As we live more of our lives – and do more of our business – online, the threat of cyberattacks and real harm escalates.

Recent news headlines highlight this disturbing trend: New Gmail Cyber Attack—Encryption Key Crypto Hackers Strike (Forbes), Cybersecurity Exec Sounds Alarm About PayPal “No-Phish” Phishing Scam (PaymentsJournal), Hacking at UnitedHealth unit cripples a swath of the U.S. health system (CBS News), Healthcare providers hit by frozen payments in ransomware outage (Reuters).

Numbers more fully illustrate the breadth of the issue: According to Steve Morgan, the founder of Cybersecurity Ventures and editor-in-chief at Cybercrime Magazine, “If it were measured as a country, then cybercrime would be the world’s third-largest economy after the U.S. and China.” Morgan expects global cybercrime damage costs to reach $10.5 trillion this year (up from $3 trillion in 2015). Included in that figure is the estimate that ransomware will cost its victims $265 billion (USD) annually by 2031.

While these instances and numbers may seem overwhelming, there are proactive steps individuals can take to protect their online life.

———-

On Feb. 27, Comprehensive Wealth Management (CWM) will host a free webinar with Tim Villano, President and CIO of Artemis Global Security, to review current best practices in personal cybersecurity, with a special focus on financial and investment accounts. Attendees will learn simple, actionable steps and preventive measures to safeguard their online lives and finances. Click here for more information, and to register.

———-

8 ways to stay safe

The Cybersecurity & Infrastructure Security Agency (CISA) implemented a Shields Up initiative as a response to the Russian invasion of Ukraine in an effort to counteract state-sponsored hacking attempts. As part of this initiative, CISA also encourages implementation of some of the following steps for individuals and families:

1. Implement multi-factor authentication (MFA) on your accounts (including email, smartphone apps, and social media sites)
Multi-factor authentication requires the user to provide two or more verification factors to gain access to a website, app, or software. MFA can be a confirming text message or e-mail, a code sent to an authentication app, a fingerprint or facial recognition, or a FIDO passkey.

2. Update your software
Be sure to check your devices (smartphones, tablets, computers) for updates, as well as applications and web browsers (like Chrome, Mozilla, Edge). When available, turn on automatic updates so you don’t have to think about it.

3. Think before you click
According to CISA, more than 90% of successful cyberattacks begin with a phishing e-mail. Rather than clicking on a link in an e-mail, the best practice is to navigate directly to the website the e-mail wants you to access.

4. Use strong passwords
Depending on the length and complexity of your password, it can take a hacker anywhere from a few seconds to 26 trillion years to crack it. The best course of action is to use a password manager to generate and store unique passwords.

5. Watch out for common scams via phone, text messaging, or email
Threat actors, scammers and hackers search out the weakest link in the line of cyber defenses. Often, the weakest link is you. Here are some common email and phone scams that bad actors employ to catch you unawares and undermine your defenses.

– Tech support. Someone claiming to be from your internet service provider calls or e-mails you to offer tech support. Do not provide information or download anything. When in doubt, don’t answer the phone or just hang up.

– Browser pop-ups. If a website displays a pop-up alerting you that your computer is infected and to call a number or click to resolve the issue, simply close out of the window by hitting the “x” button. Don’t engage or click, which can actually download a virus or malware. If you do happen to click, shut your computer down as quickly as possible and unplug from the wall, then reach out to an IT resource to troubleshoot next steps.

– Billing. You may receive an email or phone call alerting you that a subscription has been renewed and you need to call or click to cancel. If it is a service you know you are subscribed to, navigate to the webpage directly and log in to make changes. If it is a subscription or service you don’t recognize, just delete the message.

– Fright. Another tactic bad actors use is attempting to convince you that your computer has been taken over and that you need to engage with them to get it back. Don’t believe it. Do not engage or click on any links. Turn off and unplug your computer and immediately contact IT support.

– Shipping. You may receive a text or email saying something like “There’s a delivery issue, click here to correct it.” Your best course of action is to log in to the website you are expecting a delivery from and check the status of your order there.

– Free gift! As the saying goes, if it seems too good to be true, it probably is. Your cell phone or cable provider is not likely to send you an e-card or gift card simply because you paid your bill. Don’t click or engage – just delete the message.

– Long lost friend. Beware of outreach from unidentified phone numbers. The scammer could be trying to confirm your identity or that your number is in service. In this situation, it is best to ignore the text message and delete it.

6. Be savvy on social media
Scammers will try to take advantage of your presence (or lack thereof) on social media sites. Ignore or block messages from users you don’t know, use multi-factor authentication, and deactivate or delete old accounts.

7. Be aware of the internet of things (IoT)
As the use of smart devices increases in our homes, it’s best to understand their vulnerabilities. IoT devices can act as a point of entry for a cybercriminal to access your entire network. To protect your home network, take these initial steps:

– Change the default username and password that comes with each device
– Utilize multi-factor authentication on the device
– Update software and firmware on a regular basis
– Ask for help – or avoid these devices altogether if you are unsure how to change the default username and password or set up multi-factor authentication

8. Understand artificial intelligence concerns
Federal agencies warn that incredible advances in AI are going to be exploited by cybercriminals. The very same AI technology that is used to help us be more efficient and productive in our day-to-day lives is also being used to create deepfake threats that can impersonate people with growing proficiency. The best recommendation is to safeguard your image and your voice:

– Don’t answer calls from unknown numbers. Microsoft’s VALL-E voice cloning software only needs three seconds of a speaker’s voice to recreate a passable clone.
– Be conscious of the images and videos you share online.

CWM is here as a resource

Learn more about CWM and make an appointment to discuss your individual situation at www.CWMnw.com.

Shilo Lockett, President

Comprehensive Wealth Management
3500 188th St. S.W., Suite 102
Lynnwood, WA 98037

Phone:  425-778-6160
800-268-2440

Make an appointment

Comprehensive Wealth Management, LLC (CWM) is an SEC registered Investment Advisor and Pacific Northwest wealth management firm that partners with clients to articulate and help achieve their financial goals as prudently as possible. Our high-touch, client-focused investment planning and implementation makes us the first call for executives, business owners, and other thoughtful investors to help strengthen their financial health holistically and intentionally, managing risk while pursuing long-term gains.