October is recognized as National Cyber Security Awareness Month, and I’m happy to promote some best practices to help you stay safe online. At Covington, we are vigilant in addressing cyber security risks at all times. It is an ongoing topic of concern for us, our clients, and our regulators. We hope you find this topic informative and helpful in protecting yourself online.
You’ve heard it before—regularly change your passwords. Who has time for that? Do you also use the same or similar password for multiple login accounts? To be honest, I’m guilty of some of this practice. Ultimately, I am not keeping my private data secure, and what’s worse is that I only use my one personal e-mail address for everything. Sound familiar to you?
Receiving sensitive information to your one e-mail address is all too common for many. I have my personal correspondence, vacation information (flights, hotels, car rentals), my financial statements, my house purchase, my health information, my tax filings, etc. going into my personal e-mail address. If someone were to gain access to my personal e-mail account, they would be able to know my life story, including where I like to shop, where I do business, and my personal finances. I don’t delete some of those important emails because they serve as my back-up. Come to think about it, when was the last time I changed my e-mail account password? Well, I did when they sent out a general e-mail stating that my account may have been hacked. Otherwise, never, because I can easily access my e-mail on my phone app with a push of a button without having to login. In order to change my password, I would need to go to the website and then have to remember my password to access my account. (Note to self: That is no excuse, Sarah!)
So, with all of your personal data in one inbox, a fraudster could easily determine when you could be buying a house or going on vacation in order to take advantage of your situation. It is not uncommon for fraudsters to gain access to e-mail accounts and wait and wait and wait for the perfect opportunity. Just recently, I attended a conference where it was shared that a fraudster patiently waited and monitored an e-mail account all while the victim was unaware. The victim was purchasing a house and the fraudster was able to provide the victim with the wiring instructions using a similar e-mail address of the closing company so it didn’t raise any concerns. The victim provided the wrong information to their bank. Once it was discovered that the wrong bank account was used, it was too late and the money couldn’t be recovered. Because the victim provided the incorrect information, the loss was borne by the victim – not the bank.
With the numerous high-profile data breaches that have occurred, I believe you have to operate under the assumption that your user name and passwords are out there on the dark web. That means, at the very least, please change your e-mail passwords regularly, especially if you are like me and have everything go into one inbox. It would be best to change your other important passwords too, such as your financial institutions, healthcare logins, etc., and please remember to not use similar passwords for everything. It sounds like such a chore, but your privacy is very important to maintain. Unique password phrases are becoming the best choice when choosing a new password and using a combination of uppercase, lowercase, numbers and symbols. As an example, and not to be used as your password, a password phrase looks like TheP1ttsburgh$teelers.
Additionally, if the website provides two-factor authentication, please take advantage of this service because it provides an additional layer of security when using your login information. Two-factor authentication is when you need your password AND a random generated passcode to access your account. The random generated passcode could be sent to your e-mail address or texted to your cell phone or it could be a physical security token that you can carry with you and push a button to access the passcode. The two-factor authentication should expire within a certain time period requiring a new randomly generated passcode each login.
I’m changing my passwords, and I’m hoping you do as well and make a conscious effort to regularly change them. Similar to changing your smoke alarm batteries or the water filter in your fridge, passwords should be changed on a regular basis to help protect your personal information online. Maybe mark it on your calendar so that you are more likely to remember it. Ultimately, it can take months or years for a business to become aware of a breach and possibly some time later to notify affected individuals which is why we encourage you to proactively manage your online security and make it part of your routine.
I want to assure you that Covington has numerous safeguards in place to protect client assets. For example, we verify withdrawal requests that are received via e-mail or made online by calling a phone number that we have on file—not one that is supplied in any e-mails. We must talk to clients if a withdrawal is being requested to ensure that it is the client requesting it. Please keep in mind that the safety and security of your information also requires your vigilance. Always double check with the source (with a phone call) because you never know if you’re e-mail account is being monitored. And, as a final reminder, please change your passwords regularly.