Cyber Tips for Personal Finance
Table of Contents
The sheer volume of cyber threats the average person faces day in and day out can seem overwhelming at first, but there a few things you can do to make sure that you are doing the most to protect your banking and finance activities. Below are a series of Cyber Security tips based on my 15 years of Cyber Security experience to help protect you, your family, your money, and your future.
Some of these tips are common sense. However, often we leave ourselves exposed when we don’t think about some of the finer more sophisticated details of our daily actions.
Don’t Use Free Budgeting Software
Having been a cyber security expert for several years I have always been leery of using free apps or software for just about anything.
It wasn’t until I wrote two articles highlighting the best budget apps for iPhone an Android did I realize the full extent that some developers were willing to go to collect information on their users. In fact, I had never intended to address cyber at all on this blog, but I feel it has now become necessary.
When looking at some of the top apps for both Apple and Android ecosystems, I found software that had been downloaded millions of times that openly rejected basic cyber security practices such as using SSL certificates.
Almost all the apps that were free specified that they collected data on their customers. Some highlighted that the data collected supposedly wasn’t personal, however, this can mean a lot of things. ‘Not collecting personal information,’ can still mean that they track your name, location, family members and what you are spending money on… they justify not calling it ‘personal’ because they don’t collect your birth year.
I would suggest reading the privacy statement and looking into the developer of any app or software that you download. Especially if you use that software to track how you use your money. I know this sounds painful, but once you do this once or twice you will start to realize the magnanimity of what is being tracked without your knowledge.
At a bare minimum, you should be looking to pay for any financial app or service. If you aren’t paying them then you are not the customer, you are the product.
Monitor ACH Payments Closely
Have you ever wondered how you can hand over the information (routing number and account number) that is publicly listed on checks and voila whoever you gave that information can just take money out of your account? Its worth thinking about what bad actors could do with that information. They can just pluck money out whenever they choose.
Another problem with ACH payments is that they don’t have the charge dispute process that you can find on credit cards. If pay for something with an ACH payment and don’t receive the service or product you have limited recourse to get that money back. Once the money is out of your account, usually its gone forever.
With a credit card you could dispute the charge. With a check you could stop payment. With an ACH you must hope that your Bank will take your side and give you money out of their own pocket.
Review the ACH payments coming out of your account closely. Even a few pennies that come out routinely could be a sign of fraud. Make sure you know where each payment is going and that you expected it in advance.
Use Multi-Factor Authentication
Back in the day, cyber experts would recommend changing your password frequently and not using the same password across accounts. While these recommendations are still true today, those steps usually lead users to other habits that compromise their security like using ‘keyboard walks,’ and flat out writing their passwords down.
In the modern era, there is an additional way to ensure that your login credentials are being protected: configure your login to use multi-factor authentication (MFA). Most banks and brokerage houses offer it… make sure you set it up if its optional.
MFA’s allow you to login into your account with at least 2 of 3 of the following:
- What you know: Text Passwords, Usernames, Email Addresses
- What you have: Access to a text message on your phone (SMS Codes)
- What you are: fingerprints or other types of biometrics
By using an MFA you are radically less likely to have your account credentials compromised… that means you have a much lower chance of losing your hard earned money! It may seem irritating now, but you will regret not setting it up if someone gets a hold of your account and wipes it out.
Check Your Credit Report
Checking your credit should be done at least 3 times a year. By law you are owed a credit report on request every 12 months from EACH of the 3 credit bureaus. This information can be access with this link. Ironically, the government has decided to offer this service on a ‘.com’ site rather than a ‘.gov’ but it is legitimate.
When you check your credit report, keep in mind that you are looking for accounts that have been opened in your name without your permission. The reports themselves should not be confused with your Credit Score. Your Credit Score is a calculation of your lending risk by various institutions.
Monitoring your credit score can be useful in that a change in the number could be a sign of nefarious activity but this type of monitoring is not usually free and should not be relied upon exclusively. Often your credit score is calculated from the data available at a single credit bureau… this could leave criminal activity unnoticed for a long period of time.
If you do notice that you have unexpected activity, then you will want to place a fraud alert with the appropriate bureau. This alert will stay active for 90 days. You will then want to send a letter (yes written) to the bureau stating that the fraudulent information should be removed.
