Are These Eight Mistakes Compromising Your Financial Security Online?
Worried about identity theft? Consider avoiding these eight mistakes.
In 2017, 16.7 million Americans’ lives were impacted by identity theft. With the rise of online messaging, banking and shopping, criminals can intercept your personal data from anywhere in the world.
So, as we move through Cybersecurity Awareness Month (October), consider taking stock of your online habits and activity. Are you inadvertently exposing your private financial details? Today, we’re sharing eight of the most common online missteps and the steps you can take to protect yourself.
- Using weak passwords
Are you using your birthdate or spouse’s name as your go-to password? An overly basic password may be easy for you to remember but can also be guessed quickly by even an amateur identity thief.
Opt for complex passwords, incorporating uppercase and lowercase letters, numbers and special characters (like @, & or %) whenever possible. If you struggle to remember your new login details, consider taking advantage of a password manager like LastPass or 1Password. These companies store your passwords for you and use sophisticated security measures to keep them safe.
- Setting up less-than-secure security questions
If you do wind up forgetting your login information, many websites allow you to reset your password by verifying your identity through answers to customized security questions. But setting up the wrong types of question-answer combinations can actually allow someone else to bypass your strong password and reset it.
Whenever you have the option, avoid choosing security questions whose answers can be discovered with a quick online search. Google, people searches and social media make it easy for a complete stranger to find out your wedding date, your pet’s name and your alma mater. So select questions whose answers are unchanging, are memorable and aren’t easily guessed or discovered. Some examples include your childhood dream job, your kindergarten teacher’s last name and the town where you met your spouse.
- Neglecting to monitor your financial accounts
If your financial information is misused or stolen, spotting the fraud early on is key to minimizing the damage and expediting the cleanup. Consequently, it’s essential that you review your financial accounts and credit history regularly.
Start by making a monthly appointment with yourself to inspect statements from your bank, credit cards, lenders, brokerage firms, utility companies and more. Set up alerts on your accounts to notify you of high-value purchases, overseas transactions or big withdrawals. And take the time every year to review the accuracy of your three free credit reports.
- Taking the phishing bait
Has someone claiming to be a banking representative e-mailed you to request your account password? Or have you been asked to call an “IRS agent” to provide a credit card number in order to pay a bill you don’t owe? If so, you’ve likely been on the receiving end of a phishing scam — a criminal attempt to extract money or sensitive information.
The solution? Keep your personal information close to the vest. Never send passwords, PINs or Social Security numbers in e-mail or call an unfamiliar number to provide them. Handle your financial communication through secure, confirmed company channels — your account’s online messaging center, the business’ customer service line, etc.
- Completing transactions on unsecured websites
If you’ve ever bought something online, you’ve probably noticed a little lock icon or even a “secure” notification alongside your browser’s address bar. These comforting indications signal that you’re interacting via an HTTPS connection with a site that has an active SSL certificate. In other words, the personal data you enter on that site are all encrypted and protected as they travel the Internet.
Just be sure that you look for those signs before keying in sensitive data online. Always check the web address to ensure you’re on a legitimate company site with an HTTPS connection.
- Leaving your devices unprotected
Even if the individual websites you visit offer you security, you’re in trouble if your computer, phone or tablet itself rolls out a welcome mat for hackers.
Protect your technology with regularly scheduled scans from antivirus software and malware protection. Watch out for unsecured wireless networks, as what you do online can easily be viewed by third parties. And, if you do jump on an unsecured network, take advantage of a virtual private network (VPN). A VPN, which shields your online activity, is both easy and inexpensive to install on all your devices.
- Using automatic sign-ins
To save you time and hassle, many sites and browsers offer you automatic sign-in, the ability to log in to a site with a pre-saved password. On a secure device and for certain sites, this type of login may offer convenience without compromising security. For instance, your home desktop machine is likely a good candidate for automatic sign-in to your e-mail or Netflix accounts.
But allowing some sites and devices to bypass your password can give criminals who snatch your tech an easy way in to your personal accounts. Think twice before permitting your browser to log you in automatically to bank accounts, credit card sites and shopping sites. And consider skipping automatic sign-ins entirely on work computers, mobile phones and devices you frequently take out in public.
- Sending unencrypted messages
You wouldn’t post a password, a credit card number or your kid’s Social Security number on your Facebook wall. But you may be tempted to think that an e-mail is 100% private. So maybe you’d feel comfortable shooting your spouse or teen a quick e-mail containing that kind of sensitive data.
Unless you encrypt your e-mail however, your message is vulnerable to interception and use by hackers. You probably already enjoy the benefits of encrypted communication at the office. With a few steps, you can take advantage of extra e-mail security in your personal messaging as well.
Check with your existing e-mail service provider. Some, like Gmail, do offer encryption for at least a portion of your e-mail’s journey. Additionally, there are e-mail client applications (like Microsoft Outlook) and plugins that may work with your service provider to offer full encryption benefits.