Cybersecurity 101: A Helpful Guide to Staying Safe Online

October 18th, 2022 by Legacy Wealth Planning

Let’s Talk Cybersecurity. 

Cybersecurity is the practice of protecting your computer, its contents, and the sensitive information it contains from digital attacks. In 2020, the average cost of a data breach at the corporate level was USD $3.86 million globally and over $8 million for those attacks in the United States. Data breaches are usually on the corporate level, where your bank is compromised, the Government level where a Federal, State, or local municipality database is attacked but can extend to our personal lives where our family household is attacked in the form of identity theft. All have costs, frustration and repercussions affecting everyone. 

We here at Legacy Wealth Planning spend thousands of dollars annually protecting our computers, our data storage (cloud), and our local documents on behalf of our clients.  Further, and in working with LPL Financial, they have an Advisor Information Security team that offers Legacy Wealth Planning a number of services to reduce our office risk, allowing us to focus on what matters most: our financial advisory services focused upon you, your family, and friends. 

The volume of cybersecurity incidents is on the rise across the globe, but misconceptions continue to persist, including the notion that:

  • Cybercriminals are outsiders. In reality, cybersecurity breaches are often the result of malicious insiders, working for themselves or in connection with outside hackers. These insiders can be part of well-organized groups, backed by nation-states. 
    • At Legacy Wealth Planning, you know us and our staff have all been here over 10 years and some of us, since inception of the firm. 
  • Risks are well-known. In fact, the risk surface is still expanding, with thousands of new vulnerabilities being reported in old and new applications and devices. And opportunities for human error – specifically by negligent employees or contractors who unintentionally cause a data breach – keep increasing.
    • This is why Legacy Wealth Planning has maintained a third-party IT consulting firm with the highest of standards and reputation within the Northern Nevada area.
  • Attack vectors are contained. Cybercriminals are finding new attack vectors all the time – including Linux systems, operational technology (OT), Internet of Things (IoT) devices, and cloud environments. 
    • Imagine a personal attack to you through your smart devices like a refrigerator or a smart thermostat! 
  • My industry is safe. Every industry has its share of cybersecurity risks, with cyber adversaries exploiting the necessities of communication networks within almost every government and private-sector organization. For example, ransomware attacks are targeting more sectors than ever, including local governments and non-profits, and threats on supply chains, “.gov” websites, and critical infrastructure have also increased. 
    • Legacy Wealth Planning may be low on the radar for hackers but we still take data protection and your privacy very seriously.

Where do strong computer and online practices begin?  Simple:

  • Use strong, complex passwords

Having a strong password is critical to protecting accounts and information from hackers. Strong passwords should consist of upper and lower-case letters, numbers, and, special characters.  Many say, “I get frustrated with passwords because I cannot always remember which password works for which site”.  We validate this, but there are many Password Managers that you can download.  A password manager is a computer program set up with a 15-20 character “master password”. You simply open your Password Manager, input your super strong master password (the only one you now need to memorize), the Password Manager opens with the icons to your online accounts, you simply click the online site you want to visit and the Password Manager inputs your user ID and password automatically. You never want to use the same password for different sites and you should never write them down on sticky notes and put them on your computer.

Some tips for strong passwords. 

1) Use a Password Manager. It will generate a password for you which can be set to a variety of complexity levels.

 2) Use word phrases from things in your life like your favorite car, vacation spot, color, food, sport, and string them together. Example – ChargerMauiGreenSpagettiGolf.  Then change some of the letters like “a” to “@”, “I” to “!”, “L” to “1” and “o” to “0”.  It might look like this – Ch@rgerMau!GreenSpagett!G01f.  That is a hell of a “Master Password” and if you can remember that, your Password Manager will remember and input the rest. 

  • Use Multi-Factor Authentication (MFA) and do not use sites that do not offer MFA.

On top of strong passwords (mentioned above) you should always use MFA.  This is not always done as a condition of setting up your security to an online site.  You have to inquire and take appropriate steps. It is definitely worth your time to ask an online provider if they have MFA.

