Cybersecurity Safeguards: Protecting Your Digital World

Aaron Kirsch: Thanks for joining us. I’m Aaron Kirsch, Chief Client Advocacy Officer at GreenUp Wealth Management. October is cybersecurity month and we’re using the internet more and more every single day.

At GreenUp, we’re committed to your financial success and your financial well-being. So, on this podcast, we’re going to talk about ways to stay safe online. With me to discuss how you can protect yourself is Alex Fishman, Chief Operating Officer and Chief Technology Officer at GreenUp. Hi Alex.

Alex Fishman: Hi Aaron, happy to be here.

Aaron Kirsch: Alex, you’re really knowledgeable about current technology trends, and you recently received a course certificate from MIT.

Alex Fishman: Yes, Aaron. It’s an exciting space to be in right now. I recently went through a course on artificial intelligence and its implications for business strategy. Every day, technology is becoming more and more sophisticated, more and more differentiated, and it’s even more important to stay safe online.

Aaron Kirsch: Great, Alex. Let’s go over some of the basics for staying safe online, and let’s start with the ubiquitous password. Everyone hates passwords. Everyone hates having to come up with new passwords. But it’s really important to have strong passwords. Alex, can you tell us why that’s so important?

Alex Fishman: Passwords are something that’s evolved over many, many years and you can no longer get away with one, two, three, four, five as a password anymore. This is something that is really instrumental in saying safe online with technology continuing to evolve.

It’s ever more important to do a couple of key things to make sure your passwords keep you safe online. Passwords are the gateway to a lot of your information as they sit in different companies’ and institutions’ online databases. And so, when you think about your passwords, you want to make sure that there’s a couple key things that you have that are updated and that are a little bit unique to you as a person. So, Aaron, I’m happy to go through some of those, but hopefully, that gives you a high-level overview.

Aaron Kirsch: Yes, it does, Alex. Thank you. Can you give us some examples of — you mentioned one, two, three, four, five as a password — can you give us some examples of weak passwords and ways to make them stronger? And then tell us a little bit about some advice you have for good password management.

Alex Fishman: Things that you want to avoid are things that are easily found online. So, think about your phone number- you don’t want to incorporate that, your address, anything that could be publicly identifiable information are things you want to avoid in your password. What you do want to include in your password are things like unique characters and symbols like exclamation points or at signs- numbers that are unique to you that no one else would know. These are things that will help increase the complexity of your password. It’ll help increase the likelihood that you’ll stay safe online. Now, that all comes with a big challenge: the more complex your passwords are, the more difficult they are to remember.

Those are a couple great use cases out there for password managers. Password managers are systems that store your passwords for you. They’re secured and can help ease the burden of having to remember passwords or write them down, which ultimately can lead to more risk if your passwords are written down.

Aaron Kirsch: Yes, Alex, and I’ve seen some people do things like instead of using the letter O they use a zero. Instead of using the letter A, they use the at sign. So, there’s ways to substitute things and make your passwords complex and hard to guess.

Alex Fishman: Absolutely. Get creative with it. Like I said, being unique is the most important thing. Things that no one else would know are keys to having a great password.

Aaron Kirsch: Thanks Alex. Another thing that is related to having a strong password is something called multi-factor authentication. Alex, can you tell us what multi-factor authentication is and why it’s important?

Alex Fishman: Multi-factor authentication is a process of having a third party validate that you are logging into a website. Now that’s a really long way of saying this is what happens when you get a code texted to you. That code being texted to you is proving to the website that you are who you say you are, that it’s not someone trying to impersonate you online because you’re going to be the only one who has access to your phone at that point, and can receive the text message.

So texting is one way for multi-factor authentication. There’s other encryption keys that can be used as well. But definitely getting a code texted to you, or a one-time password to your email address are the most common ways for multi-factor authentication.

Aaron Kirsch: Right, so if a bad actor gets your password, they probably don’t have access to your cell phone. So, they might try and log in using your password, but without your phone and that code in order to enter it to get in, they can’t get to your information.

Alex Fishman: Right. There’s no way for them to physically be on your phone to retrieve that code.

Aaron Kirsch: Thanks Alex. Alright, let’s talk about phishing. And phishing is P H I S H I N G. It’s like fishing with an F, but with P H. Alex, this is something that many people have heard of and some people haven’t yet. What is phishing?

Alex Fishman: Phishing is one of the longest-tenured cybersecurity issues that have been around. This originated really at the advent of email. And it is just like fishing, like you’re going fishing in a lake or on the ocean. People are dangling interesting things in inboxes to see if you’ll click on them, to see if you will share information that is known only to you, like bank accounts or credit card information. They’re really just trying to bait the hook with an email to get you to share something online. The problem with this is a lot of times it looks legitimate, and can be very confusing for people who receive these emails.

I think a good rule of thumb with this is just know that most institutions, whether it’s a bank, credit card, financial institution, GreenUp, whatever it might be, they’re not going to ask for this type of confidential information via email. That type of information is going to be requested over the phone, and you’re going to get to validate that you’re talking to a real person to give that information.

And you also want to be aware of who the email is coming from. In a lot of different cases, it looks legitimate, but you can sometimes tell that it may not be a legitimate email when things are misspelled, or you mouse over the email address and you see it looks kind of funky and there’s a lot of different letters and numbers with it. There’s some really clear-cut things that show maybe we shouldn’t click on this. And that’s probably the best rule of thumb: If you’re skeptical of it, if you’re unsure of who sent this or what it is, just don’t click it. Just go ahead and delete it, and you can even report it as spam or mark it as phishing.

