The WannaCry ransomware attacks have spread like wildfire across the globe. As White House officials try to pinpoint where the attacks on hundreds of thousands of computers in 150 different countries stemmed from, and how to get locked data released, consumers are left wondering if their most important data is safe.
With nearly 287 million Americans on the internet, handling everything from shopping to portfolio management with the click of a mouse or a tap on an iPhone, there's an extraordinary amount of data being produced every day that cybercriminals would love to get their hands on. This includes everything from Social Security numbers to email passwords and bank account information.
Just last year the global bank-transfer system SWIFT was hacked, and tens of millions of dollars were stolen. If a system like SWIFT is at risk, you can only imagine how accessible our personal data is, and the recent WannaCry hacks make that lesson clearer than ever.
The issue is so pressing in the wake of WannaCry that on May 17 the Securities and Exchange Commission issued a cybersecurity alert for broker-dealers, financial advisors and investment funds that stressed both the importance of undertaking penetration tests and vulnerability scans on critical systems and the necessity of upgrading systems on a timely basis.
The alert noted that in a recent SEC Office of Compliance Inspections and Examinations study of 75 financial firms, 5 percent of broker-dealers and 26 percent of advisors and investment funds did not conduct periodic risk assessments of critical systems to uncover vulnerabilities, potential business consequences and other cybersecurity threats.
There are certainly lessons that consumers should learn from the most recent cyberattacks, too. One big one is that proactive protection is far less painful than dealing with the trail of destruction that's caused when an online thief steals your information. Here are nine easy ways to implement best practices that you can use today to help keep your financial data secure.
1. Use a service that aggregates your financial accounts. The easiest way to review all of your financial accounts quickly for any suspicious activity is to aggregate your accounts with a tool that will show them all in one place. These aggregation services offer an easy way to check your statements and balances but don't allow you to move money, making them much less valuable to hackers. They also mean you will not be regularly logging on to multiple sites, leaving a trail. By limiting access points to your accounts and consolidating into one platform, you'll limit the number of opportunities for hackers to compromise your data.
2. Monitor your accounts regularly. It's good practice to monitor your financial accounts on a weekly, and even daily, basis. If you're using a financial aggregation tool, look for one that will also proactively provide you with account updates by sending you push notifications or emails, and flag any changes to your spending so that you can take immediate action if anything seems abnormal.
3. Utilize two-factor authentication sign-on. When selecting any type of online financial tool, only use one that offers two-factor authentication sign-on. With two-factor authentication, if you log in from a new device, you will be required to provide mobile phone or email verification (or both) to confirm your identity.
4. Don't reuse your passwords, and avoid sharing. Reusing passwords is an age-old mistake that is all too common, leaving you open to an attack. Use a unique password on every bank or financial site you access, and if you use an aggregator, make sure the password is secure and includes letters, numbers and special characters. Not only should you change your passwords at least every 90 days, you should never share password information with anyone (such as a spouse) by email or text, only in person or over the phone.
5. Use read-only apps. When selecting a money-management app or a financial aggregation tool, it is best to use one that is read-only. This means that no money transfers can be made from the platform, and a hacker cannot transfer funds from your account into theirs.
6. Update your operating system (e.g., Windows, IOS) patches. Patches are software updates that correct a security vulnerability. You may have heard that Microsoft recently issued new ones following the WannaCry cyberattack. Updating your patches regularly helps protect your data, and both Windows and iOS have settings that allow them to be updated automatically, so you don't need to think about it.
7. Don't access your financial accounts on public Wi-Fi. Public Wi-Fi networks are prime targets for hackers, as these networks often are not secured. When possible, try to avoid surfing the web on public Wi-Fi, especially if you are accessing your bank or financial accounts.
8. Don't store your credit card information online. Not only are hackers targeting your personal financial accounts, they also frequent the companies and stores you favor. When you shop online, avoid storing your credit or debit card information on your favorite retail sites, as this can leave you vulnerable to a breach. Although entering your information every time you shop online or memorizing your credit card number may be tedious, it's much less tedious than dealing with being hacked.
9. Beware of phishing attempts. Email phishing attempts occur every day – from the obvious "You've won the lottery!" scam to a headline-grabbing attack earlier this month that targeted consumers with a fake shared Google document. Look out for any suspicious emails asking you to download attachments, click on links or share bank information. If you receive a suspicious email that appears to be from someone you know, confirm by phone whether they sent it before you click on any links or attachments.
Attacks such as WannaCry remind me of the truth in the adage "An ounce of prevention is worth a pound of cure." Adopting these best practices and going the extra mile to protect yourself online may seem tedious, but it is far less time-consuming and traumatic than dealing with the aftermath of a hack.
— By Fritz Robbins, chief technology and information officer for Personal Capital