The risks to our personal finances—and our very identity—posed by cybersecurity threats were scary enough before the machines started to think for themselves. Now with the emergence of AI into our daily workflows, it seems there is no better time to take another look at this issue and ask the question, “How can we best shield ourselves from cybersecurity attacks?” And who better to ask than an international expert on the topic?
In this case, it wasn’t hard to find one. For years, my work in the arena of personal finance has oft been confused with the writing of one of our foremost experts in cybersecurity—because we share the same name. Dr. Tim Maurer is a Harvard grad, former Homeland Security appointee, and current Senior Fellow at the Carnegie Endowment for International Peace, and after being confused many times online, we finally decided to team up for an article to help you shield you—and your money—from the myriad threats posed by cybersecurity attacks.
Maurer is regularly considering the impact of cybersecurity on large corporations, municipalities, and countries. But, I wanted to know: When you think about cybersecurity and its impact on individuals and households, what are the first few recommendations you’d make for us regular folk?
“The good news,” he told me, “is that there are actually a number of actions you and I can take.” Whew! Some are classics that still apply today, and others are helping to keep up with an ever-evolving landscape.
Here are 7 ways to shield yourself from cybersecurity attacks:
1. Use multi-factor authentication.
Multi-factor authentication is when you log into your online bank or other important accounts where, in addition to your password, they require another form of confirmation—like sending a text message to your mobile phone, for example. Most accounts these days give you the option to add multi-factor authentication, but many of us just hit the “Skip” button and move on with our days. But clicking “Yes,” Maurer recommends, could be the very step that helps secure our accounts.
2. Choose harder-to-guess passwords.
Yes, this one may be old news, but I know there are still people out there rolling with “1 2 3 4” for their PIN code and “password” for their password. A strong password will have at least 12 characters and include a mix of upper and lowercase letters, numbers, and symbols.
And maybe you’ve evolved to use a better password, but you use the same one for just about everything. It may be time to use a password app or third-party service, where you only have to remember your primary password, and it generates unique, cryptic passwords for each of your logins.
Dr. Maurer acknowledges, “If you are a large company or a government, things, like ‘concentration risk,’ may be a reason not to use a single third-party or app that will hold all of your passwords centrally—but it’s not something you need to worry as much about as an everyday American.”
Here he made another excellent point, that there are tradeoffs to be considered in all of these cybersecurity decisions, so while there may be a slight risk to an individual for centralizing all of your passwords with a single entity, there is a greater risk to attempting to maintain scores of disparate passwords.
3. Don’t log in to sensitive accounts using unsecured networks.
Yes, that means the networks at your hotel or on the plane.
4. Freeze your credit.
One of the scariest things I learned from Maurer is that, “We simply can’t rely on the security of our Social Security numbers.” Over the course of our lifetimes, too many people and companies have gained access to this most sensitive of our sensitive identifiers. And if they have access to our Social Security number, they have access to our credit, one of the most important things to protect.
So, how can we stop hackers from gaining access to our credit—even if they have our Social Security number? Freeze it. By freezing your credit, you make it impossible for anyone to access your credit.
How? Go to each of the three major credit bureaus—Equifax
EFX
, Experian, and Transunion—and “freeze” or “lock” your credit. You can do this by mail or phone, but you can also affect these changes online (with multi-factor authentication, of course!) in a matter of minutes.
Please know that if you freeze your credit, virtually no one can access it. Therefore, if you plan to use your credit for any reason, you’ll need to “unfreeze” and “refreeze,” or better yet, just “thaw” your credit for a stated timeframe. For example, if you’re buying a new car and plan to use your credit, ask the lender which credit bureau they use and then thaw your credit with that bureau for the necessary time.
Parents, you may also seriously consider freezing your children’s credit—because if they have a Social Security number, they have a credit file, and it may just be your kids’ unmonitored credit that makes for low-hanging fruit for hackers and thieves.
5. Use credit cards with chips, not debit cards.
I know it might not suit the Dave Ramsey schtick, but unless you actually have an addiction to credit card spending, their utilization is one of the best ways to hold onto your cash—because you’re using someone else’s.
This was a recommendation I first heard from Frank Abagnale, Jr., the former fraudster turned FBI informant made popular by Leonardo DiCaprio and Tom Hanks in the great movie, Catch Me If You Can, and this recommendation is purely about logistics.
While most debit cards still have a degree of protection that will help you reclaim your money if stolen, if someone steals your debit card and runs up a bunch of purchases, it is your money that is lost and in need of finding. If you’re using a credit card, however, it’s the credit card company’s money that they’ll be hunting down. Of course, if you leave a balance on the card monthly, the benefits to be gained from this are muted if not eliminated—because then the credit card company is “stealing” your money with exorbitant interest rates.
6. Get creative with the answers to your security questions.
You know those security questions about Mom’s maiden name, Dad’s middle name, your first crush, and your favorite pet? Well, you may be required to give these answers, but “there is usually no requirement for you to answer the specific question that was asked,” Dr. Maurer told me.
Ahh, so you could just respond to the question, “Who was your first crush?” with the answer for “What was the name of your favorite pet?” Yup! Because if you’re answering all of the same questions the same way, it’ll only make it easier for hackers to access multiple accounts of yours if they crack the code for one.
7. Track your transactions.
So, should we just eschew online banking altogether? Maurer suggests no. Most of the big financial companies have some of the best security systems and protocols, so we’re better off getting to know and understand these protocols than we are keeping our heads in the proverbial sand.
And even then, it’s still entirely possible that your information will be stolen. There’s only so much we can do to proactively forestall this eventuality. So, one of the best ways to ensure any damage is limited is one of the most old-fashioned: track your transactions.
I do this weekly as part of my budgeting process using a top-notch third-party software while Dr. Maurer does it monthly using, of all things, a paper statement that he can scan and check off.
So, what about AI?
This, Maurer suggests, is actually a good-news-bad-news story. The bad news is that the advent of AI has made it even easier for foreign-language cyber attackers to seamlessly translate their cryptic false messages into fluid English. But, it’s not all bad news. AI’s ability to rewrite more secure website code may actually help enhance the security of more sites.
As you look at the above list, what is something you can do to improve your personal cybersecurity defense systems?
“It really is about putting a few things in place so that you’re better protected than you currently are, and that will make a huge difference and will make it so much harder for any cyber criminal to really get at you or your money.” Take it from Tim Maurer. Dr. Tim Maurer, the international cybersecurity expert, that is.
Read the full article here