Other things that should be done if you suspect identify theft is to file a police report immediately and then follow up with a complaint to the Federal Trade Commission at Identitytheft.gov.
Don’t be a Phish
Phishing is a very useful tool for many hackers that are looking to steal your money. Phishing is when someone sends email correspondence that appears like it is from a legitimate company, but it is not.
Phishing emails will often ask you to log in to your ‘account’ by clicking a link and then direct you to a website that looks like the right one but just exists to steal your login credentials for your banking institution.
To prevent becoming a victim of a phishing scam don’t click any click any link in any email unless you are 100% sure it came from a legitimate source. Even then, I recommend just manually navigating to your bank or financial institution’s website in a browser and getting to the information that way. One or two extra steps will help prevent you from becoming yet another sad story in one of the easiest scams out there.
Properly Dispose of Documents
Buy a shredder. The amount of mail that we all receive on a daily and weekly basis has enough information on it to help just about the dumbest criminal to steal your identity. Anything that has your account numbers, birth date or other information that could be specific to you should be shredded.
Ideally, you should be using something that shreds your paperwork in a cross pattern (it shreds vertically THEN horizontally). But just shredding at all should be generally good enough.
People do dumpster dive. All it takes is for them to grab a single bag of trash from the side of the road and bring it home. They can sift through your trash at their leisure at that point. If you don’t shred your personal and financial documents, it won’t take long for a motivated individual to strike it rich at your expense.
Lockdown Social Media Accounts
Every year your birthday rolls around and folks from all walks of life probably use some form of social media to congratulate you on another trip around the sun. As heart-warming as this is, this event is being broadcast on the internet and it revolves around a critical piece of personal information needed to steal your identity: your birthday.
The example above is just one of many that I could highlight that gives out just a tad too much info to people that probably shouldn’t be trusted with it. Make sure your social media accounts are ‘locked down.’ This means that no one should be able to see your account or posts unless you specifically allow them to see it (e.g. ‘friends’).
Friends of friends shouldn’t make the cut. Who knows all the shady people that may have befriended your friends on the internet either intentionally or accidentally? They have no business being able to see your social media profile.
If you have a business or some other professional need to be on social media that’s okay… just make sure that the information made available is not enough that someone could steal your identity. Again, no birthdays, middle names, mother’s maiden names, pet names, etc.
Don’t Answer your Phone
This might sound extreme but let me clarify: if you don’t know who the caller is then do not answer. In my own personal situation, I still have the cell phone I had when I was a teenager living in a different state (over 22 years!). Thus, my area code is different than the one I live in.
My spammers will try to ‘spoof’ their phone number to make it appear that they are calling from an area code that matches your own phone number’s area code. Because of this, if you don’t know who is calling you and the number has the same area code as yours then you should probably just skip the call.
Make sure your voicemail is set up and properly welcomes people with non-personal information (like your last name). If a legitimate person is calling you and the matter is important then they will leave a voicemail. At that point you can add the number to your phonebook and respond to it in the future.
Don’t Bank in Public
This might sound like a no-brainer but in today’s digital world it can be easy to slip up.
Using public WIFI is a big no-no for pretty much any reason. Public access points are notorious for being compromised and becoming sources of significant illicit activity. Don’t connect to any WIFI that is not your own… you can assume that everything you are doing can and will be monitored either by the organization that owns the WIFI hotspot or by someone else who is using the hotspot at the same time.
Even if you are using your own mobile connection or WIFI, when you are conducting bank transactions in a crowd it is possible for others to physically watch you. This is called Shoulder Surfing.
It’s just too easy to be standing next to someone else who is using a phone that could also be recording you. They could easily snatch your username and password and you would be none the wiser.
Concluding Thoughts
Protecting your personal information is critical to ensure that cyber thieves don’t ruin your personal finance objectives. The ability for people in the modern era to take what you have earned or to steal your identity outright is incredibly easy. By taking the steps mentioned above it will be substantially harder.
If you aren’t doing some of these tips already, I hope I was able to shed enough light to convince you to start doing them. Over time you may think they are not necessary because you haven’t been compromised… just know that this is likely only because you have been taking the appropriate measures ahead of time to prevent what could and likely would happen otherwise.
