Strong Cybersecurity Starts with Solid Cyber Hygiene

A Q&A with Chrissy Lee, Chief Operating Officer, Merit Financial Advisors, and Mark Hurley, CEO, Digital Privacy & Protection

While families across the country are settling into fall with shorter days, cooler weather, and cozy weekend activities, October provides another reason for us to lean into our families by reassessing our cybersecurity habits. Shockingly, cybercrime is a $10.5 trillion business worldwide-bigger than the sale of all illegal drugs combined.

Chrissy Lee, Chief Operating Officer at Merit Financial Advisors, sat down with Mark Hurley, the CEO of Digital Privacy Protection, and our cybersecurity partner, to get a pulse on the current landscape of cybercrime and how individuals can help themselves, their families, and their larger communities stay safe amidst digital threats.

CL: Thank you, Mark, for your partnership and for sharing your expertise with Merit for Cybersecurity Month. Can we start by understanding how cybercriminals are currently operating and who they are targeting?

MH: Certainly. Industry experts place cybercrime into two categories: stealing your money or causing harm to individuals. Most Americans tend to think of the first scenario more, where cybercriminals target banking, custodial, or brokerage accounts to steal money or identities to steal your credit. Today, ID theft is a $54 billion industry. More nefarious is when cybercrime is used to cause harm to individuals, often due to a lack of cyberprivacy protection.

Protecting your cyberprivacy involves limiting the personal information that you share online and, more importantly, controlling who can access it. You can do this by enabling privacy and security settings on your devices, apps, browsers, and search engines. In particular, it is essential to turn on the privacy settings for your social media accounts. If you don’t, cybercriminals don’t need to hack into your account to see your personal information; it will be exposed for anyone to access. They specifically and aggressively target the elderly and teenagers.

CL: I’ve also seen an increase in phishing-style emails from recognizable brand names asking customers to verify profiles and sending invoices to sow confusion in the hopes that individuals will take action and contact them. I recently learned that PDFs can contain computer viruses, not just links. It seems that cybercriminals continue to get more sophisticated.

MH: That’s certainly true and an important reminder that everyone must use good cyber hygiene to protect their wealth, themselves, and their families. Today, criminals may call people directly and pose as a company representative, claiming that there has been a breach, typically after they’ve hacked into an account. These fraudsters then prompt individuals to enter a passcode into their device. They are unbelievably sophisticated and persuasive. This is a great reminder that companies will never call you; they will lock your account and make you call them. If a company is calling you, chances are it’s a scam.

CL: That’s a great piece of advice. How else do you advise individuals to protect themselves online at a high level?

MH: When in doubt, don’t open the email or answer the call. Understand that cybercriminals can learn a lot about you and your family. I recently heard of an individual who had planned to visit Paris and was emailing their financial advisor about their trip. Meanwhile, a criminal had hacked into their email account, saw the itinerary, changed the password to the account, and asked the advisor to wire money to buy an apartment abroad. 

CL: It’s incredible to hear about the kinds of information that cybercriminals are gathering to use against everyday individuals. So, how do these scams change as we age? For example, are older individuals targeted by different scams than younger ones?

MH: The older you are, the more at risk you are of cybercrime. However, kids are increasingly targeted by online predators; in fact, the FBI has a separate unit dedicated to monitoring this. Criminals gather information from parents’ and grandparents’ social media accounts and then pose as a peer of the opposite sex online to target vulnerable teenagers. Posing as their soulmate, these criminals will encourage the teens to share incriminating photos and then blackmail them with those images.

There is also a devastating new trend of fake kidnappings. Cybercriminals exploit gaps in social media privacy settings to clone voices and download videos, then trick individuals into believing their relatives are in danger. AI software can clone voices and images that can easily manipulate video and audio calls, and even divert calls to the criminals.

I always ask people if they would put a camera inside their house and then provide access to the outside world to see everything happening in their personal life. Without proper privacy settings on your social media accounts, you are effectively doing just that.

CL: That’s a great point and a big wake-up call, especially for parents of minors. What else can you say about the habits of cybercriminals right now?

MH: Cybercriminals love homes equipped with smart technology, including timers on lights, because these homes are connected to a central WiFi system. Once they breach that one piece of technology connected to a home network, they can access every other piece of technology connected to that network.

For example, an executive at a large financial company with which my firm was recently working woke up one day and found the passwords on his home network and devices had been changed, and he could no longer access them. Additionally, cybercriminals accessed his bank and custodial accounts, attempting trying to steal money. Fortunately, we were able to prevent them from stealing any funds, but it took over a week to fully restore his systems. We discovered that the attackers came in through the doorbell camera and monitored the house for two weeks, recording passwords as they were entered into devices. They came very close to stealing a substantial amount of money.

While technology offers many benefits, it has also enabled criminals to become more sophisticated. Computers can now correctly guess any eight-digit alphanumeric password – that is upper case and lower-case letters, numbers, and symbols – in less than one second. However, 18-digit alphanumeric passwords take 79 billion years for computers to crack. By using unique, lengthy, and randomly generated passwords for each account and never reuse them, individuals can make it significantly more difficult for criminals to compromise their security.

CL: What should victims of cyber-attacks do and how can they take steps to protect themselves in the future?

MH: Understand that you have to move as fast as possible. When your password is compromised, you need to change it immediately. Depending on the severity of the incident, you also might need to contact authorities. There are three main ways we recommend individuals to protect themselves online:

• Use a password manager – This encrypted software stores all your passwords securely. Our firm recommends Keeper, which is easy to use and requires you to remember only one lengthy password to protect all your digital accounts.
• Use a virtual private network (VPN) – A VPN encrypts your online traffic so that others cannot intercept or copy your passwords. We recommend Surfshark for this purpose.
• Use a private, paid email account – This should be used only for authentication purposes with your online accounts. Your email account should be anonymous (e.g., use your initials instead of your name) and avoid using free email services like Gmail or AOL. Our firm uses and recommends OpenSRS.

CL: I would also add that it’s just a matter of time before one of your passwords is breached but outside of these excellent tips there’s a lot that individuals can do to protect themselves daily. By not using public WiFi or plugging your phone USB into a public hotspot or a rental car, you will eliminate about 75% of the issues. Thank you for your time, Mark. Is there anything else you want to touch on?

MH: Custodians and banks spend billions of dollars a year on cybersecurity, but the weakest link is usually the client. Take a few extra steps to protect your digital privacy and brush up on your digital hygiene. You’ll be glad you did.

If you missed our recent cybersecurity webinar, you can access the complimentary recording here. You can also reach out to your Merit financial advisor to find out more about our partnership with Digital Privacy & Protection.