May 28, 2019
Deep down, we all know it. Our lives aren’t private anymore. Chances are very good that much of our personal and financial information is already being traded, in bulk, on the dark web. Heck, 800 million people were victimized in just three breaches at Facebook, Equifax and Marriott alone.
So why go through all the trouble to protect our identities anymore?
After listening to cybersecurity expert John Sileo’s story, you’ll know why. John not only had his identity stolen by a woman who took out a mortgage in his name and drained his bank accounts, but he spent two years defending himself in court against accusations of embezzling $280,000 from his software company’s clients. This crime actually was committed by a man he trusted and hired as an employee who used his identity.
Of course, the stress and financial loss of these events were enormous. But what angers him most is the quality time he lost with his young daughters while dealing with these crises — time no insurer can ever pay back.
That’s when John, now chief executive officer of The Sileo Group, a Colorado-based cybersecurity training firm, realized that it’s not just about the security of data, it’s about the security of everything.
“Knowledge doesn’t cause change. Only your emotions do,” John told attendees of an Aspiriant event for clients in San Francisco. “Take it personally.”
Cybercrime is a severe problem as thieves become increasingly more sophisticated with their techniques. There’s an entire underground industry built on accessing and trading stolen personal information. By accessing your private data, such as log-in information and financial accounts, criminals don’t have to go through the hassle of impersonating you. They can steal directly from you and people you do business with.
Therefore, it’s essential to protect yourself by undertaking important security measures. During his “The Hacker’s Blacklist” presentation to our clients, John explained five top threats to your personal data and what you should solve first.
1. Social Engineering — The art and science of human manipulation
How quickly are you to answer personal questions asked by a stranger? How often do you leave your laptop, purse or cell phone at a table while you go to the buffet or mingle at a party? How much personal information is on your social media sites?
“Why take the effort to hack into computers when all you have to do is ask?” John points out. He advises “be skeptical,” ask questions and be less trusting of your environment in order to manage your privacy footprint.
Also, keep your social media sites private and don’t publish personal information such as vacation plans, birthdates and other details that might be used to gain access to your accounts.
2. Spear Phishing
Spear phishing involves targeted emails that imitate someone you know or who is in a position of power to gain access, information or money. This may be an email purportedly from a colleague or family member urgently telling you to click a link to transfer money to solve a problem or complete an important transaction.
Spear phishing is a more sophisticated approach to trick you into supplying information compared to general phishing, such as an email supposedly from UPS telling you they are holding a package and to click a link for details.
With either type of email, John says be suspicious and don’t click on the link. Hover over it and read it from right to left. The URL will let you know if it’s not from the company it says it’s from. Do the same for the sender’s email address.
If you’re still not certain, call the person or financial institution directly and ask if the email is legitimate. If it’s not, they’ll want to know about the scam.
A reliable, third-party spam filter will take care of 98% of the risk of receiving phishing emails, John adds.
3. Weaponized Ransom Worms — “Ransomware”
This is malware that holds your data hostage until you pay a ransom. The criminal warns that if you don’t pay, your information will be deleted. Half the time, even if you do pay, your data is gone.
What should you do if you get an ominous ransom message? John says shut the computer down and immediately get help from a professional cybersecurity expert.
But don’t wait for this to happen. Back up all your data with a real-time, encrypted, off-site and live-tested system. Live-tested means you’ve already confirmed you’ll be able to access your stored data when needed.
John also recommends using “two-factor authentication.” The extra 15 seconds it takes to verify the person you’re dealing with is legit gets rid of 99% of “man-in-the-middle” attacks, he says. Two-factor authentication is now widely available, even on social media sites such as Facebook.
4. Hotspot Sniffers
Free wi-fi can be tapped or spoofed. You think you are logging into the local Starbucks wi-fi, but it’s one letter off and you don’t realize it. John says you’re better off using your cell phone’s data service, which is encrypted when passcodes are turned on, or a personalized hotspot.
5. The Internet of Things
Like Elvis, the internet is everywhere: your cars, your refrigerator, your baby’s toys. What good is a home security system that allows you to look at your front door on your cell phone if the system gets hacked and thieves can still get in?
John says that whenever you buy a “smart” device, ask whether access to it is secure and the data on it, if any, is encrypted. And be sure to change default passwords. To help manage all the passwords you need, John recommends third-party password managers that can assign secure passwords and keep track of them for you. Then you’ll need to remember only one password — make it a long, unique one.
Most criminals don’t want to work that hard. On the street, a thief may walk by a row of parked cars, looking for the one that’s unlocked, rather than loudly and dangerously break a window to get in. Cybercriminals are no different. By making it more difficult for them to access your personal data and steal your identity, you may save more than money — you can save precious time you’d rather spend living the life you want to live.
Want the latest wealth management tips, investment insights and Aspiriant news delivered straight to your inbox. Sign up for regular Fathom updates so we can send you the most relevant content you selected below.