Here is a list of recommended precautions and best practices to protect yourself from online account hacking and identity theft.
Please note: I am not a cybersecurity expert; online security is your responsibility. Before you use any websites related to financial institutions, account aggregation, and/or cloud-based software, you should carefully read and accept their privacy and security statements.
- Work only with a financial adviser who is NOT authorized to place investment trades, move or wire money, or otherwise transact business on your behalf. No power of attorney should be granted. FFP satisfies this requirement.
- Secure your credit bureau reports by: 1) Placing a freeze on your reports at all three credit bureaus, 2) Use a credit monitoring service to alert you to suspicious credit inquiries and activity and 3) Pull your credit report frequently and check for erroneous or suspicious transactions or information (www.annualcreditreport.com allows a free report each year from each of the three credit bureaus).
- Enable two-factor authentication (2FA) on all compatible accounts and websites, particularly financial institutions and email accounts. Use a device-based 2FA authenticator app, not text verification to your mobile number.
- Transact business at financial institutions that have two-factor authentication implemented and available for your use. Most financial brokerage firms and banks can enable 2FA (including Folio Investing, Fidelity, Schwab, Vanguard, Bank of America, Chase, and others).
- Carefully and frequently scrutinize your financial transactions for all of your accounts.
- Utilize a secure, zero-knowledge (ZK) password manager (ie, Lastpass) and follow best practices including either easy to remember but hard to hack passphrases or auto-generated random, long, cryptic, unique passwords for each website, with no “written-down” passwords. Make sure your master password also follows these attributes and ensure that at least one family member knows your master password. Utilize 2FA on your password manager account.
- Utilize fraud and large transaction email/text alerts on bank, credit card, and brokerage accounts.
- Process online financial transactions only on secure encrypted websites.
- Disclose your Social Security number only when legally required to do so.
- Cross-shred (or “confetti” shred) financial documents before discarding them.
- Install and update virus protection and anti-spyware software.
- Never use unsecure wi-fi connections; use a VPN connection on any public wi-fi access point.
- Be vigilant against phishing attempts; if in doubt, do not click or forward emails.
- Don't respond to any money requests from unknown sources.
- Use unique (fake) security question answers.
- Never write your credit card numbers or Social Security number on checks or on the outside of envelopes.
- Encrypt all hard drives and electronic storage devices.
- Password-protect laptops and computer workstations.
- Enable biometric (ie, fingerprint) security on smartphones and tablets.
- Use RFID blocking card protectors.