Protecting your confidential information from technological threats has never been as important as it is today, and should be part of any good wealth protection plan. I recently presented a client event on Protecting Your Wealth From Outside Threats. As you might imagine, given the status of current events, protecting one’s sensitive information was a topic of considerable interest. This post is intended to summarize that presentation and help not-so-tech-savvy people dramatically improve the security of their information.
1. Use Complex, Diverse Passwords
If you use simple passwords, it’s just a matter of time until you get hacked and possibly fall prey to identity theft or another form of fraud. Security experts recommend having passwords that are 18 characters or longer (when possible), have both numbers and characters, capital and lower-case, and at least 1 special character (e.g. !, %, &, etc.). If you follow these guidelines, it would likely take decades, rather than minutes to crack your password. And don’t use the same password for multiple sites. As difficult and cumbersome as all this may sound, it’s easy with the assistance of a good password management software. Using a good password manager allows you to only need to remember one complex password, while actually having the security benefit of a different password for each site—passwords you don’t need to remember. Password manager typically keep all of your passwords secure by encrypting them. It can also automate the login process for you, potentially saving you time and simplifying your life. An 18-character password isn’t sounding so bad anymore, is it? Personally, the use of a password manager probably saves me 10 minutes a day, and more importantly, it just gives me a little peace-of-mind. For a resourceful article by Information Week discussing reputable password managers click here: 10 Top Password Managers. If password managers aren’t your thing, many security experts recommend creating a sentence as your password, which is likely much easier to remember than 18 random characters. Another alternative, store your passwords on a device that—has never, is never, and will never—be connected to the internet. Even then, make sure it’s encrypted.
2. Implement 2-Factor Authentication
Tired of getting your email hacked? Has anyone ever gotten into your email account and sent out a bunch of spam to your friends? One very effective solution to this is an additional layer of security called 2-factor authentication (aka Two-Step Verification). Let’s say someone wants to hack into your email account. They perform a brute force attack and eventually determine the correct password (because the password guidelines above weren’t followed). Normally, your email account would be hijacked at this point and many bad things could likely result (e.g. malware, phishing attacks against your friends and family, the perpetrator would gain access to other sensitive information, your password might be shared with many other hackers, etc.). If you had 2-factor authentication, however, they’d need to type in another string of numbers that only you have, which automatically changes every 30 or 60 seconds. Typically, this string of numbers is viewed on your smart phone or on a small key chain like device the size of a USB flash drive. Problem solved. You can use 2-factor authentication for more than just email, as well. For example, you can use it for your password manager, which is VERY wise. Google Authenticator and Yubikey are two popular examples of 2-factor authentication. If you have a Google Gmail account, for example, you can just go into your account’s security settings and set up “2-Step Verification.” Our firm actually uses 2-factor authentication through RSA SecurID and Symantec ID Protection to access clients’ account information. Like most tech security, it may seem complicated if you’ve never done it before, but it’s really quite simple. For a good overview and explanation on how to implement it, here is a good place to start: Two-Step Verification.
3. Don’t Email Sensitive Information
As tempting as it may be to avoid an extra layer of complexity, just don’t email sensitive information. When you send an email, the information is public for the whole world to see. If you have sensitive information to share, consider using a more secure means such as phone, fax, mail, personal delivery, etc.—or use software to encrypt the content in the email. For example, if your confidential document is in Microsoft Word or Excel format, elect to encrypt the document and add password protection. Depending on your version of Microsoft, just go to File -> Protect Your Document -> Encrypt With Password. Some companies will actually allow you to upload confidential information through their site and they’ll encyrpt it for you. Our firm, for example, allows clients to use an encrypted document upload tool through a leading document management provider. Remember, encryption is your best friend in terms of tech security.
4. Properly Secure Your Wireless Network
If you don’t use a home wireless network then you can skip this tip. If you’re like most people, however, you have a wireless router which, of course, allows you (and potentially others) to conveniently access your internet wirelessly. Of course, if anyone else gains access to your wireless network, the information that resides on your computers and network are fairly easy to access. Not to mention, you could be held liable for the web sites that the perpetrator visits. Properly securing your wireless network is not as simple as just adding a password to the router, but it’s still fairly easy. First, make sure you use WPA or WPA2, not WEP, as your security type. (This will make sense when you are setting up your password for the router.) Avoid the WEP security type like the plague, because it’s simple to hack by a fraudster. If you only have WEP, it’s time to buy a new router. Also, if you’re going to grant house guests wireless internet access, make sure your router has a separate guest access feature, which prevents them from accessing your private network. Last, but not least, check to see if you have a button on your router that says “WPS.” If you do, turn it off. It’s a serious security threat. I’ll spare you the details.
5. Encrypt Your Hard Drive
As previously mentioned, encryption is one of the most effective and immediate ways to protect your data. Just as encryption can add security to documents, passwords, and wireless networks, it can also protect your hard drive. Without an encrypted hard drive, for example, if someone stole or otherwise gained access to your computer, your confidential information would be exposed, even if your computer was password-protected. Many people mistakenly think password-protection is the same as encryption. The key difference is that with encryption, your hard drive’s contents are scrambled and look like a bunch of random, undecipherable characters and a key, usually a password, is used to decrypt it. Without encryption, one could just open the gate (e.g. bypass the password) and access your property. One reputable tool to encrypt your hard drive is by a vendor called, TrueCrypt, and it’s available at no charge.
Clearly, this list is not an end-all-cure-all to data security, and is not intended to be a complete list. If you utilize these suggestions, however, your confidential information will likely be much more secure than the average individual.