Cybersecurity: Everything You Need to Know to Stay Safe Online
31:47 Share

Credit monitoring is like installing an alarm system on your home. You get to learn that someone broke into your house after they've already broken into your house, right? It's an alarm system is not preventative.

Welcome to Stay Wealthy San Diego, a show for successful professionals doing all the right things with their money and are ready to take their financial plan to the next level. I'm certified financial planner, Taylor Schulte, and I'm here to teach you advanced financial planning strategies in plain English. Welcome to the Stay Wealthy podcast. Today on the show, we are talking cybersecurity.

Now, before you turn off this episode, because you don't think cybersecurity applies to you, or doesn't have anything to do with financial planning, or it's not advanced enough, and you already know everything, I just want to challenge you to just hang in there and just give me a chance.

There's some really important stuff and actually some recent changes that apply to just about everyone. So I promise you are going to learn something new here today that will help put you in a better financial position and better yet, protect you from a potential financial disaster because we all spend a lot of time, most of our life these days online. So just stick around. I promise you will learn something new today. Just so you're not left wondering, I'm...

I'm rocking the podcast solo today while John is in Chicago delivering his riveting presentation on bond maturity and bond duration. Some real nerdy stuff, but wildly important when it comes to building and constructing a portfolio. It's really scary how few financial advisors really understand how to manage... Sorry, I'm going to go on a tangent here. Really understand...

how to manage bonds in a globally diversified portfolio. It's a really important piece that just often is just so misunderstood and overlooked. And so I appreciate all the work John's done in that department. And if you're interested in learning more, I'll make sure to link to John's research papers. And I know he was going to videotape his presentation out there. So maybe we can link to that as well.

So today we are talking cybersecurity and we're going to tackle or I'm going to tackle three things you should go and do right now, like tomorrow or better yet yesterday to make sure you and your family are completely protected. And this stuff is not a joke. It is way too important to neglect.

So before we dive into those three really, really important things, let's just quickly talk about the basics, the table stakes, the things that you should already be doing today anyways. And if you're not doing some of these things, these are quick and easy things to go and implement.

So the first one would be two-factor authentication. This is when you go to sign into your email or bank account and it says, we're going to text you this six-digit number and you need to plug that six-digit number in to finish your login. That's two-factor authentication. Not only are they asking for your username and password, but they're also asking you to verify in a second way by sending this code to your phone. So

Two-factor authentication is a complete no-brainer. Most websites these days offer it. So if you notice that you quickly log into an important website and you don't have two-factor set up, just go in the back end and set that up. I know it's a little annoying. You get that text on your phone. I know it takes a little extra time, but it is so, so important, especially for your online financial accounts.

Another just kind of basic table stakes, using a VPN, a virtual private network. It kind of blows my mind how few people use a VPN. And so many of us use our laptops or phones on public Wi-Fi at the airport or Starbucks or wherever it might be. These public Wi-Fi's make you really, really vulnerable. And it's super easy to download a VPN, a virtual private network.

It's an app that you just download to your computer or your phone. Some smartphones actually have them built in. You just have to go into the phone settings and say, turn on my VPN.

And that way you're completely anonymous when you're using the internet and people don't know where you are. And you might be in San Diego on your laptop, but your virtual private network makes it look like you're up in Washington or something. So it puts you in different locations and really confuses people who are trying to tap into what you're doing. So again, it's super easy. Sometimes you can get these things for free, but low cost, easy to implement and just a no brainer.

The next kind of basic table stakes I would say is, I know this sounds really silly and maybe everyone already knows this, but watching out for these phony emails.

And people are getting really, really clever these days. And they're just changing one little letter. And it might look like it came from Taylor at staywealthypodcast.com. But maybe the wealthy, maybe it has two Ys instead of one Y. And you just quickly look at it and you just don't catch that. So it looks like it's an email from me and you know me and trust me. So you respond to it. But it's actually not me. Someone just

changed one letter in the domain name and they know enough about me to pretend to be me. So those phishing attempts are really, really, really common, especially with older people when it looks so similar. So keep an eye out for just that one little letter that could be off if something looks fishy to you.

