Surviving the Wild West: Must-Do Cybersecurity Tips

July 31, 2020

Allworth Co-CEO Scott Hanson shares a few easy ways you can better protect your personal information (and money!) from criminals.

You probably know someone who’s been scammed out of money or had their social media hacked.

And, if by some miracle you don’t personally know anyone, you’ve surely read about the scourge of recent security and data breaches ranging from Equifax, to Twitter, to Washington state's unemployment system (more than $700 million lost via that program alone).

Incredibly, just in the first eight months of 2019, there were more than 7.9 million separate mass data record exposures (a 33% increase over the previous year), which have resulted in untold billions of dollars lost to fraud.¹

Private individuals, corporations, small businesses, social media, the military, state and federal governments: The electronic world has become the Wild West, and everyone is in the line of fire.

What follows are 3 key aspects of cybersecurity and what you can do to help protect yourself from crime.

Yes, you should regularly change your password

Changing your passwords is a hassle, but please do it.

When a massive, third-party security breach occurs at a company you do business with (and they happen to have your Social Security number or one of your passwords), it’s just a matter of time before the criminals set their super computers to work probing your life so they can steal from you.

The reasons you should not only change your passwords regularly, but use different passwords for each account, include:

It keeps multiple accounts from being hacked
It halts the ongoing syphoning of an account (some hackers electronically steal just dollars or cents each week from millions of accounts at a time)
It stops the possibility of breaches stemming from information picked up from a long lost or forgotten computer, iPad, or cell phone
It keeps what are called “keystroke” loggers at bay. (One of the first forms of cybercrime, software can be attached to a computer that records every keystroke. Ever enter a password on a public computer at a library or Internet café?)

Trade in your passwords for 'passphrases'

According to at least one international cybersecurity company (Trustwave), the best way to protect yourself from hackers isn’t to come up with clever passwords, it’s to use longer passwords called “passphrases.”

If a sophisticated hacking operation sets its computers to figure out your password(s), they eventually will. What keeps you safest longest, however, isn’t the cleverness of the password - it’s the length.

Trustwave completed a study using two $5,000 computers with the goal of figuring out more than 600,000 private passwords. Get this: Within five minutes, more than 300,000 of the passwords were hacked. And within 30 days? 92% of the accounts were breached. (Meaning just 8% were never figured out.)

So, what was it about those 8% of passwords that kept the computers at bay?

Contrary to what we’ve long been told, the passwords that used upper-and-lower case letters, along with numbers and special characters, were no more difficult to crack than if your password was “Tom Brady.” The security firm found that the main difference in the amount of time it takes to hack a password is length.

It took the computers under four days to crack almost every password that was eight characters in length, even when the “gold standard” combination of numbers, upper-and-lower case letters, and special characters was used.

But the security company calculated that if someone uses a password (passphrase) that is, say, 28 letters in length, on average, it would take their $5,000 computers over 17 years to crack.

But who can remember a passphrase that is 28 letters long?

You can. Because it doesn’t have to be complicated.

While nothing is foolproof—and I’m not guaranteeing you won’t be hacked if you use a passphrase—an example of an extremely difficult 28-character passphrase to crack would be something as simple as: “Our house is third from the corner.” (Ourhouseisthirdfromthecorner.)

**Social media is the major criminal portal**

Concerns about cybersecurity are justifiably driving people away from social media.

Just a few days ago, the Twitter accounts of Barack Obama, Bill Gates and Elon Musk were hacked. Why should this matter? Because, first, the hackers, tweeting as Bill Gates (and others), told followers that they would double any Bitcoin donations that they made to a fake account.

Another threat that social media poses occurs when you click on a link provided by someone famous, or by a friend (who’s been hacked), and that link allows the hacker to take over your computer, glean your personal information (often without you even knowing), and throw your life into chaos.

Besides the obvious risk to your finances, if you store personal information, such as photos, on your computer or phone, you risk embarrassment or even blackmail in the event you get hacked.

Social media is a key entry point for hackers. And when not properly secured, there’s simply too much personal information (your email address, mother’s maiden name, or your phone number) available, which is all these computers need to eventually access either your private or financial life.

