Blog

Don't write passwords down

Writing passwords down on paper is considered insecure for several reasons:

• Physical vulnerability: Paper can be easily lost, stolen, or accidentally discarded. When your passwords are written down, anyone who comes across the paper has immediate access to your accounts, putting your personal and financial information at risk.
• Lack of encryption: Unlike digital password managers, which use strong encryption to protect your login information, written passwords are in plain text. This means that if someone finds your written passwords, they can easily read and use them to access your accounts.
• Unauthorized access: Writing down passwords increases the risk of unauthorized access by friends, family, coworkers, or even strangers who may come across the paper. While you might trust those around you, it's best not to leave your passwords vulnerable to potential misuse.
• No control over exposure: Once your passwords are written down, you lose control over who may see or access them. This can lead to unintended exposure of your passwords, even in situations where you believe they are secure, such as in a locked drawer or a hidden location at home.
• Inefficient management: Writing down passwords on paper makes it difficult to keep them updated and organized. This can lead to using the same password across multiple accounts or not updating your passwords regularly, both of which increase your vulnerability to cyber threats.

For these reasons, it's best to avoid writing passwords down on paper and instead use a secure digital password manager or create strong, memorable passwords that you can remember without needing to write them down.

Use a password manager

Using a password manager like LastPass or 1Password is important for several reasons:

• Secure storage: Password managers securely store your login information, using strong encryption methods to protect your data from unauthorized access. This ensures that even if someone gains access to your password manager's data, they won't be able to read or use your passwords without the master password.
• Unique and complex passwords: Password managers can generate strong, unique passwords for each of your accounts, reducing the risk of your accounts being compromised due to weak or reused passwords. This makes it more difficult for hackers to crack your passwords using brute-force attacks or other methods.
• Easy organization: A password manager helps you keep your passwords organized and easily accessible. This eliminates the need to remember multiple passwords or resort to insecure methods like writing them down or using the same password for multiple accounts.
• Auto-fill feature: Password managers often include an auto-fill feature that automatically enters your login information for websites and apps, reducing the risk of typing errors or falling for phishing attacks. This also saves time and makes logging in more convenient.
• Cross-platform synchronization: Many password managers, like LastPass, offer cross-platform synchronization, allowing you to access your passwords across multiple devices, such as your smartphone, tablet, and computer. This ensures that you always have your passwords with you, even if you're away from your primary device.
• Password audit and updates: Password managers can help you identify weak or reused passwords and prompt you to update them. This encourages better password hygiene and ensures that you maintain strong, unique passwords for all your accounts.
• Two-factor authentication: Many password managers support two-factor authentication (2FA) for added security. By requiring an additional form of verification, such as a text message or a biometric input, 2FA makes it harder for attackers to gain unauthorized access to your password manager, even if they obtain your master password.

Using a password manager like is essential for maintaining secure, unique, and complex passwords for each of your accounts. It simplifies password management, enhances security, and reduces the risk of unauthorized access to your personal and financial information. It also helps you organize your financial life.

Change your passwords on a regular basis (and use strong passwords)

Changing your passwords on a regular basis is important for maintaining the security of your online accounts and protecting your personal information. One reason for this is that it helps minimize the potential damage caused by data breaches. If a website or service you use experiences a breach and your password is compromised, changing it regularly can limit the amount of time an attacker has access to your account.

Additionally, cybercriminals often use automated tools to attempt to crack passwords through brute-force attacks or by exploiting known data leaks. Regularly updating your passwords makes it more challenging for attackers to gain unauthorized access to your accounts, as they must continually adapt to new and potentially more complex passwords.

Updating your passwords also helps to counter the threat of password reuse. Many people tend to use the same password across multiple accounts, which means that if one account is compromised, all other accounts using the same password are also at risk. By changing your passwords regularly and ensuring they are unique for each account, you can mitigate the risks associated with password reuse.

Furthermore, regularly changing passwords can protect you from more targeted attacks, such as those involving social engineering or phishing attempts. In these cases, attackers may try to gather information about you to guess your passwords or trick you into revealing them. Regularly updating your passwords can help keep your accounts secure even if an attacker manages to obtain one of your old passwords.

Also be sure to use strong passwords! Longer is more secure (at least 12-14 characters) and use a random combination of letters, numbers and symbols.

