According to one study, cybercrime will cost the world $10.5 trillion a year by 2025. Today, every financial account from banks to credit cards to investments offer online access. For investors, the risk of loss from cybercrime ranks as the #1 concern.
Fortunately, there are steps we can all take to increase our online security. For very little money, we can significantly reduce the likelihood that a computer hacker will gain access to our financial accounts. Here are 10 steps you can take to help secure your online accounts.
10 Tips for Securing Your Online Accounts
1. Use a Password Manager
I have four rules when it comes to passwords:
- Change passwords regularly
- Never use the same password twice
- Use 16 character passwords (or longer)
- Passwords should contain upper case letters, lower case letters, numbers and symbols
LMG Security, a cybersecurity and digital forensics services company, notes that an 8-character password can be cracked in about 8 hours, while a 16-character password would take 6.5 trillion years.
The problem with the above rules is that it makes it impossible to memorize all of your passwords. The answer is to use a password manager. My tool of choice is LastPass.
With LastPass you can create widely complicated passwords for all of your online accounts. The passwords are never saved on the LastPass services (they encrypt and decrypt them at the local level–your computer). It can be used on mobile devices, and it even enables you to share sign-on credentials with friends and family (if you want to) without revealing your password.
2. Use VPN
VPN, short for Virtual Private Network, does two really important things to you secure when browsing the internet. First, it encrypts the data sent to and from your browser or app. Second, it hides your IP address. These two features allow you to surf the internet securely and anonymously.
Using a VPN is a must on any public network (coffee shop, hotel, etc.). I use it at home as well. There's no need for my internet service provider to harvest my internet data. Internet service providers are allowed to sell data about our internet usage. A VPN blocks that data.
My VPN of choice is NordVPN. NordVPN can be used on any device, is easy to set up, and is reasonably priced.
3. Set Up Two-Factor Authentication
Two-factor Authentication (2FA) adds an extra layer of protection to your username and password. To log into an account, you'll need to enter a secure code, sometimes referred to as a one-time password (OTP). The OTP is sent via text or email, or through an app such as Google Authenticator, depending on how the financial institution has set up its 2FA.
I use 2FA on every online account that makes it available, including email accounts. While it adds an extra step to logging into an account, the security it provides is priceless. According to a 2019 Microsoft study, 2FA blocks 99.9% of the attacks on an account.
4. Change your Security Questions
Many websites use security questions to verify your identity. Many of these questions ask for information that in theory only you would know. Common examples include your mother's maiden name and your place of birth. The problem is that hackers can get this information, too.
A good friend of mine recently had $150,000 taken from his line of credit. The hackers called the bank and “verified” their identity by correctly answering his security questions. They found the information online. The only thing that saved him was a call from the bank when the hackers tried to wire the money out of his account.
For this reason, I no longer use common security questions. I make sure that the question and answer include information that cannot be found online. If need be, I make up the answers and keep the information stored securely at home (LastPass can store this information for you as well).
5. Set up Alerts
Financial accounts allow you to set up text or email alerts. I use this for any transactions on bank accounts and investment accounts. In this way, I get an instant alert any time money is transferred from an account. On investment accounts, I get notice of a transaction before it's completed. This gives me time to contact the brokerage firm if I didn't authorize the transaction.
6. Don't Click Links in Emails
Be very suspicious of links in emails. If I receive an email purportedly from a financial institution, I rarely click the link. Instead, I'll log into my account to deal with whatever the issue is. And if need be, I'll call the bank or brokerage firm.
7. Don't Call Phone Numbers in Emails
Speaking of calling a financial institution, I never call the number in an email. Instead, I call the number on the bank of my credit or debit card. For brokerage firms, I call the number on my statement or the firm's website. A phone number in an email may not be legitimate.
8. Only Download Apps from App Stores
For apps on a smartphone or tablet, only download them from the Apple or Android app stores. This insures you are downloading legitimate apps that have been approved by the respective platforms.
9. Set up Ability to Track and Wipe Your Phone
Make sure you have the ability to locate your phone and wipe the data from it. This is important if your phone is ever lost or stolen. I had my phone stolen at a chess tournament of all places many years ago. Fortunately, I was able to wipe the data from the phone. It's also important to password protect your phone, too.
10. Use Antivirus Software
Finally, it's important to use antivirus software on your PC and, yes, even your Mac. These tools help detect and remove any malicious code on your computer.
For PCs, my favorite is NortonLifeLock. You can purchase just the Norton Antivirus software, or add LifeLock protection as well. For Macs, Norton also offers an antivirus solution. There are other options, some free. Whatever you choose, it's important to project your computers with antivirus software.
Bonus Tip: Consider keeping your investments in more than one brokerage. If you have a 401k, it's likely at a different financial institution than your IRA, although not always. And when you retire, it's common to consolidate all of your assets at one place. While this is convenient, I'm much more comfortable splitting our assets among two or more brokerage firms.
Computer hacking is a reality we all confront. By tacking a few simple steps, however, we can significantly increase the protection of our online accounts, making it much harder for hackers to gain access. A password manager and VPN are a must, as is setting up 2FA. These steps along can prevent the vast majority of problems.
Rob Berger is a former securities lawyer and founding editor of Forbes Money Advisor. He is the author of Retire Before Mom and Dad and the personality behind the Financial Freedom Show.