So, for starters, what can you do to help keep yourself safe from hacks?

First (and this is but a partial list), update your antivirus software. Even if you make a mistake and click on a bad link and it allows some “super virus” in, it’s likely that you’ll know you’ve been attacked.

Second, enact two-step verification on every platform (social media, financial, personal, etc.) that you use. (My two-step verification preference is to have the business entity send a five-digit code to my phone that must be entered before I can access my accounts.)

Third, double check your social media access to make certain that your phone number and email address are not available to the general public.

In closing, being part of the digital world means you are vulnerable. And protecting yourself takes time and vigilance. But as I tell my children, an ounce of prevention is worth a pound of cure. Taking the time to button down your cyberworld now and then could save you a lot of time, energy and frustration later on.

¹^{https://www.npr.org/2020/05/22/860682218/washington-state-hit-hard-by-unemployment-fraud}

²^{https://www.infosecurity-magazine.com/news/longer-password-harder-to-crack/#:~:text=Mixing%20upper%20and%20lower%20case,to%20new%20research%20from%20Trustwave.&text=%E2%80%9CWe%20recovered%20more%20than%20half,just%20the%20first%20few%20minutes.}

Advisory services offered through Allworth Financial, a Registered Investment Advisor | Disclosures | Privacy Policy

Securities offered through AW Securities, a Registered Broker/Dealer, member FINRA/SIPC. Check the background of this firm on FINRA's BrokerCheck.

HMRN Insurance Agency, LLC license #0D34087

¹Barron’s 2024 Top 100 RIA Firms. Barron's© magazine is a trademark of Dow Jones L.P. The ranking of independent advisory companies is based on assets managed by the firms, growth, technology spending, succession planning, and other metrics.

² Retention Rate Source: Allworth Internal Data, FY 2022

³ The NBRI Circle of Excellence Award is bestowed upon NBRI clients meeting one or both of the following criteria: Total Company score at or above the 75th percentile of the NBRI ClearPath Benchmarking Database and/or improvement of five (5) or more benchmarking percentiles in Total Company score over the previous survey.

⁴ As of 7/1/2024, Allworth Financial, an SEC registered investment adviser and AW Securities, a registered broker/dealer have approximately $22.5 billion in total assets under management and administration.

⁵ InvestmentNews 2020 and 2021 Best Places to Work for Financial Advisers. The ranking reflects survey responses and scores completed by both employers and employees. Employers report their organization’s workplace policies, practices, and demographics. Employees complete a survey designed to measure the employee experience.

⁶ 2021 Value of an Advisor Study / Russel Investments

⁷ Ranked 9th Top Wealth Managers By Growth in Assets in the U.S. from RIA Channel, 2022. RIA Database and RIA Channel are registered trademarks owned by Labworks, LLC.

⁸USA Today Best Financial Advisory Firms 2024. The ranking is based on the growth of the companies’ assets under management (AUM) over the short and long term and the number of recommendations they received from clients and peers.

⁹NBRI Best in Class Ethics 2023. The Best in Class level is bestowed upon clients performing at or above 90 percentile of the NBRI ClearPath Benchmarking Database.

^✢ Scott Hanson, Investment Advisor 2005, 25 most influential people in the financial services industry. The ranking reflects 25 people who Investment Advisor magazine believes have had or will have the greatest influence on the financial services industry.

^✼Pat McClain, InvestmentNews 2014, Invest in Others Community Service Award, presented to an advisor who has made an outstanding impact on a community through managerial contributions to a non-profit organization.

^†Financial Times, FT 300 Top Registered Investment Advisers, June 2019. The ranking reflects six areas of consideration including the company's years in existence, industry certifications of key employees, AUM, asset growth, SEC compliance record and online accessibility and calculates a numeric score for each company.

Certified Financial Planner Board of Standards Inc. owns the certification marks CFP®, CERTIFIED FINANCIAL PLANNER™, CFP® (with plaque design) and CFP® (with flame design) in the U.S., which it awards to individuals who successfully complete CFP Board's initial and ongoing certification requirements.