Cyber Security Awareness Month a great time to check online habits

October is National Cyber Security Awareness Month, and the timing is perfect given recent highly publicized security breaches affecting Home Depot, JP Morgan Chase, the iCloud, and the social media site Snapchat. IT departments worldwide work around the clock to protect their firms’ networks, but do we personally take all the measures necessary to protect our online lives?

I’m guessing that if we’re honest, most of us would admit that we’re not protecting ourselves sufficiently. And many of us might also admit that we do not really know where to start. With improving technology allowing the bad guys to develop increasingly sophisticated hacking programs, we might not be able to protect ourselves completely, but we can certainly take measures to make it very difficult for our information to fall into the wrong hands.

Keeping personal information secure might seem obvious, but this goes beyond locking your file cabinet and storing important documents in a safe. It also means you should be very careful about sharing your information. If you receive a telemarketing call, do not provide any sensitive information until you have a chance to confirm the caller’s identity and the legitimacy of the business or organization he or she claims to represent. Never provide your Social Security or bank account numbers before verifying how the information will be used. And please be careful — erring on the side of suspicion — when you receive emails that seem too good to be true.

Believe it or not, almost $13 billion was lost in 2013 to Nigerian email schemes. These are the messages claiming you have won a Nigerian lottery and all you have to do to collect your riches is send your bank account information. These messages should be deleted immediately, but if you are even remotely tempted to respond, first ask yourself … did I buy a Nigerian lottery ticket? If the answer is no — and it most likely is — then how on earth could you have won the jackpot? This might seem silly to you, but unfortunately our desire for instant wealth causes us to do foolish things.

Limiting what you carry is a simple way to help keep your information secure. The obvious items to leave at home are your Social Security and Medicare cards. You should also limit the number of debit and or credit cards you carry with you. The more you carry, the more opportunity there is for you to lose something. And if your wallet or purse is stolen with all your cards inside, you won’t have any backup at home. Taking this a step further, you may even want to stop carrying your debit card altogether.

Federal protection for fraudulent charges on credit cards is significantly stronger than federal protection for debit cards. Credit card holders will be responsible for only $50 as long as the credit card company is notified within 60 days. Debit card holders will be subject to that same limit, but only if the bank is notified within two days of the charges. The cardholder will be responsible for up to $500 if the bank is notified between two and 60 days. And the cardholder may be responsible for all charges if the bank isn’t notified within that first 60 days. Remember, these are the federal guidelines; your financial institution may choose to be more lenient with respect to what it credits back. Even if that’s the case, experts suggest you avoid using your debit card in the following situations:

• Paying at the pump: The gas station will put a hold on your account that could last a few days.
• Shopping online: With a credit card, you can do a charge-back if you do not receive the order.
• At the supermarket: Skimmers have been found on supermarket card readers.
• When renting a car: Rental companies may run a credit inquiry on you if a debit card is used.
• Making a major purchase: Same as shopping online.
• When setting up auto pay: The billing company may continue charging even after the account is closed.

Perhaps the most important thing to remember with debit cards is that once the money is out of your account, it will be very difficult to get it back. With a credit card, there is time to dispute the charge and hopefully the situation is resolved before you have to pay the bill.

Keeping your passwords safe and secure is a huge part of protecting your information. Here are 10 of the most common password mistakes:

1. Using obvious passwords like “123456” or “password” or your name.
2. Writing them down.
3. Using the same password everywhere.
4. Not using additional security.
5. Keeping passwords too short.
6. Sharing passwords with others.
7. Not using secure browsing sessions.
8. Not securing your machine when others use it.
9. Not changing passwords regularly.
10. Not using a password manager.

So how can you create better passwords and actually remember them? First of all, as stated above, you should change your passwords regularly and make sure they are fairly long. Studies show that password length is actually more effective than complexity. Unfortunately, nowadays we have so many online accounts it is nearly impossible to remember all of our passwords. That’s where a password manager can help. A password manager stores your login information for all the sites you visit and then helps you log into them automatically.

(Continued)

So rather than remembering all of your individual passwords, you only have to remember the master password to your password database. For extra protection the master password is encrypted. The thought is that since you only have to remember one password, you will make it sufficiently complicated, you will protect it, and you may even change it more often.

You may not like the password manager, so there are other ways of developing good passwords that you can remember. One method I like is the root-word method. This involves using the same root word in all your passwords but adding something unique based on each website. For example, if your root word is something like “RaceCar43” and you are logging into Amazon.com, you could establish a password like amaRaceCar43zon. Or for Facebook, your password could be FaceRaceCar43book. In this scenario, you just have to remember your root word and the formula used with each site. Obviously, it is important to use a good, complex root word. And, of course, you never want to share your root word with anyone.

Another method for protecting your passwords is to “lie” on the password reset questions. Among other things, these questions ask for your mother’s maiden name, the name of the street you grew up on, or the name of your first pet. First of all, if given an option, you should choose a question for which the answer is not public knowledge, like your mother’s maiden name or the street you grew up on. But if you have no other choice, you can provide an answer that isn’t necessarily true. Just make up an answer that you know you will remember. This way if hackers actually take the time to research your background, they may find what the answers should be, but they won’t match what you actually entered.

Some websites take password security a little further than others by offering two-factor authentication. With two-factor authentication, an additional step is required to access the online account. Most often, this additional step involves sending a random code to a cell phone or other mobile device. So the way this works is when you visit the site you first enter your user ID and password. At that point, the site will send an access code via text to your cell phone. You then enter that code to finally access the site. Obviously, this makes it difficult for other people to enter your account because in order for them to do so, in addition to knowing your user ID and password, they would also have to possess your cell phone.

Yet another solution for remembering difficult passwords is quite simply to let yourself forget them. This might not be ideal for sites that you access frequently, but it might be perfect for sites you seldom visit. This way you have to change the password each time you log in. So you are accomplishing two things. First, you avoid writing the passwords down and, secondly, you end up changing them rather frequently, which will hopefully keep you a step ahead of the hackers.

One final note about passwords: Please do not share them with anyone who does not legally have the right to access your accounts. You truly never know who you can trust. Shockingly, one study found that 32% of identity theft victims discovered a family member or relative was responsible for stealing their identity. That same study found that 18% were victimized by a friend, neighbor, or in-home employee.

Robert Schneider, CFP, RICP, is vice president, relationship manager for Cleary Gull.

Click here to sign up for the free IB ezine — your twice-weekly resource for local business news, analysis, voices, and the names you need to know. If you are not already a subscriber to In Business magazine, be sure to sign up for our monthly print edition here.