Imagine being a teacher who receives an email that appears to be from the school principal requesting the signature of a time-sensitive document. Acknowledging the urgency of the email, you immediately open the attachment and inadvertently download malicious software to your school computer. With one click you have initiated a chain of events that leads to a district-wide ransomware attack that shuts down all computer and internet usage for two weeks. This may sound like a nightmare, but it was the experience of teachers, school staff, and faculty around the country during the most heavily tech-dependent time in modern history, the 2020-2021 school year.
While students and teachers attempted to adapt to virtual learning during the COVID-19 pandemic, cyber criminals were also hard at work exploiting the vulnerable position of school districts all over the United States and abroad. Sadly, this is the reality we face today, as we become more comfortable and dependent on technology, individuals and criminal organizations are upping the efforts to steal and endanger our most precious data.
Unfortunately, cyber security threats and crime do not exclusively concern businesses and large organizations like school districts. According to the US Department of Homeland Security’s #beCyberSmart campaign, 47% of American adults have been victims of cybercriminals through the exposure of their personal information. Weak passwords, careless clicking, and unsecured Wi-Fi networks all contribute to a growing number of victims worldwide.
How Can We Protect Ourselves?
Fortunately, there’s a whole community of professionals committed to stopping cybercrime. Here are a few of their recommendations for how to protect yourself from phishing.
- Assume your current password is awful. The first thing wrong is that “password” is singular. If you use the same password all over the Web, you’re begging for trouble. It should be long, complex and non-sequential. While that means “ABC” and “123” are bad strings, so are “QWERTY” – the first six characters of the familiar Sholes-Glidden keyboard design – and “2580” – the four numerals down the middle column of a 3×4 phone touchpad. The problem is at least as bad as you’ve already guessed; as recently as November 2020, the most popular password was “123456”.
- Use two-factor authentication. It’s a bit of an inconvenience, but it’s worth it – particularly if your health or financial records are at stake. Two-factor authentication, or 2FA, involves you entering a password on the site’s landing page, then entering a PIN received via text message before you can access your account information. Depending on the site, you might be able to set up a fingerprint, or facial recognition 2FA layer instead of a PIN.
- Secure your device. Nobody should be able to access your computer or phone without a passcode. Aside from that, it’s also important to keep up to date with the latest operating system patches. They are almost always pushed through in response to attempted or successful hacks.
- Don’t overshare via email. Even if an email appears to be from a brand you trust, don’t respond with any personally identifiable information or anything related to your bank or credit card accounts. “Emails are like postcards. Anyone can see them,” a cybersecurity expert recently told us. One more point: If an unexpected email offers you a link to click, don’t. These are known as “phishing” emails, just like the ones many teachers fell for last school year, they are meant to trick you into downloading malicious sofware or sharing personal information with cybercriminals.
- Don’t be a victim. If you believe the federal government will have you arrested if you don’t respond to this email, or that you have $1,000 credit with Amazon, or that a Nigerian prince needs your help transferring his money from one account to another and is willing to pay you for your assistance, then you’re being naive. By the way, this kind of scam – called phishing or social engineering – is older than the internet and is just as likely to reach you via the phone. “The IRS does not call you – ever,” our cybersecurity expert tells us, “they do all their correspondence by mail.”
Who is Keeping Your Money Safe?
Financial services firms must follow a litany of regulations for how they protect your money—that is good news for everyone.
“For financial services companies in the US, laws addressing cybersecurity expectations and requirements include the Gramm-Leach-Bliley Act (GLBA), the Bank Secrecy Act, the USA PATRIOT Act, the identity theft red flags rule, and Sarbanes-Oxley. Banks are regularly examined on their compliance with these rules, as well as published information security guidelines and bulletins,” according to British-based global law firm Latham and Watkins. These guidelines have made the US financial services sector one of the most aware and sophisticated industries facing cybersecurity threats.
In addition to these guidelines, broker-dealers and investment advisors are subject to the authority of the Securities and Exchange Commission, which concentrates its cybersecurity operations in the Office of Compliance Inspections and Examinations. It is OCIE’s duty to identify cyber-risks stemming from firms’ auditors and other third-party vendors. The operative law is Regulation SP, which requires firms to safeguard the confidentiality of customer records. It’s important to note that OCIE offers only guidance and that there is little in the way of concrete rules governing financial firms’ cybersecurity.
