Best Practices for Managing Personal Cyber Risk

Safeguarding your financial assets is a core component of any wealth management strategy. While many high-net-worth families take the precautionary steps necessary to protect their wealth by working with trusted financial advisors to diversify their portfolio or secure their retirement income, many would be surprised at their level of exposure to the threats posed by cybercriminals.

In 2017, 143 million Americans were affected by cybercrime, totaling $19.4 billion in financial losses. According to a 2017 study from Campden Research, more than a quarter of ultra-high-net-worth individuals, families, and family businesses have been a victim of a cybercrime, yet roughly 38% do not have a cybersecurity plan in place.

To help protect your online data from the reach of cybercriminals, it is important to understand your risks and implement best practices to mitigate them.

Where Are Your Risks?

Are you aware of the potential weak spots in your online accounts? It is vital to have a keen awareness of how a cybercriminal could gain access to your various accounts and leverage your sensitive information for criminal gain. First, individuals should make a complete inventory of all their online accounts. Next, labeling the frequency of use for each of these accounts should be considered, and one should weigh the personal impact (“Low, Med, High”) if such accounts became compromised. Putting this inventory on paper will give you a tangible starting line in assessing and ranking your online risks.

Control Your Access

If someone stole your username and password to an important online account, could they get in? The reliance of a single password is not only risky, but also outdated. Many websites now support two-factor authentication for their accounts. Requiring a second factor of authentication is an effective measure against unauthorized access. Two-factor authentication combines information that you know, such as a pin number or username/password, with something you have, such as a token (number) generated by a smartphone app.

If you put your inventory to paper, do your online accounts offer two-factor authentication? If the answer is “I don’t know”, click here to find out which websites offer the security measure. If you have confirmed your website supports two-factor authentication, please consider enabling it immediately (if you have not already).

Reduce Your Attack Surface

Looking at your inventory, how many of your online accounts are still actively used? If you determine that an account has not been used or accessed in years (and perhaps unneeded), consider closing it altogether. By taking such steps, you reduce the chance for cybercriminals to slip past poor security measures and access your confidential and private information. Stolen information, regardless of its nature, could most likely be used against you in the form of fraud or extortion.

Do Not Underestimate the Threat

The criminal hacking community is surprisingly organized, with dedicated resources to help online criminals in their nefarious craft. While these hackers may vary in age and skill level, they all represent a very real and diligent adversary that easily outmans the uninformed online consumer. While many people rely on various technologies (antivirus, for example) for security and protection, the first best defense against online threats is the informed, risk-aware consumer.

With the current understanding of online risks, I think the old adage still rings true: “an ounce of prevention is worth a pound of cure”.

The information and data contained herein has been obtained from sources believed to be reliable, but is in no way guaranteed by Welch Hornsby as to its accuracy. Opinions and projections are as of the date of their first inclusion herein and are subject to change without notice to the reader. As with any analysis of economic and market data, it is important to remember that past performance is no guarantee of future results.

Written by Jon P. Atchison

The information contained in this communication may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer.