Hacking. Ransomware. Phishing. It’s a scary time for all of us, especially now that most of our money is digital. “Digital” here refers to money and assets that are reflected in your various banking and investment platforms when you login.
Digital security is not something you can ignore anymore. Imagine logging in one day and finding that your account balance is zero, depleted, transferred out.
After staring at the stare at the screen in disbelief, you’ll check if the account is indeed yours, and try to remember if you made any transactions that you forgot about (you didn’t).
Then, as the panic seeps in, you’ll contact the platform’s support team, only to be told there’s nothing they can do. So here’s a checklist to ensure your digital money is adequately protected.
Checklist #1 – Emails
Emails can be weak links; once infiltrated, the hacker can look through and find sensitive information, which will then be used to hack your banking and investment platforms. You don’t want that to happen.
Do the following:
- Check if your emails have been compromised by data breaches. Go to HaveIBeenPwned and type in your email addresses. If your emails were compromised, change the passwords immediately.
- Delete and unsubscribe from all accounts you no longer want, even for entertainment and shopping websites. Go to unroll.me to quickly unsubscribe from email listings.
- Use a damn strong password and a different one for each account. If you have not used a password manager, it’s time you did. It’ll keep your passwords and help generate strong ones. There are many free and paid options.
- Be on high alert for phishing attempts. These are official-looking emails that imitate legitimate platforms (like Paypal, for example) and ask you to access your account via their link. Scammers use it to collect your login details.
Checklist #2 – Banking and investment accounts
These should have multiple layers of security. Ideally, if someone manages to get access to these accounts, there should be measures in place to stop them from transferring out money, or at least inform you about it.
For Maybank for example, they use TAC (a six-digit code sent to your phones). Some platforms also have other measures like mandatory email confirmations before completing a transfer and 2FA (two-factor authentication).
Do the following:
- Https, always. Always check. It takes you two seconds.
- The spelling of the website matters. If it’s Mabank instead of Maybank (example), it could be an imitation site designed to steal your login details.
- Never keep your passwords or PIN in writing. Not in notebooks, not in emails, not anywhere. Remember them. Some services will give you on-request PINs via emails – delete them after using.
- Use 2FA whenever possible. Two-factor authentication is similar to TAC numbers. You can activate it for some websites and emails as well. Authy comes highly recommended.
- Use VPN if you can. It gives your browsing extra anonymity and protection. Highly recommended if you use a lot of public WiFi, like in Starbucks.
- Again, use damn strong passwords. Use password generators and password managers.
Checklist #3 – Computers and gadgets
Do the following:
- Update to the latest software and security patches, especially if you use the Windows platform. Outdated ones might not protect you against newer, more sophisticated hacking attempts.
- Use Mac/Apple products if you can afford it. The reasoning is simple – the majority of the population uses the Windows platform, so there are more attempts there. Mac/Apple products won’t protect you per se, but will reduce the chances of getting hacked.
- Back up your data often. Use Google Drive or other cloud storage to hold important documents you don’t want to lose. Alternatively, keep data in external hard disks. If you are hacked, at least you will not be forced to pay the hackers to get back your data.
- Perform anti-virus cleanups often. To delete malware and viruses.
- Cover your gadget’s cameras when not in use. There are instances when users’ gadgets were hacked and they were recorded in compromising situations, after which they were blackmailed. Even smart gadgets like a TV can be hacked.
Checklist #4 – Yourself
Because human errors occur and no amount of advanced digital security knowledge can protect against it, except extreme vigilance and preventive measures.
This checklist is important, because if it’s your error, the authorities can’t do a thing about it. It will be hard, if not impossible to recover your money.
Do the following:
- Don’t make enemies. No matter how much you protect yourself, if a hacker is determined to target you, he will.
- Be extra careful of people who ask for sensitive information via the phone. They can pose as bank staff or Bank Negara Malaysia staff or whatever. Listen for cues, say thanks, and tell them you’ll call back through the official line (which you’ll get from the official website, don’t call them back on the same line). If they panic, they’re probably not legit.
- Be skeptical of “do this now or else” type of instructions. Often, the scammers will persuade you to act fast (give them login info, sensitive info, etc) to stop you from double-checking. They will say your account is frozen, or someone is in danger, or whatever.
- Please read up on investment scams. If you can identify and avoid them, you’ll win half the battle.
This article first appeared in ringgitohringgit.com
Suraya is a corporate writer-for-hire and the blogger behind personal finance website Ringgit Oh Ringgit. She is more of a minimalist, less of a consumerist, a konon DIY enthusiast, a let’s-support-small-businesses-over-big-corporations kinda girl. Prior to her current role, she worked in various capacities within the non-profit industry.