Cybersecurity Tips from a 30-year Veteran of the FBI

Date: Dec 15 2017

Family Office Exchange

Cybersecurity is a topic of great concern among our members as many face the challenge of keeping family members and their financial information safe. Scott Augenbaum, a 30-year veteran of the FBI, offers the following 15 cybersecurity tips that don’t cost a lot of money or take a lot of time, but that can help you eliminate 90% of your risk of experiencing a cyberattack:

  1. Think before you click on a link or open an attachment; become a human firewall and question every email.
  2. Intrusion Detection Systems are a must, but they will not stop everything as virus writers write in excess of 50,000 new viruses a day.
  3. Use separate passwords for mission critical accounts, such as: bank accounts, investment accounts, tax returns, iCloud accounts, LinkedIn, Facebook or personal email.
  4. Strong passwords need to be longer than twelve characters in length with capital and lower case letters, numbers and a special symbol. NO dictionary words, birthdates, your children’s names, etc.; think passphrase instead of password.  
  5. Updated operating systems are a must as Microsoft doesn’t support XP anymore.
  6. Patch your system - Microsoft updates, java and adobe.  
  7. Multifactor authentication is a must on Facebook, LinkedIn, Outlook 365, Gmail, LogMeIn, VPNs and financial accounts.
  8. Consider a separate computer for critical business functions.  If you can access your client records on a computer that is used for Facebook and personal web surfing, you are putting yourself at risk. If you are gaining remote access to your company, and you are using a home computer that you share with your kids, you are putting your organization at great risk.
  9. Do not surf the Internet as the Administrator on a computer. If you purchase a computer and you are the only user, chances are you are the administrator.  Go to the control panel; create a new profile; give it administrator access; and change your profile to regular user.
  10. Back up your mission critical files on a daily basis. There have been numerous cases of ransomware that turns a company’s critical data into useless information unless you send $500 in bitcoin to a bad guy in Eastern Europe.
  11. Have a plan for your organization.
  12. Practice smart online banking.
  13. Don't store your password in the browser, it’s the same as leaving your keys in the car for ease and convenience.  
  14. If you can access your information in the cloud and all you have is a password, be prepared for the information to be stolen.  Use multifactor authentication.
  15. You need to have a strong password for your smart phone; if you are using an Android, consider an intrusion security suite.  

Scott notes, as you might expect, that once the bad guys get your stuff, it’s usually too late.

While there is no way to ensure 100% security in today’s world, simple things like securing your email, taking care with your passwords and revisiting your internal controls related to the movement of money provide added protection:

  • If you don’t currently have multi-factor authentication on all of your email accounts, please do this today. Multi-factor authentication asks you to authenticate that you are who you say you are by supplying not only your password, but a unique code sent to your phone or an external app. Click here to access step-by-step instructions for setting up two-factor authentication for your  Yahoo!Mail, Gmail and Microsoft Outlook accounts.
  • Do not use and reuse common passwords. When a thief finds one password, he can usually access multiple accounts.
  • Whenever transferring funds or wiring money, make sure that your procedures involve confirming the transaction by phone with the person directing the transaction. Most data breaches today happen via email.

What steps will you take today to protect the information in your care?