We actually, unfortunately, recently had a client who her email, her actual email box got hacked into. And somebody just went through hundreds of emails and learned everything about her and her life. And then just started emailing people pretending to be her. And we happened to be one of those people that this person emailed and this hacker requested a withdrawal. And we're trained to catch this stuff. And there's little things that we're trained to look out for.

And we caught it pretty quickly knowing that it wasn't the client. And we shut it down really quickly. But the client felt violated. One time I had my car broken into and you just felt just personal stuff just violated by someone else. And she was really shooken up by it. And it was a really sad thing to watch her go through it. And we've told the story to a few people and it's been really impactful and motivating for people to start to

you know, take this stuff seriously because it does happen. So even if it is an email address from somebody that you know, if it's just kind of a weird request and something that just kind of comes out of left field and you're like, this just doesn't quite sound like this person, pick up the phone. That's the easiest way to do it. We always pick up the phone. So if we get kind of an off the wall, kind of random requests, we just pick up the phone. We don't even think about responding. So you can always just call the person and verify. Did you actually send me that email? Yeah.

Let's see. Oh, official sounding emails. So it can be something like this is one that we got recently from DocuSign or what appeared to be DocuSign. It was an email that came from DocuSign at...

vsimportservices.com. So if you didn't look closely and you just saw DocuSign in the email, you might think, oh, this is an email from DocuSign. I use DocuSign and I can trust them. I know it sounds really silly, but sometimes you're just going to town at work or at home and the kids are there and you just don't quite look at the whole thing. And so that's a

really easy way people are getting through. So it could be anything. It could even be, I've seen from Wells Fargo, this email that's, you know, comes from Wells Fargo at, um,

unrelated thing.com, whatever domain they're using. And then inside the email, the branding looks like it's Wells Fargo. They've got Wells Fargo's information on there. It looks really legit. And they're wanting you to click this button and provide your login information. You have to be really, really careful. Make sure that that email address is actually coming from Wells Fargo. And when in doubt,

Pick up the phone, call Wells Fargo or whatever bank, go into the branch. Wells Fargo is a terrible example here. I don't know if anybody's a client there anymore. But you get what I'm saying. It is really common. Which leads me to my next one, which is if someone does call you requesting personal information over the phone, a really quick and easy way to make sure you're not getting scammed, let's just say...

the social security office is calling you and requesting some personal information, just tell, or your credit card company, just simply say, you know what, I'm going to hang up my phone and I'm going to look up your phone number and call you back. So if your Visa credit card company calls, you just tell the representative, thanks for calling. I'm going to hang up and I'm actually going to look up Visa's phone number and I'm going to call you guys back just to verify this is legit.

And if it's legit, they always respect that you say that. And they say, yep, perfect. Sounds good. So hang up, Google, whatever you need to do, look up Visa's phone number and then call the 800 number back and talk to them about whatever they need to talk to you about.

but a really easy way to avoid a scam. If you can't figure it out yet, I mean, one of the easy ways to avoid a lot of this is just pick up the phone. We get so used to responding to emails and texts. That's a really easy way to get trapped. So pick up the phone. Lastly, do not, please, please, please, please do not email secure information to anybody that

Don't email account numbers. Don't email, I know you know this, don't email social security numbers. Don't email bank account statements. Don't email tax returns. If you need to get this information to somebody because they're requesting it, like your financial planner or your CPA,

upload it to a secure server. We use Citrix share file. Clients have a link. They can securely upload all this information to us. It's encrypted. Nobody's getting their hands on this stuff. So ask your financial planner or tax advisor or attorney, whoever it is you're working with. If they request these documents, ask them to provide you a secure upload link for you to upload this stuff to.

You can always fall back on just traditional snail mail, or I don't even know if people use fax machines anymore. I can't even speak to how secure a fax machine is, but whatever you're comfortable with, just don't use your Gmail email address to go and send information like this, because even an account number can put you at risk. So, all right, those are the table stakes. Those are the things that you should be doing anyways. If you're not doing any of those things, do them.

inject them into your daily life. Just remember, pick up the phone, do these little things, use a VPN, sign up for two factor authentication, just get those basics done. And yeah, let's, let's move on to the three things that I want you to go and do right now, tomorrow, make sure these things are implemented for you and your family. Cause this is what's going to really, really, really protect you online and make sure you're safe.

The first one is, and I have to say this and I'll explain why this is number one. It is pretty basic, but I'll explain why. The first one is to go sign up for credit monitoring through somebody. I personally use Credit Karma. So it's completely free, but this is step number one before you do anything else. And I'll explain why.

Sign up for free credit monitoring through Credit Karma. And this is different than just checking your credit score or getting that free annual report that you're entitled to. That's great and everything, but it doesn't accomplish the same thing. So sign up for a free credit monitoring service. Again, I'm happy with Credit Karma, but there are others out there. Don't pay for it. Don't pay for credit monitoring services.

But it does allow you to view your credit score. So you get to see your credit score in real time. But it also monitors your credit and it lets you know if your score changes, if it goes up or down. It allows you to review accounts that are open in your name. So if you see some weird account or credit card or loan or something like that,

That's not mine. It'll give you visibility into that. But the trick is, like I said, this is the first thing you need to do because once you do step number two, you can't go and sign up for credit monitoring. So if you are comfortable with credit monitoring and you're okay signing up for it, just make sure you do that first.

And I'm going to explain why right now. The second big thing, and we're going to spend a little time here because it's so important. The second big thing you need to go and do after you've signed up for free credit monitoring is to freeze your credit. So we're going to talk a lot about this because there's a lot of unknowns and misconceptions here.

But once you freeze your credit, you can't sign up for credit monitoring because your credit's frozen. So you'll have to go and unfreeze your credit in order to sign up for credit monitoring. So now you know why I'm saying to do that first. Sign up for credit monitoring, get that going, and then freeze your credit. If your credit's already frozen and you don't have credit monitoring in place, then unfreeze your credit, go sign up, and then go and freeze your credit again.

So there's some really great news that came out recently. And maybe you saw in the headlines about freezing your credit. It used to cost upwards of $10 in some states every time you needed to freeze or unfreeze your credit. So a lot of people were left really vulnerable because they just didn't feel like paying the $10 every single time, or maybe they couldn't pay the $10 every time. But now it's

It's absolutely free as of last month for all three credit bureaus.

The new law that came out also requires these credit bureaus to allow parents to create and freeze credit files for their children under 16. So this is big. Older adults are not the only victims of identity theft. Younger people can be targets as well. So now you can freeze credit files for younger children as well, which is really cool.

So a few things on credit freezes. Clark Howard, a guy we like to follow closely, likes to say that credit monitoring is like installing an alarm system on your home. You get to learn that someone broke into your house after they've already broken into your house, right? An alarm system is not preventative. It's great. It alerts you that someone has now broken into your house, but it doesn't prevent someone from breaking into your house.

So it's good to have and credit monitoring is good to have. But a credit freeze, the analogy is it's like putting a huge unbreakable lock on your front door. So it's preventative. It's preventing people from entering your home or in talking about credit freezes, you're preventing people from impersonating you.

