facebook twitter instagram linkedin google youtube vimeo tumblr yelp rss email podcast phone blog search brokercheck brokercheck Play Pause

Cybersecurity Protection Tips

The Bad: Cybersecurity attacks continue to be on the rise. Russian retaliation, tax scams, and changes in business operations during the pandemic are some of the reasons why cyber-attacks are increasing and projected to continue. 

The Good: Phishing emails and weak passwords still remain the top initial attack vectors. Why is this good news? Because it means that we still have some control in protecting ourselves. Understanding human behavior, educating ourselves in areas of cybersecurity, and taking diligent measures will always remain the first line of defense.

The Following are some tips to keep in mind, explore further, and act on at your own pace. Baldrige Asset Management and your custodians, Charles Schwab and Fidelity Investments, have taken steps to increase our cybersecurity defenses. All of the steps below (and many more not mentioned) we apply in our business practice and highly recommend to our clients.

  • Don’t open attachments in emails unless you know who sent it, what the attachment is, and double check that the email is the exact email address from the sender you know. *(We have hyperlinks imbedded in this email. As you hover over, look for https:// to know that it’s generally safe, the site is recognizable, and it’s also coming from a trusted source – in this case, us! When in doubt, call the sender to double check. They may have been a victim of phishing which resulted in an email sent out with malicious attachments or links.)*
    • A “spoofed” email can mimic a trusted email or domain by using different letters or numbers to appear only slightly different than the original. For example: edbaldrige@baldrigeasset.com (not quite his email address, but you may not notice) or erb@baldridgeasset.com (only one letter off from the real email address).
    • A “spoofed” email can disguise the “From” field to be the name of the trusted source. For example, the name may look like it’s from “Ed Baldrige”, however when you hover (but don’t click) over the email address it’s something else entirely. 
  • Try not to take quick or serious action as a result of an email. Cyber attackers often hope for the instinct of panic, fear, and urgency to kick in. For example: the IRS will never email you, a Microsoft or Apple representative will never call you asking to remote into your computer to download an urgent software update, and your “friend” is not going to text you asking to wire them money in an emergency. The more time you give yourself to stop and think, the better. You can visit the official IRS website for information, check Windows or Apple for updates, and call your friend to check in on them.
  • Don’t email your accountant, financial advisor, business partner, or family member anything that has sensitive information, i.e. account numbers or social security. Use portals, encryption software, or password protection. If your accountant does not offer a secure way for you to safely send documents (more and more accounts are providing this service), ask them to consider upgrading to a secure file sharing system or to provide you an alternative.
    • Getting used to portals and other secure methods like e-signing takes time, but that extra 10 minutes in the present could save you weeks of headaches in the future cleaning up after an identity theft attempt.
  • Ensure your devices (computer, tablets, cell phones, smart watches, e-readers, etc.), various programs, and virus protection software are all up to date and set to auto-update. 
  • Turn off Bluetooth when not needed, log out of websites completely upon exiting, and don’t transact over public Wi-Fi.
  • Practice social media safety. Be cautious when accepting “friend” requests on social media, following links, or clicking on a video inside a message. Avoid online quizzes. 
  • Enable multi-factor (also known as two-step) authentication for all available applications.
  • Check your three free credit reports annually and consider using an identity theft monitoring tool. Remember that identity theft tools alert you after something happens, they do not guarantee protection.
  • Last, but certainly not least:
    • Use strong, unique passwords or passphrases. The longer the better. 
    • Don’t use personal information as part of your login ID or password. 
    • Never reuse passwords (even on seemingly harmless websites).
    • Never write a password in an email (even a separate email).
    • Consider using a password manager

We hope this list is not overwhelming, but instead, provides you with some guidance to take a step and protect yourself a little more than you are today. “The hardest part is getting started.” 

Learn more 

Visit these sites for more information and best practices:

Until Next Time,

Diana Lormand, FPQP™
Director of Client Services