MFA is simple. When you log into your account successfully with your ID and password, the MFA process begins whereby you get an email, a text or even a phone call that gives you a specific one-time code that you type into a field within your online account. If you do not input the correct code (a 6-8 digit number or alpha numeric code) exactly, it will not let you in. Some MFA systems require you to have an app on your phone to begin. MFA is a second level protection against unauthorized account access.

  • Be critical of your email account(s) and practices. 

You are never going to get an email that will make you rich.  DELETE.  Phishing Scams are the most prevalent. If an email comes from what you think is your bank, it probably isn’t. Do not open it. Delete it and call your bank. Phishers are incredibly good. They will make their email look exactly like the ones that your bank sends you, because they get them too! Check the email address. Most of the time it is not from “my.bank.com”. It is from some crazy email address. If someone out of the blue emails you, like an old friend that you have not heard from in 20 years and says, “I saw your post on Social Media, let’s connect, here is my contact email”. Do Not Click. If you do, you are on your way to severe problems. You must be hypersensitive to email. Scrutinizing your inbox should be your first action. Look at the emails. Assess which ones you know. Delete spam and only accept email from senders you know. Your first act should not be a “click” to open.  Be aware, this is one of the most heinous and gets the most people.  

Although Cybersecurity – Information Technology (IT) – professionals work hard to close security gaps, attackers are always looking for new ways to escape IT notice, evade defense measures, and exploit emerging weaknesses. The latest cybersecurity threats are putting a new spin on “known” threats, taking advantage of work-from-home environments, remote access tools, and new cloud services. These evolving threats include:

  • Malware

The term “malware” refers to malicious software variants—such as worms, viruses, Trojans, and spyware—that provide unauthorized access or cause damage to a computer. Malware attacks are increasingly “fileless” and designed to get around familiar detection methods, such as antivirus tools, that scan for malicious file attachments.

  • Ransomware

Ransomware is a type of malware that locks down files, data or systems, and threatens to erase or destroy the data – or make private or sensitive data to the public – unless a ransom is paid to the cybercriminals who launched the attack. Recent ransomware attacks have targeted state and local governments, which are easier to breach than organizations and under pressure to pay ransoms in order to restore applications and web sites on which citizens rely.

  • Phishing / Social Engineering

Phishing is a form of social engineering that tricks users into providing their own PII or sensitive information. In phishing scams, emails or text messages appear to be from a legitimate company asking for sensitive information, such as credit card data or login information. The FBI has noted a surge in pandemic-related phishing, tied to the growth of remote work.

  • Insider threats

Current or former employees, business partners, contractors, or anyone who has had access to systems or networks in the past can be considered an insider threat if they abuse their access permissions. Insider threats can be invisible to traditional security solutions like firewalls and intrusion detection systems, which focus on external threats.

  • Distributed denial-of-service (DDoS) attacks

A DDoS attack attempts to crash a server, website or network by overloading it with traffic, usually from multiple coordinated systems. DDoS attacks overwhelm enterprise networks via the simple network management protocol (SNMP), used for modems, printers, switches, routers, and servers.

  • Advanced Persistent Threats (APTs)

In an APT, an intruder or group of intruders infiltrate a system and remain undetected for an extended period. The intruder leaves networks and systems intact so that the intruder can spy on business activity and steal sensitive data while avoiding the activation of defensive countermeasures. The recent Solar Winds breach of United States government systems is an example of an APT.

  • Man-in-the-middle attacks

Man-in-the-middle is an eavesdropping attack, where a cybercriminal intercepts and relays messages between two parties in order to steal data. For example, on an unsecure Wi-Fi network, an attacker can intercept data being passed between guest’s device and the network.

Businesses, governments and individuals store a tremendous amount of data on computers, networks and in the cloud. A data breach can be devastating; financially, personal time and embarrassment. 

Thankfully the importance and effort in and of cybersecurity has increased over the years to the point where executives outside of the IT department are taking notice and setting priority. In fact, International Data Corporation (IDC) predicts that global spending on security will eventually reach over $133 billion by 2022 and potentially grow at a compound annual rate in excess of 9%.

The key takeaway? Cybersecurity is a complex practice, and the best way to prevent attacks and protect your information is via a multi-layered cybersecurity approach that weaves together your people, processes, and technology.

Please contact us to discuss further.

Comments are closed.