It's one of the easiest ways to protect yourself against identity theft. If your credit is frozen, people can't steal your identity. When we say that out loud to people, one of the common misconceptions or one of the first questions we get is,

well, if I freeze my credit, then I can't use my credit cards. And that's not true. If you need to sign up for a new credit card, or you need to get an auto loan or a home loan or any sort of loan whatsoever, or any situation where someone has to pull your credit, you've all been in that situation where they have you fill out a form, they say, we need to pull your credit. If you're ever in a situation like that, just know that you're going to have to unfreeze your credit

before that person can pull your credit. So you can use your credit cards all day long. All of your existing loans are just fine. It's just when you go apply for a new credit card or a new loan, this is the burden. And this is why some people don't end up signing up because like, I don't want to unfreeze my credit

every time. But really, how often are you applying for loans? How often are you buying cars? This stuff is every few years or five years or 10 years. So it's a small price to pay to make sure you and your family are protected. So

Freezing your credit just prevents somebody from pretending that they're you and going and opening up this auto loan in your name or opening up credit cards in your name. I don't even know what else these people could possibly do once they start to impersonate you, but I know it can get scarier from there. So,

So here's the thing. There's only one way to freeze your credit. And I'm sure... I haven't seen them, but I'm sure there are scams out there. If you Google freeze your credit, I'm sure there's a bunch of scammy websites. But there really is truly only one way to freeze your credit. And that is you have to do it directly with all three reporting agencies to be fully protected. So you have to go and do it with each company, each website, the three agencies.

agencies are Equifax, TransUnion, and Experian. And you'll have to go to each of those websites individually in order to freeze your credit with each one. You don't want to just do one of them or two of them. You need to do it with all three. And again, the nice thing is now it's all free. So you don't have to worry about the cost of freezing and unfreezing. But

But that's the only way to do it. Don't let some website or some person suck you into it and tell you that there's another way. That is the only way. Something else interesting that I learned in preparing for the show is the US Public Interest Research Group recommended freezing your file at this lesser known reporting agency called the National Consumer Telecom and Utilities Exchange.

Big word, but that exchange provides credit information to cell phone companies, television companies, utility companies. Here in San Diego, we have SDG&E, so I'm assuming they're maybe part of that. So that's the National Consumer Telecom and Utilities Exchange. And I guess some consumers have reported that they've had

Cell phone accounts opened up in their names. They've had utility accounts open up in their names, television plans. So if you want to be ultra, ultra conservative and safe, sign up for the big three, Equifax, TransUnion, and Experian, and then sign up for this fourth one, the National Consumer Telecom and Utilities Exchange.

Another couple of things on credit freezes, and then we'll move on. I want to be clear that a credit freeze will not protect you from other types of fraud, like someone using the number of a credit card you already have. So if someone steals your credit card number that already exists, a credit freeze isn't going to protect you against that. They have your credit card number and they're going to use it.

So one way to prevent that from happening is to check your credit card statements regularly. Make sure that all the charges are yours. As most people know by now, if there's a charge that's not yours, you can call your credit card company. And I've never heard of a situation, unless you're lying, where the credit card company didn't reimburse you for that.

charge. So monitor your credit card statements closely, which you should be doing anyways, if you're budgeting and tracking your cash flow. Our most successful clients monitor every single charge to the T. It doesn't matter if it's a $9 charge to Netflix or

or $1,000 a month to a wine club. They know where all their money is going. So check your credit card statements to prevent against that type of fraud. The other big one that a credit freeze will not protect you against is impersonating you online to claim your social security benefits.

So the best and kind of the only way to make sure that's not happening is to set up an online social security account. And this is something that not a lot of people know about, actually. You can register online to view your social security statements and get all your social security information. It doesn't matter if you're 40 years old or 85 years old. If you're working and paying into social security, you can go register and sign up for an online account.

And this will prevent somebody else... Once you go online and register and claim your social security account online, it will prevent criminals, other people from opening one first and impersonating you and then at some point diverting your benefit checks if you're at that point. So...

Those are a couple types of fraud that a credit freeze isn't going to protect you against. So keep those in mind as well. Lastly,

When you freeze your credit with these different agencies, each agency is going to give you this secure pin and that pin is going to allow you to unfreeze your credit. So when you go apply for that home loan, you'll have that secure pin to go and unfreeze your credit. Again, you're going to have to do it with each agency. So a little bit of a pain, but you'll use that pin to unfreeze your credit at each place.