Don't use the same password on multiple sites

When you reuse the same password across different accounts, you create a single point of failure. If one of your accounts gets compromised due to a data breach, hacking, or phishing attack, the attacker can gain access to all other accounts that share the same password. This can lead to a domino effect, where multiple accounts are compromised simultaneously, putting your personal and financial information at risk.

Additionally, cybercriminals often rely on password reuse to simplify their attacks. They may obtain your password from one source, such as a data breach, and then attempt to use that password to access other accounts. By reusing passwords, you make it easier for attackers to target you and exploit your online presence.

To protect your online security, it's essential to use unique and complex passwords for each account. This ensures that even if one account is compromised, the damage is contained, and your other accounts remain secure.

Lock your phone and set it to erase after 10 failed attempts

Locking your phone and setting it to erase after 10 failed attempts is a good idea because it adds an extra layer of security to protect your personal and sensitive information. Our smartphones often contain a wealth of data, including emails, contacts, photos, and access to various accounts such as banking and social media. If your phone is lost or stolen, this information could be accessed by unauthorized individuals, potentially leading to identity theft or other forms of cybercrime.

By locking your phone with a strong passcode, fingerprint, or facial recognition, you make it more difficult for someone to gain unauthorized access to your device. Setting the phone to erase its data after multiple failed attempts further safeguards your information. This feature acts as a deterrent to potential attackers, as they are aware that repeated failed attempts to unlock the device will result in the permanent deletion of its contents.

Set your phone to delete messages after a certain amount of time

Setting your phone to delete messages after a certain amount of time is a good idea because it helps protect your privacy and the sensitive information that may be contained in those messages. Text messages, emails, and chat conversations can include personal details, financial data, or other confidential information that could be exploited if it falls into the wrong hands.

By automatically deleting messages after a predetermined period, you reduce the amount of sensitive information stored on your phone, limiting the potential damage if your device is lost, stolen, or compromised.

Keep credit/debit cards concealed until purchase

When your cards are exposed, there is a risk that someone may observe or capture your card information by looking over your shoulder or using a smartphone or hidden camera to take a picture of your card. Additionally, public places like stores or restaurants may have security cameras that could inadvertently capture your card details.

By keeping your cards concealed until you need to use them, you minimize the chances of unauthorized individuals gaining access to your card information. This practice is particularly important in crowded or unfamiliar environments where you might be more vulnerable to theft or fraud.

Be vigilant for skimmers

Skimming devices are illicit tools used by criminals to steal credit or debit card information by capturing the data stored on the card's magnetic stripe. These devices are often discreetly installed on card readers at ATMs, gas pumps, or point-of-sale terminals, making it difficult for users to detect their presence. By being vigilant for skimmers, you can protect your financial information and minimize the risk of becoming a victim of fraud.

To guard against skimming devices, consider the following tips:

• Inspect the card reader: Before using an ATM or card reader at a gas pump, take a moment to examine it for any unusual attachments, loose parts, or signs of tampering. Skimmers are often designed to blend in with the machine but may be detected if you pay close attention.
• Wiggle the card slot: Gently wiggle the card slot to see if it is securely attached. Skimming devices may be loosely fitted over the original card slot, and any movement could indicate the presence of a skimmer.
• Check for hidden cameras: Be aware of any small cameras or other devices that could be positioned to capture your card information or PIN as you enter it. These cameras may be installed nearby or even within the card reader itself. Shield the keypad with your hand while entering your PIN to prevent unauthorized individuals from viewing your information.
• Use well-lit and busy locations: Whenever possible, choose well-lit, frequently used ATMs or gas pumps. These locations are less likely to be targeted by criminals due to the increased risk of being caught.
• Monitor your accounts: Regularly review your bank and credit card statements for any unauthorized transactions. Early detection of fraud can help minimize the damage and aid in the recovery process.
• Use contactless payment methods: If available, opt for contactless payment methods such as mobile wallets or contactless cards. These technologies provide an additional layer of security and are less susceptible to skimming attacks.

By being vigilant for skimmers and following these precautions, you can protect your financial information from theft and ensure the security of your accounts while using ATMs, gas pumps, and other card readers.