Aaron Kirsch: That’s great advice, Alex. And it’s pretty obvious when there’s an email coming to you that’s asking for information that the institution should already know. Your bank already knows your social security number, your address, your phone number. They’re not going to be asking for that via email.

So, Alex, what are some other things that people can do if they’re just not sure whether it’s a legitimate email or not?

Alex Fishman: I think the other things people can do if they’re skeptical about an email is really take a good look at who it’s from, if you have a relationship with who it’s from, and then use the phone. Don’t reply by email. Don’t share anything additional and definitely don’t click anything If you get an email from an institution that you do work with, but you’re concerned about it. The best thing to do is pick up the phone, give them a call, and see if it was legitimate.

Aaron Kirsch: Thank you, Alex. And then there’s something somewhat related to phishing with some newer technology out there. Some of this is pretty sophisticated stuff. There’s new technology out there that can mimic people’s voices. Alex, can you talk a little bit about how bad actors are using this technology for phishing and trying to steal your personal information?

Alex Fishman: Absolutely. So, as you mentioned when we started this podcast, technology is becoming more and more sophisticated every day, and that means that the people who want to use technology to do harm are becoming more and more sophisticated with it as well. And one of those instances is people using or mimicking voices of family or friends, oftentimes to request money over the phone, to request confidential information. It really just kind of varies, but they’re trying to get something that wouldn’t normally be shared by sounding like someone that you may know.

This is becoming more and more prevalent with spam calls, phone calls coming in on a regular basis, spam text messages coming in on a regular basis. You just want to be ultra cognizant from numbers that you may not recognize and situations that may sound abnormal. I think the best way that I’ve heard to be able to manage this type of situation is if you have somebody who’s calling and saying that they’re your family member, but you’re skeptical, and they’re asking for money- have a code word set up with your family so that if you are concerned that this isn’t the right person calling, everybody should know that code word. And if they don’t know the code word, you should hang up immediately. But have some type of mechanism where your family knows that they can validate themselves to you in case there is real trouble.

Aaron Kirsch: That’s great advice, Alex. Alright, let’s move on to something called malware. Alex, what’s malware and what does it do, and what do we need to be careful about?

Alex Fishman: Malware is software that can either be on your computer or on your phone. And you can think of it kind of like an infection for your piece of technology. What malware is trying to accomplish is the same thing we’ve talked about with phishing, with voices being mimicked over the phone. People are trying to collect your personal information to extract bank account numbers, credit card numbers, those types of things.

This is something that can be difficult to detect. You’ll want to continue to make sure you’re not clicking on any links that look suspicious. Sometimes you’ll get a text that says you may be going over your data limit- click here to make sure that you don’t do that. That is one that you definitely don’t want to click. Your wireless company will send you emails, or maybe even call you to let you know if you’re going over your data limit.

You want to be cognizant of those types of things. And the other piece is to make sure you’re never downloading anything from an untrusted source. And if you do have concerns about what’s being downloaded or you’re skeptical, again, reach out to whoever is asking you to download this to just double-check.

Aaron Kirsch: Fantastic, Alex. Thank you. Lastly, I want to talk a little bit about identity theft and financial scams. Alex, this is more and more prevalent every day. It’s so much easier to steal people’s identity than to walk into a bank and try and steal money. Alex, what are some of these scams and what can people do about it?

Alex Fishman: Aaron, this is really what a lot of these different techniques roll up to, is that people are trying to steal identities to steal resources. And so, if you have concerns about identity theft, about anything being hacked online, there are some steps you can take to ensure that you are safe. I would say firstly, what I would recommend is monitoring your credit report and looking for activities that you don’t recognize, cards that have been opened in your name that you’ve never opened. You can do this in a variety of different places. A lot of times your bank or your credit card that you currently have will offer you a free credit report. That’s something great to monitor on an ongoing basis to ensure that there isn’t something fraudulent that’s been opened. You can sign up for text alerts. You can sign up for emails when your credit is pinged and get a sense of when that is happening.

Let’s say worse comes to worse and something does happen. What you can do is you can also freeze your credit. This is a service that’s offered through the major credit agencies and allows it so that if someone tries to access your credit report, whether it’s legitimate or fraudulently, you will be notified and they won’t be able to pull down that information. So, if you’re interested in that, that’s something that you can always do proactively. I know a lot of people who have their credit reports frozen all the time, and anytime they apply for something that needs a credit report, they just go ahead and unfreeze it. I think the step of monitoring your credit is also a great technique to ensure that nothing is happening from bad actors on your credit report.

Aaron Kirsch: That’s great advice, Alex. I froze my credit for me and my wife and actually my kids too with their social security numbers, which means that if anyone was to try and open up a new bank account or a credit card with any of our social security numbers, they just can’t.

Alex Fishman: Aaron, I think that’s a great idea to be proactive. It just all depends on what your activity is online and how safe you feel.

Aaron Kirsch: So, Alex, we talked about having strong passwords, we talked about third-party multi-factor authentication, phishing, malware, and ways to monitor your credit to protect yourself. Do you have any closing thoughts?

Alex Fishman: My closing thoughts would be to stay vigilant out there. The technology of the world increases in efficiency and speed every day and technology can be used for both good and bad reasons, so it’s incumbent upon all of us to make sure that we’re taking proactive steps to keep ourselves safe online, staying vigilant about where we store information, the passwords that we use, and the things that we click on.

Aaron Kirsch: Alex, thank you so much for sharing this valuable information with us.

At GreenUp, we care about your financial wellness and your overall financial security. And your friends and family- they’re an extension of you, so please invite them into the GreenUp community and share this podcast with them so they can stay safe online as well. For Alex Fishman and the entire team at GreenUp Wealth Management, I’m Aaron Kirsch. Thanks for listening.