So my last little note is make sure you put that PIN number in a really secure place. If someone gets access to that PIN number, well, then they can unfreeze your credit and you have a giant hole in your cybersecurity plan here. So put that PIN number in a really secure place.

Which leads me to the third thing I want you to go and do to protect yourself, which is get a password manager. Like right now, go and pick one out and download it and adopt it.

pin number that you're going to get from those credit reporting agencies, that's going to go into your password manager along with every other password that you have in your life. I just checked my password manager the other day and I have over 500 usernames and passwords stored in there. It's crazy how many passwords we have these days. I know 500 passwords sounds like so

so many, but you'd be really surprised once you add up all these things for work and personal, we have a lot of information that's out there. So a password manager is a super secure encrypted application that lives on your computer and also lives on your smartphone. And this application stores, like I was getting at,

all of your usernames and passwords for all the websites that you visit. You know, the Internet Explorer or Google Chrome or Apple Keychain thing where they ask you, hey, do you want us to remember this password for you? So next time you log in, you don't have to remember it. It's the same concept as that, but it's just more secure. The security is just taken to a whole nother level. So everything, all of the most important information in your life is going to go into this password manager.

You can install the extension on your phone and computer. It will help you sign into all your websites throughout the day. So you don't have to remember any of your passwords. Because you don't have to remember any of your passwords, it allows you to choose more complicated passwords that you wouldn't normally remember. So a mix of numbers and symbols and uppercase and lowercase, you can have this super complex password that nobody's going to ever guess because you don't have to remember it. The password manager is going to archive it and remember it.

So you never have to remember another password again. For me, I just fly through my day, whether I'm on my phone or on my computer, I just fly through the day. I fly through every website with my password manager going in the background.

The other cool thing is it gives you a security score. So once you've got the majority of your passwords in there, it'll say, okay, you've got this password in particular that's used 50 times. You're using the same password of 50 different websites. You're at risk. Why don't you use us to help you change some of these passwords? So they will actually, the password manager integrates with a lot of these websites and it will help you automatically start to change some of your passwords and start to mix things up a little bit.

The other neat thing is it will help you create complicated passwords. So I don't know how to create a complicated password. So I just use the password generator. I hit refresh and it gives me this nice, long, super complex password. And then we use that for whatever we're registering for.

Some of these password managers also have, I mentioned in the beginning, table stakes, a virtual private network or a VPN. Some of these password managers have a VPN built into it. And so you get it right then and there, and you can just say, turn my VPN on and it's all in the same app. So I know we all use a lot of technology and if we can start to consolidate it, that's a huge benefit. So my password manager and my VPN are all one thing.

In addition to usernames and passwords, I put social security numbers for all of my family members, our copies of passports and passport numbers, driver's licenses. All of my credit card info is in there. All of our addresses, home, business. I've got secure notes in there for just certain things in my life, telling me where to go and what to do if something were to happen.

Everything is in there. My entire life is in this password manager. And this password manager is protected by one long, complex password called a master password. So you have to have this master password in order to gain access to all this information. So number one, this master password needs to be really long and complex so that nobody could ever guess it. And number two, you can never forget it.

So you know those credit card company, you forgot your password and there's a little button there that says, forgot your password? Click this button. You cannot do that with a password manager because they're not storing your password anywhere. And this is one of the security measures involved here. If you forget your master password, you lose everything. You lose all of your data. There's no way for you to ever get access to it. So the master password is the

key into all of this information. Now, I'm not going to go into the encryption levels and why this thing is so secure, but that's very, very highly reviewed by people much smarter than me in this arena. And so I trust them and their reviews. If it's something you're not comfortable with and you prefer pen and paper, by all means, go for it. But I'm just speaking for myself here.