Use a VPN on public networks

Public networks, such as Wi-Fi hotspots in cafes, airports, or hotels, are often unencrypted and insecure, which makes it easier for cybercriminals to intercept your data or conduct man-in-the-middle attacks.

A VPN (Virtual Private Network) encrypts your internet connection, creating a secure tunnel between your device and the VPN server. This prevents unauthorized individuals from eavesdropping on your online activities or stealing sensitive information, such as login credentials, financial data, or personal messages.

Furthermore, a VPN helps protect your privacy by masking your IP address, making it more difficult for third parties, such as websites or advertisers, to track your online activities and build a profile based on your browsing habits.

Some examples of VPNs include:

• Hotspot Shield
• NordVPN
• Surfshark

Buy a shredder and shred all sensitive documents

Documents such as bank statements, credit card bills, tax forms, and medical records often contain confidential information that could be exploited by identity thieves or other malicious individuals if they are not properly disposed of.

Simply throwing these documents in the trash or recycling bin leaves them vulnerable to dumpster diving, a tactic used by criminals to search for valuable information in discarded papers. Shredding sensitive documents effectively destroys the information contained within, making it extremely difficult, if not impossible, for anyone to piece the data back together.

Keep software up to date

keeping your software up to date is important because it helps protect your devices and data from potential cyber threats. Software updates often include security patches that address known vulnerabilities and fix bugs, which could otherwise be exploited by hackers to gain unauthorized access to your system or compromise your data.

Outdated software can leave your devices susceptible to various forms of cyberattacks, such as malware infections, ransomware, or phishing attempts. By regularly updating your software, including your operating system, web browsers, and applications, you ensure that your devices have the latest security enhancements to guard against emerging threats.

Enroll in Identity Theft Protection

Identity theft protection services offer a comprehensive approach to safeguarding your personal and financial information, which can help minimize the risk of unauthorized access and fraud.

Some key benefits of enrolling in identity theft protection include:

• Monitoring: These services actively monitor various sources, such as credit reports, public records, and online databases, to detect suspicious activities or potential signs of identity theft. This proactive approach enables early detection of potential threats and can prevent unauthorized use of your personal information.
• Alerts: Identity theft protection services provide real-time alerts if any suspicious activities are detected, such as new accounts being opened in your name, unauthorized changes to your accounts, or attempts to use your personal information for fraudulent purposes. This helps you stay informed about potential risks and take swift action to mitigate any damage.
• Recovery assistance: In the event that your identity is stolen, identity theft protection services offer assistance in the recovery process. This can include working with financial institutions, credit bureaus, and law enforcement agencies to help restore your identity, resolve fraudulent transactions, and minimize the impact on your credit and finances.
• Insurance: Many identity theft protection services offer insurance coverage that can reimburse you for certain expenses related to identity theft, such as legal fees, lost wages, or costs associated with repairing your credit.

Some examples of identity theft protection services include:

• LifeLock
• Identity Guard
• Aura

Activate 2-step verification on all accounts

Activating 2-step verification (also known as two-factor authentication or 2FA) on all your accounts is important because it adds an extra layer of security to protect your personal information and reduce the risk of unauthorized access.

With 2-step verification enabled, accessing your account requires not only your password but also an additional form of verification, such as a unique code sent to your phone via SMS, an authentication app, or a physical security key. This means that even if an attacker manages to obtain your password, they would still need the second verification factor to gain access to your account, making it much more difficult for them to breach your account's security.

By activating 2-step verification on all your accounts, including email, social media, banking, and other online services, you significantly enhance your account security and protect your personal information from potential threats such as hacking, phishing, or identity theft.

Use a strong password on your computer and set a screensaver lock after 15 minutes

Using a strong password on your computer and setting a screensaver lock after 15 minutes is important for maintaining the security and privacy of your data. These measures help protect your device from unauthorized access, safeguarding the sensitive information stored on it.

A strong password makes it more difficult for cybercriminals to guess or crack your login credentials through brute force or dictionary attacks. It should be a combination of uppercase and lowercase letters, numbers, and special characters, and should not include easily identifiable information, such as your name or birthdate. By using a strong password, you reduce the risk of unauthorized access to your computer and the potential theft or misuse of your personal or financial information.

