WannaCry Ransomware attacks have spread like wildfire across the globe and the news in the recent weeks. And as White House officials try to pinpoint where the attacks on hundreds of thousands of computers in 150 different countries stemmed from, and how to get locked data released, consumers are left wondering if their data is safe.
As a consumer-first fintech firm, it is our #1 priority to help the community and our users protect themselves from malicious attacks on their financial data. While WannaCry Ransomware has not impacted Personal Capital’s service to its users, it is still critical for consumers to know these 10 best practices for keeping their financial data secure:
1. Use a service that aggregates your financial accounts: The easiest way to review all of your financial accounts quickly for suspicious activity is to aggregate your accounts with a tool that will show them all together in one place. At Personal Capital, for example, our users aggregate an average of 15 different accounts, and can view transactions across all of them by logging into Personal Capital’s dashboard. The easier it is to review your accounts, without sacrificing security, the more often you’ll be able to do it.
2. Limit access points to your financial accounts: Consumers have countless financial accounts, and the more financial sites they log into, the more they open themselves up to threats. Limit the number of times you log into your individual financial sites (by using a financial aggregation service), and you’ll limit the number of threats that can compromise your data.
3. Monitor your accounts regularly: It’s good practice to monitor your financial accounts on a daily and weekly basis. When you use a financial aggregation tool that shows all of your accounts in one place, look for one that will also proactively give account updates by sending you a push notification or an email, which will enable you to flag any changes to your spending.
4. Utilize two-factor authentication sign-on: When selecting a financial app, use only the apps that have two-factor authentication sign-on, meaning if you log into a new device you will be required to provide mobile phone or email verification to confirm your identity.
5. Use read-only apps: When selecting a financial aggregation tool or money management app, it is best to use a read-only app. This means that no money transfers can be made from the app, and a hacker cannot transfer your funds to their accounts.
6. Don’t reuse your passwords & avoid sharing: Reusing passwords is an age-old mistake that leaves consumers open to an attack. Use a unique password at every financial site, and make sure to use a financial aggregation service with a secure password. Change your passwords at least every 90 days. Avoid sharing your financial account passwords with anyone. And if you do need to share a password, for example with your spouse, share passwords in person or over the phone, not by email or text. Do not use a shared password on non-shared accounts.
7. Update your operating system (e.g. Windows, IOS) patches: Patches are software updates that correct a security vulnerability. Be sure to update your patches periodically to protect your financial, and other, data. Both Windows and iOS have settings that allow patches to be updated automatically, so that you don’t need to remember to manually update your software.
8. Don’t access your financial accounts on public WiFi: Public WiFi networks are prime targets for hackers as these networks often are not secured. Try to avoid surfing the web on public WiFi, especially if you are accessing your bank or other financial accounts.
9. Don’t store your credit card information online: When you shop online, avoid storing your credit or debit card information on your favorite retail sites as this can leave you vulnerable to a breach. While entering your information every time you shop online or memorizing your credit card number may be tedious, it’s much less tedious than dealing with being hacked.
10. Beware of phishing attempts: Email phishing attempts occur every day. Look out for any suspicious emails asking you to download attachments, to click on links or to share bank information. If you receive a suspicious email that appears to be from someone you know, confirm by phone whether they sent it, before you click on any links or attachments.
Personal Capital’s executive team consists of highly regarded individuals who have started multiple security companies. Bill Harris (Personal Capital founder and chairman) built three different cybersecurity companies and served on the board of directors of RSA Security, the largest cybersecurity company in the world. Together with Bill, Mark Goines (Chief Strategy Officer), Ehsan Lavassani (Chief Engineering Officer) and I built PassMark Security, an online authentication system used to secure some of the largest financial institutions in the United States, such as Bank of America.
At Personal Capital, we make security for our customers a priority.
A version of this appeared on CNBC.com. Read the full article “How to Keep Your Money Safe from Cyberattackers”