clients as well as our own personal systems and phones. The two major “likes” we have for Webroot is the tiny size of the application, it is less than 1MB, far less than the average 30-40MB of the other guys. This is because much of the application runs in the cloud so less needs to run within the PC or Mac. The other benefit is Webroot never gets the usual nightly “malware signature” updates, this is because it is cloud-based – it is always up-to-date and doesn’t need to rely on daily update downloads, saving time, and space while increasing security.  Imagine, when a new threat is identified, you don’t have to wait a day for the next security signature update to download as Webroot constantly updates their cloud and instantly you are using the latest security signature profile.

Why I like it – 

  • Tiny footprint
  • Does not slow the system down
  • Real-time updates
  • browser extension protects against poisoned pages

IDrive backup service: 

Like Webroot, we have been using IDrive for years for ourselves and our clients and it has been totally reliable and easy to use.  We had a client a few years ago we had a client that their file-server totally crash and their local backup was corrupted.  The server was fully backed up to the IDrive cloud service and that saved the business.  The server was able to be fully restored from the IDrive backup images.  A major business catastrophe was averted.  They also have great deals sometimes saving up to 90% off the first year.  We can highly recommend IDrive. 

Why I like it – 

  • Easy to use
  • Versioning – protects against ransomware
  • One account can support multiple systems
  • Disk Cloning – allows complete drive copy
  • Cloud backup can be accessed from web plus files can be shared with others

Password managers – 

I have used password managers in the past but I don’t have a favorite today, I will offer three that have good reputations.  Remember with any password manager, it is extremely important to keep copies of your master password because if you lose that password, you could be locked out of all your passwords.

 

NordPass:

NordPass is an offering from the same company as NordVPN. They are very familiar with tight security and encryption.  They have personal and family plans. Two features I like, it detects weak or reused passwords and they scan the Internet to see if your data has been leaked.  https://nordpass.com/

 

BitWarden:

This is unique as it is an open-source password manager. This means that unlike all of the other password managers that keep their software a tight secret, BitWarden publicly shares their code for everyone to see and audit.  Anyone can review the code and if someone finds a potential issue, they are able to share this with BitWarden to address the issue.  Also, people can see there are no back-doors or other questionable coding.  BitWarden is highly regarded as a reliable password manager and, its free version is excellent. They have a paid version for even more features and support.  https://bitwarden.com/

 

LastPass:

I’m adding this as one of the largest password managers in the marketplace. It has a great feature set and includes password recovery options. However, LastPass was hacked at the end of 2022.  That said, the hackers made off with customer data, but all of the data was protected using a military-grade encryption scheme. For a hacker to decode and actually read any of the data, they would need the customer’s master password.  I still believe that LastPass is a good option because of its very large feature set and oddly enough, because they were hacked, they are even more manic on security now. I am sure they have had multiple security testing organizations beat up their security infrastructure and operations to leave little room for exposure. No organization is as focused on security as one that has been breached. https://lastpass.com