Setting a screensaver lock to activate after a short period of inactivity, such as 15 minutes, adds another layer of security to your computer. If you step away from your device or forget to log out, the screensaver lock will automatically engage, requiring your password or another form of authentication to regain access. This prevents unauthorized individuals from accessing your computer in your absence and protects your sensitive data from potential breaches.

Turn on disk encryption

Turning on disk encryption on your computer helps secure your information by adding a robust layer of protection to the data stored on your device. Disk encryption works by converting the data on your computer's hard drive into an unreadable format, which can only be accessed and decrypted with the correct encryption key, typically in the form of a password or a cryptographic key.

When your disk is encrypted, it's much more difficult for someone to access your data if your computer is stolen.

Don't send sensitive information over email

You should not send sensitive information over email due to the potential security risks associated with this form of communication. There are several reasons why email may not be the safest option for transmitting confidential data:

• Interception: Emails can be intercepted during transmission by cybercriminals, who may gain unauthorized access to the sensitive information contained within them. This can occur when using unencrypted email services or when connected to an insecure network.
• Lack of encryption: Many email services do not use end-to-end encryption by default, meaning that the contents of your emails can be accessed by third parties, such as email providers or hackers, while in transit or stored on email servers.
• Human error: It is not uncommon for people to accidentally send emails to the wrong recipients or to have their accounts compromised due to weak passwords or phishing attacks. In these cases, sensitive information sent via email could fall into the wrong hands.
• Data retention: Emails are often stored on multiple servers, such as the sender's, recipient's, and email service providers' servers. This increases the likelihood of your sensitive information being accessed by unauthorized individuals or being subject to data breaches.
• Forwarding and sharing: Once an email containing sensitive information is sent, it can be easily forwarded or shared by the recipient, intentionally or unintentionally, increasing the chances of the information being exposed or misused.

To securely send sensitive information, consider using alternative methods that offer better security and privacy protections. These may include encrypted messaging apps, secure file-sharing services, or specialized tools like Sendinc.com, which enable the secure transmission of sensitive data over the internet. By using these methods, you can minimize the risks associated with sending sensitive information over email and better protect your personal and confidential data.

Limit Facebook posts to only be seen by friends

Limiting your Facebook posts to friends-only can reduce your chances of getting hacked by restricting the visibility of your personal information and activities to a smaller, more controlled group of people. When you share posts publicly or with a broader audience, you potentially expose your information to cybercriminals, who could use it for malicious purposes, such as identity theft, social engineering attacks, or phishing attempts.

By keeping your posts visible to friends-only, you minimize the amount of personal information available to potential hackers, making it more difficult for them to target you or exploit your online presence. This also reduces the likelihood of strangers or unauthorized individuals using your posts to gather information about you, your habits, or your social connections.

Review and remove unnecessary access to business pages

As your business evolves, it's possible that employees or collaborators who were once involved may no longer need access to your business pages. By regularly reviewing and updating user permissions, you can minimize the risk of unauthorized access and potential security breaches.

Granting admin access to too many individuals can increase the risk of accidental or intentional misuse of the page, such as unauthorized changes, data leaks, or even the deletion of important content. Furthermore, if any of these individuals' personal accounts are compromised, your business pages may also be at risk.

To maintain a secure online environment for your business, periodically review the list of users with admin access to your business pages and remove those who no longer require it. 

Audit third-party apps accessing your social accounts

Third-party apps often request access to your account information, such as your email address, friend list, or profile data, to provide various services or features. Over time, you may accumulate a list of apps that you no longer use or need, which still have access to your personal information.

Periodically reviewing and revoking access for these apps reduces potential security risks and helps protect your personal data. By granting access only to trustworthy and necessary apps, you minimize the chances of data leaks, unauthorized access, or misuse of your information.

To audit third-party apps accessing your social accounts, navigate to the settings or privacy options of your social media platforms, where you can typically find a list of apps that have been granted access to your account. Carefully review this list and remove permissions for any apps you no longer use or recognize.

By regularly conducting such audits, you maintain control over your personal information, reduce the risk of security breaches, and safeguard your online privacy.

Back up your data

Backing up your data increases your security by providing a safeguard against data loss, corruption, or damage that can result from various threats, such as hardware failure, cyberattacks, accidental deletion, or natural disasters. By regularly creating and maintaining backups of your important files, you ensure that you have a reliable copy of your data that can be easily restored in case of an unexpected event.

