Cybersecurity remains a hot topic in the financial industry. In the past few years, our professional and personal lives have become more dependent on the internet than ever. Hackers, cyber-criminals, and fraudsters are exploiting unpatched software, or using social engineering to steal your data. With targeted exploits and attacks on the rise, everyone wants to know what to do to stay safe online. Human error is the biggest contributor to cybersecurity threats. While volumes could be written about best practices in hundreds of different situations, we are addressing some recent issues, buzzwords, and trends.
Many cyber-attacks start with phishing and email account compromise scams. Phishing emails are fraudulent emails, designed to get you to click a link, or open a file attachment, or take some kind of action. Phishing emails originate from a fraudster but are designed to look like they are sent from friends, coworkers, businesses, and other legitimate entities. Fraudsters have perfected their techniques, so you cannot always rely on poor grammar, spelling errors, strange file attachments and suspicious links to identify fraudulent emails. Email compromise scams are even harder to identify, because a hacker has gained access, or taken control of a legitimate email account. Then, the hacker steals any valuable information in the email account and may send malicious emails to trusting recipients. You should continue to be suspicious of any email from first time or infrequent senders, or emails with an urgent call to action or threats. Contact the sender outside of email before taking actions suggested in the email.
“Pig Butchering” is a newer term used in cryptocurrency fraud. In this scenario, a scammer reaches out via email, social media, or messaging platforms to strike up a friendship. Once the friendship has progressed, they encourage the victim to invest in cryptocurrencies with fraudulent websites. When the cryptocurrency value rises, more money is encouraged to be invested, thus “fattening the pig.” In the end, the scammer will “butcher it” and run off with the money, leaving the victim without any way to identify the scammer. Talk with your JMG Advisor about any cryptocurrency investments.
Smart Devices or IoT (Internet of Things) continue to be hacking targets because of their internet connectivity. Examples of these devices include doorbell cameras, smart thermostats, smart kitchen appliances, fitness devices, and self-driving cars. Attackers will often use them as ways to access other networked devices in your possession. One big challenge is to keep all your devices updated with the latest features and security patches. Consumers are responsible for updating devices that cannot be updated automatically. If a device is outdated and can no longer receive security updates, the device should be retired. Advertisements displayed on these devices may become more widespread over time, thus reducing their functionality. The most significant challenge may be privacy; device providers and manufacturers could collect and sell consumer data without proper notice or consent. Even with all these challenges addressed at the current time, the future may bring additional changes. Companies that build these devices need to convince consumers that these devices are secure and non-invasive.
Your smartphones and tablets are a huge cybersecurity liability. With great amounts of personal and professional data at your fingertips, comes the desire to make security and apps easy to operate. Make sure your device has a screen lock configured with a password or PIN and utilize biometric security options like Face ID and Touch ID. You should be able to remotely locate and lock a lost or stolen device, and erase or wipe it if necessary. Consider turning off the “geotagging” feature in your camera which embeds your GPS location in photos, which could be used to track you on shared photos. Turn on automatic updates, and verify the updates are being applied regularly. The regularly issued security patches for apps proves they are not always secure, and with apps consuming the device’s resources, removing unneeded apps is best. Mobile apps such as TikTok have recently been identified as a national security concern which should prompt users to remove the app from their devices.
Users should be aware of how their data is being stored, backed up, and transmitted. When storing data such as pictures, videos, legal, financial, and tax documents online, or in the cloud, a strong password with two-factor authentication should always be used. You need to ask yourself what would happen if your online storage got hacked, suddenly went out of business, or locked you out. While this requires more upkeep, it’s still recommended to back up data to an external hard drive and store it in a secured location like a safe deposit box. When sending and receiving documents with confidential information, never send them with your personal or work email account because the email may be exposed during transmission and storage. Use secure portals, or encrypted email services which guarantee your message is secure. JMG uses ShareFile as a secure portal and we can also communicate with encrypted email when needed.
Passwords are still relied upon to secure all types of online and cloud-based accounts. Passwords should always be more than eight characters, and be as complex as possible with uppercase, lowercase, numbers, and symbols. Having more than 100 account logins is common, so having a unique password for each login is impossible to remember. Resetting forgotten passwords can be time consuming and frustrating. We’ve seen websites get hacked, and passwords leaked online, which makes reusing passwords a dangerous practice because hackers will use the leaked password to access your other accounts. That’s why we recommend using a password manager such as Bitwarden, 1Password, or Dashlane to store and manage your unique and complex passwords. JMG previously recommended the password manager LastPass based on their security and standing with many security professionals. In 2022, LastPass suffered a breach which resulted in theft of some encrypted password vaults. The vaults should take millions of years to open, or crack, but you could be at risk if you have a simple master password configured, and/or do not have two-factor authentication enabled. Some data in these vaults, like website addresses, were not encrypted, which hackers could use to help find your existing accounts. LastPass users are encouraged to change their passwords and migrate away from the platform. To find out if any of your account information has been exposed, the website www.haveibeenpwned.com allows you to search across multiple data breaches to see if accounts linked to your email address or phone number have been compromised.
With the recent cybersecurity breaches of many large corporations, there might be a sense that companies, and not individuals, are being targeted. However, everyone has the opportunity to increase awareness of cybersecurity and improve your personal security for the future. For more information about cybersecurity awareness, visit www.staysafeonline.org.
Please remember that past performance may not be indicative of future results. Different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment, investment strategy, or product (including the investments and/or investment strategies recommended or undertaken by JMG Financial Group Ltd. (“JMG”), or any non-investment related content, made reference to directly or indirectly in this writing will be profitable, equal any corresponding indicated historical performance level(s), be suitable for your portfolio or individual situation, or prove successful. Due to various factors, including changing market conditions and/or applicable laws, the content may no longer be reflective of current opinions or positions. Moreover, you should not assume that any discussion or information contained in this writing serves as the receipt of, or as a substitute for, personalized investment advice from JMG. To the extent that a reader has any questions regarding the applicability of any specific issue discussed above to his/her individual situation, he/she is encouraged to consult with the professional advisor of his/her choosing. JMG is neither a law firm, nor a certified public accounting firm, and no portion of the content provided in this writing should be construed as legal or accounting advice. A copy of JMG’s current written disclosure Brochure discussing our advisory services and fees is available upon request. If you are a JMG client, please remember to contact JMG, in writing, if there are any changes in your personal/financial situation or investment objectives for the purpose of reviewing/evaluating/revising our previous recommendations and/or services, or if you would like to impose, add, or to modify any reasonable restrictions to our investment advisory services. JMG shall continue to rely on the accuracy of information that you have provided.
To the extent provided in this writing, historical performance results for investment indices and/or categories have been provided for general comparison purposes only, and generally do not reflect the deduction of transaction and/or custodial charges, the deduction of an investment management fee, nor the impact of taxes, the incurrence of which would have the effect of decreasing historical performance results. It should not be assumed that your account holdings correspond directly to any comparative indices. Indices are not available for direct investment.