The WannaCry ransomware attacks have spread like wildfire across the globe. As White House officials try to pinpoint where the attacks on hundreds of thousands of computers in 150 different countries stemmed from, and how to get locked data released, consumers are left wondering if their most important data is safe.
With nearly 287 million Americans on the internet, handling everything from shopping to portfolio management with the click of a mouse or a tap on an iPhone, there's an extraordinary amount of data being produced every day that cybercriminals would love to get their hands on. This includes everything from Social Security numbers to email passwords and bank account information.
Just last year the global bank-transfer system SWIFT was hacked, and tens of millions of dollars were stolen. If a system like SWIFT is at risk, you can only imagine how accessible our personal data is, and the recent WannaCry hacks make that lesson clearer than ever.
The issue is so pressing in the wake of WannaCry that on May 17 the Securities and Exchange Commission issued a cybersecurity alert for broker-dealers, financial advisors and investment funds that stressed both the importance of undertaking penetration tests and vulnerability scans on critical systems and the necessity of upgrading systems on a timely basis.
The alert noted that in a recent SEC Office of Compliance Inspections and Examinations study of 75 financial firms, 5 percent of broker-dealers and 26 percent of advisors and investment funds did not conduct periodic risk assessments of critical systems to uncover vulnerabilities, potential business consequences and other cybersecurity threats.
There are certainly lessons that consumers should learn from the most recent cyberattacks, too. One big one is that proactive protection is far less painful than dealing with the trail of destruction that's caused when an online thief steals your information. Here are nine easy ways to implement best practices that you can use today to help keep your financial data secure.
1. Use a service that aggregates your financial accounts. The easiest way to review all of your financial accounts quickly for any suspicious activity is to aggregate your accounts with a tool that will show them all in one place. These aggregation services offer an easy way to check your statements and balances but don't allow you to move money, making them much less valuable to hackers. They also mean you will not be regularly logging on to multiple sites, leaving a trail. By limiting access points to your accounts and consolidating into one platform, you'll limit the number of opportunities for hackers to compromise your data.
2. Monitor your accounts regularly. It's good practice to monitor your financial accounts on a weekly, and even daily, basis. If you're using a financial aggregation tool, look for one that will also proactively provide you with account updates by sending you push notifications or emails, and flag any changes to your spending so that you can take immediate action if anything seems abnormal.
3. Utilize two-factor authentication sign-on. When selecting any type of online financial tool, only use one that offers two-factor authentication sign-on. With two-factor authentication, if you log in from a new device, you will be required to provide mobile phone or email verification (or both) to confirm your identity.
4. Don't reuse your passwords, and avoid sharing. Reusing passwords is an age-old mistake that is all too common, leaving you open to an attack. Use a unique password on every bank or financial site you access, and if you use an aggregator, make sure the password is secure and includes letters, numbers and special characters. Not only should you change your passwords at least every 90 days, you should never share password information with anyone (such as a spouse) by email or text, only in person or over the phone.