By Michael "Drew" Tyler, CFA | May 2025
Here are ten practical steps every client should take to reduce the risk of financial fraud and cybercrime:
1. Never reuse passwords across multiple accounts.
It might seem like a small detail, but password reuse is one of the most common mistakes people make. If one account is breached, all other accounts using the same credentials are at risk. Each of your accounts should have a unique password that is at least 12 characters long and includes a mix of numbers, symbols, and uppercase and lowercase letters.
2. Use a password manager.
Password managers like 1Password, Bitwarden, LastPass, and the built-in managers from Apple, Google, and Microsoft can help you securely generate and store complex passwords. They encrypt your data, making it much harder for hackers to access.
3. Enable multi-factor authentication (MFA).
MFA (also called two-factor authentication or 2FA) adds an extra layer of protection. Even if someone gets your password, they won’t be able to access your accounts without a secondary verification method—usually a code sent to your phone or generated via an app like Authy, Microsoft Authenticator, or Google Authenticator.
4. Change your passwords regularly.
While it can be inconvenient, updating your passwords every 6–12 months helps protect you if a company suffers a data breach and doesn’t notify users in time. If using a password manager, this process becomes much easier.
5. Be on guard against social engineering.
Scammers often pose as your financial advisor, bank, or another trusted institution to trick you into giving up sensitive information. Never provide personal details over the phone or email unless you initiated the contact. If you receive a suspicious call or message, hang up and call back using an official number from a verified source.
6. Don’t click on suspicious links.
Always inspect email addresses carefully and be cautious with unexpected attachments or links. Even emails that look legitimate can be spoofed. Clicking a malicious link can download malware or lead to phishing sites that steal your credentials.
7. Freeze your credit.
Due to the increasing number of large-scale data breaches, there’s a good chance your Social Security number and other sensitive data are already exposed. Freezing your credit with Experian, Equifax, and TransUnion is free and helps prevent fraudsters from opening accounts in your name.
8. Avoid accessing sensitive accounts on public Wi-Fi.
Public Wi-Fi networks are often unencrypted, making it easy for hackers to intercept your data. If you must use public Wi-Fi, always use a secure Virtual Private Network (VPN) to protect your connection.
9. Be cautious when charging your phone in public.
USB charging ports in airports, hotels, and other public places can be tampered with to install malware or steal data—a tactic known as "juice jacking." Use your own charger or carry a USB data blocker for safe charging on the go.
10. Set up real-time alerts on your accounts.
Many banks and brokerage firms allow you to receive text or email alerts for large transactions, login attempts, or suspicious activity. These notifications can help you catch fraudulent activity before significant damage is done.
Cybersecurity Is Part of Financial Planning
If your financial advisor isn’t talking to you about cybersecurity, they’re not truly looking out for your holistic well-being. Protecting your wealth isn’t just about smart investing—it’s also about smart security.
This post is intended for educational purposes only and should not be considered financial advice.