A robust backup strategy can help mitigate the impact of security incidents like ransomware attacks, where cybercriminals encrypt your data and demand payment for its release. With a backup in place, you can recover your data without having to pay the ransom, minimizing the potential damage to your personal or business information.

Backing up your data not only increases your security but also provides peace of mind, knowing that your valuable information is protected and can be recovered when needed. To ensure optimal protection, it's recommended to follow the 3-2-1 backup rule: keep three copies of your data, using two different types of storage media, with at least one copy stored offsite or in a secure cloud storage service.

Some examples of cloud backup services include:

• Backblaze
• Carbonite

Clear browser history and cookies regularly

From a security standpoint, it's important to clear your browser history and cookies regularly to protect your privacy, reduce the risk of data breaches, and minimize the potential impact of cyberattacks. Here's why:

• Privacy protection: Your browsing history and cookies can reveal a lot about your online activities, such as the websites you visit, the content you view, and the personal information you enter on web forms. By clearing your browser history and cookies, you prevent unauthorized individuals from accessing this information if they gain access to your device or if you're using a shared computer.
• Reducing tracking: Cookies can be used by websites and advertisers to track your online behavior, build a profile of your interests, and serve targeted ads. Clearing cookies helps disrupt this tracking and reduces the amount of personal information that is collected and shared across the internet.
• Preventing data breaches: If your computer is infected with malware or your account is compromised, the attacker may gain access to your browsing history and cookies, which can contain sensitive information like login credentials, financial data, or personally identifiable information. Regularly clearing your browser history and cookies reduces the amount of data that can be exposed in such incidents.
• Minimizing the impact of cyberattacks: Some cyberattacks, such as cross-site scripting (XSS) or cross-site request forgery (CSRF), can exploit vulnerabilities in your browser or the websites you visit, using stored cookies to gain unauthorized access to your accounts. Clearing your cookies regularly helps mitigate the potential impact of these attacks by removing the data that attackers might use.

Regularly clearing your browser history and cookies is an essential practice for maintaining your online security and privacy. It helps protect your personal information from unauthorized access, reduces tracking, minimizes the risk of data breaches, and lessens the potential impact of cyberattacks.

Be alert for phishing

Phishing is a type of cyber attack that aims to steal sensitive information such as login credentials, credit card numbers, and other personal data. It works by tricking the victim into divulging this information by posing as a trustworthy entity, such as a bank, email provider, or social media platform. Here's how it typically works:

• The attacker sends an email or message that appears to be from a legitimate source, often using a convincing logo, language, or other details to appear genuine.
• The message usually contains a sense of urgency or a call-to-action that prompts the victim to take immediate action, such as clicking on a link, downloading an attachment, or entering personal information on a fake website.
• Once the victim follows the instructions, they are directed to a fake website or page that mimics the real one. The site may ask the victim to enter their username and password or other sensitive information, which is then captured by the attacker.

To protect yourself against phishing, here are some tips to follow:

• Be cautious of unexpected or unsolicited emails and messages, especially if they ask for personal information or request urgent action.
• Verify the source of the message by checking the sender's email address or phone number, or by contacting the organization directly using a trusted source such as their official website or phone number.
• Avoid clicking on links or downloading attachments from suspicious sources. Hover over links to verify their destination before clicking, or use a link scanner tool to check for malicious links.
• Use anti-phishing tools such as web filters, spam blockers, and antivirus software to detect and block phishing attempts.
• Educate yourself about phishing tactics and common scams. Learn to recognize the signs of phishing, such as poor grammar, spelling errors, and fake logos or branding.

By following these tips and being aware of the tactics used by cybercriminals, you can protect yourself against phishing and keep your personal information secure.

Use a budget tracking tool like YNAB

A budget tracking tool, such as You Need a Budget (YNAB), can help you monitor your finances and identify any unusual transactions or signs of fraud. Regularly reviewing your financial activity is an essential step in maintaining personal financial security.

Conclusion

Personal financial security is a crucial aspect of managing your finances in today's digital world. By following these guidelines, you can take proactive steps to protect your sensitive information, minimize the risk of identity theft, and maintain control over your financial well-being. Stay vigilant, stay informed, and stay secure.