Still, there are best practices as identified by the Financial Industry Regulatory Authority, an industry self-regulating organization chartered by the SEC. FINRA’s guidance centers around:
- Vulnerabilities specific to branches as opposed to headquarters
- Asset inventory exposure
- Insider threats
- Privileged user controls
- Data loss prevention
- Third-party risk
There is also a list of practices that can be employed to protect yourself from phishing related to the underlying technology. Of course, executive and management support is as critical to any cybersecurity initiative, just as it is for any other initiative. These systems are only as useful as the people sitting in the chairs, so training is a key consideration, as is penetration testing – having white-hat hackers try to infiltrate the system before the black-hats find the way in.
We are Here to Help
What we hope we’ve provided you today are some concrete steps you can take to protect yourself from phishing and mitigate your chances of having your money or your identity stolen online.
There are other habits you could adopt to optimize your cybersecurity. Chrome is not the only browser, nor is Google the only search engine available. SMS isn’t the only way to exchange text messages. There are inherent risks in using all of those, and they have competitors whose key value proposition is that they protect users from hacks that can come via those channels. You probably don’t need to go that far, but we wouldn’t blame you if you did. There are also things you could be doing in the social media realm to make sure that Facebook, Twitter and their peers don’t know more about you than you care to tell them – and that you take steps to make sure they do not share your data without your permission, to further protect yourself from phishing. Finally, you may rest assure that your advisors and the entire Smith Anglin Financial Team will always work relentlessly to keep your money and data safe!
Gross domestic product grew at a 6.6% annual rate in the second quarter, slightly faster than originally calculated, according to the second estimate released by the Bureau of Economic Analysis. The update reflects upward revisions to nonresidential fixed investment and a more favorable mix of exports and imports.
Initial jobless claims for the week ending August 28 came to 340,000, a 14,000 week-over-week decrease to the lowest level since the start of the Covid-19 pandemic. The four-week moving average was 335,000, a decrease of 11,750 from the previous week’s revised average.
Total nonfarm payroll employment rose by 235,000 in August, the Labor Department reports. Though the news was favorable, the labor market’s improvement last month was well below the year-to-date average of 586,000. The unemployment rate dropped 0.2 percentage points to 5.2% as hiring conditions for sectors unconnected to the leisure and hospitality industries improved. The Consumer Price Index for All Urban Consumers increased 0.3% in August on a seasonally adjusted basis after rising 0.5% in July, the Labor Department reported. Over the last 12 months, the all-items index increased 5.3% before seasonal adjustment. Core inflation, excluding food and energy, edged up only 0.1% last month.
The S&P 500 posted a 3.0% gain in August, a seven-month winning streak. The CBOE VIX “fear gauge” dropped as a result, closing 9.6% lower at 16.48, suggesting broadening confidence in equity markets.
In Europe, Amsterdam’s Euronext 100, Frankfurt’s DAX and London’s FTSE 100 rose 2.2%, 1.9% and 1.2% respectively, in August. In Asia, Shanghai’s SSE Composite and Tokyo’s Nikkei 225 were up 4.3% and 3.0% respectively, while Hong Kong’s Hang Seng dropped 0.3%.
The Federal Reserve had signaled it would soon begin reversing its easy-money policies months ago, but that was before an inflation surge and the emergence of the coronavirus’s delta variant. Still, Fed Chair Jay Powell reiterated the plan at the recent Jackson Hole meeting of central bankers, held virtually this year. His comments are credited with propelling the U.S. stock market into record territory.
COMMODITIES AND CURRENCIES
Oil prices reversed course in August, with West Texas Intermediate crude dipping 7.4% to end the month at $68.50 per barrel. Meantime, inflation hedge gold ticked up 0.3%, to end the month at $1,818.10 per ounce.
The dollar rebounded across the board for the second month in a row, reclaiming 0.5% against the euro, 1.1% against the pound, and 0.3% against the yen.
Cryptocurrency continued its upward march, with Bitcoin rising 14.5%, to end August at $47,321.50.