One of my favorite alternative uses for these password managers, in addition to just protecting everything and making sure you stay safe online, is using it as an estate planning tool. In the past, if a family member passed away...

you would check their mailbox for all of their statements to know what financial institutions they were using, where their bank accounts were, their investment accounts. All of that would just come through the mail. So you would just start to go through their mail and collect their mail. Well, now today, most everything lives online. So if a family member passes away or you pass away unexpectedly, somebody needs to know where all of your stuff is.

And so you can add a trusted person to your password manager. And that trusted person can only gain access if you were to pass away. And all of your information is in there. So they can access all of your bank accounts, investment accounts, everything in that password manager. So it's a fantastic estate planning tool. If somebody in your family passes away, the last thing you want to do is

you know, sit around and trying to figure out where all this stuff is. You know, it's a really traumatic time. You're mourning, you've had a loss, you know, make this stuff really easy, make it easy for other people. If it, God forbid, it was you that, that passed, make it easy for the other people.

The last thing I'll mention is you can create groups in these password managers. So you can share if you've got a handful of passwords that you need to share with your spouse or a coworker or an employee or somebody, you can create different groups and there's some sharing capabilities in there as well. So sometimes my wife will text me and say, Hey, can you send me the password for Costco? Or

Well, I'm not going to text her my password or email her my password. We just talked about all this cybersecurity stuff. So what I'll tell her is I'll say, hey, I'll share it with you in Dashlane. So she's got her, sorry, we use Dashlane for our password manager. I was going to mention that in a second, but I'll say I'll share it with you in Dashlane. She's got her own Dashlane set up on her phone and her computer. So she'll get the shared password when I share it.

But yes, the name of the password manager that I use is called Dashlane. The other big one that's out there is called LastPass. They seem to do just about the same thing. I've never used LastPass. I can't speak for it. Dashlane was one of the early ones that was just kind of rose to the top pretty quickly and was really highly reviewed.

I don't think it matters, but I do use a Mac and I do use an iPhone and it works really well there. So try them both. I don't know. See which one you like better or Google around and see what the recent reviews say.

All right. To recap, the three things that you need to go and do tomorrow or today, tonight, whenever you're listening to this is sign up for free credit monitoring. Don't pay for it. Don't get sucked into LifeLock or anything like that. Go sign up for free credit monitoring. My family and I use Credit Karma.com.

After you do that, go and freeze your credit with all four of those agencies that we spoke about. By the way, you and your spouse and your children all need to do this, right? You all need to freeze your credit. If just one spouse freezes their credit, that doesn't do anything. So everyone go and freeze their credit.

And maybe the other thing I'll mention there is if you're going to apply for a loan here in the next few days or a few weeks or get a credit card, tackle that stuff first before you go and freeze your credit. It'll just save you time. So after you freeze your credit, get a password manager and pay for it. It's cheap. It's like 30 bucks a year. Dashlane or LastPass or something else.

adopt it in your family for you and your spouse. And if you have, you know, teenager children that are online, get them set up, get your family plan together, make sure everybody's on the same page, um,

And you should be good to go. If you follow everything that I talked about today, you should be really, really, really well protected. We've written a couple blog posts, surprise, surprise on this topic. And I will link to those in the show notes. So you can go to staywealthysandiego.com slash podcast and...

review the show notes there. So I hope I didn't bore you to death and put you to sleep. Just me talking here. Hopefully you got some really good information. I know when John hears this, he's going to be really bummed that I talked about one of his favorite topics without him. But with the recent news on credit freezes, I just wanted to get this out there and make sure everybody was up

to speed. Thank you. Thank you all for listening. We really appreciate all the support and feedback. We're making changes to this podcast every single day. Thanks to you guys. And so keep listening, keep sharing, and don't hesitate to reach out if you have any ideas for us. All right. We will see you again in two weeks. See you guys.

This podcast is for informational and entertainment purposes only and should not be relied upon as a basis for investment decisions. This podcast is not engaged in rendering legal, financial, or other professional services. ♪