Archive for Cybersecurity

Healthy Technology Habits

Cybersecurity, Financial Planning, Yeske Buie Millennial, Yusuf Abugideirion July 16th, 2015No Comments

Written By: Yusuf Abugideiri, CFP®

Identity protection has never been a hotter topic, and it seems as if securing your identity is growing more challenging by the day. Hackers, phishers, and identity thieves continue to find new ways to cause security breaches and infiltrate people’s databases, email and financial accounts. As news of identity theft and security breaches continue to fill the headlines, you may be asking yourself: “What can I do to guard against identity theft? What does Yeske Buie do for me to guard against identity theft?” As we’ve said in this space before, one of the best defenses is a good offense and there are several habits that you can practice to keep your identity safe. We’ve listed a few of those habits below:

  • Review Your Accounts
    • What can you do? Proactively review your accounts on a regular basis and make sure to read your Schwab and other financial account statements each month; once you’ve done so, shred them.
    • What does Yeske Buie do? Yeske Buie monitors all deposits to and withdrawals from all of our Clients’ accounts daily.
  • Keep Your Passwords Safe
    • What can you do? Keep your passwords in a safe location and structure them so that they’re not easy to guess; for tips, check out either of these sites: Tips for Strong, Secure Passwords or Create Strong Passwords.
    • What does Yeske Buie do? All Yeske Buie team members are required to change their passwords periodically to ensure they remain strong and confidential. Additionally, we have policies regarding characters and sequences the password should and should not contain and we never reuse a password that we have used in the past.
  • Follow Healthy Email Protocols
    • What can you do? Read all of your emails carefully, but make sure to be extra cautious before replying to requests that seem out of the ordinary in any way; for more information about preventing phishers from taking advantage of you, see this website: Phishing: Frequently Asked Questions. Also, you should never send personal information to anyone via email without ensuring it is securely protected: when sending information to Yeske Buie, we suggest you use one of these methods.
    • What does Yeske Buie do? Yeske Buie always secures all personal information sent through email including paperwork, questionnaires, and requested statements using ShareFile. With ShareFile, all documents are sent via a secure link that expires after one week and uses a 256-bit encryption. If we receive any personal information that is not protected, we will save the information and then delete the email from our inbox as well as our deleted folder. We will recommend that the sender follow the same process.
  • Practice Responsible Use of Mobile Devices
    • What can you do? Avoid unencrypted public wireless networks at all costs. If the Wi-Fi network does not require login information to access the network, that suggests that anyone, including phishers, can access them as well. We also suggest maintaining a strong password and changing the password at least every six months and reviewing the security settings on the phone to help ensure your data is secure.
    • What does Yeske Buie do? When a Yeske Buie staff member has established access to the company’s systems enabling them to send and receive work-related email messages and conduct other company business on a mobile device, the devices are configured to be wiped clean of all personal information remotely if they are lost or stolen. We also keep these devices locked with a secure password and the device software is always kept current.

With the ocean of information available online, however, you shouldn’t hesitate to call in reinforcements to help safeguard your identity. We recommend using IdentityForce – each team member at YeBu is enrolled in their robust and comprehensive service, and you can subscribe with a discount through Yeske Buie by clicking here. Among a long list of other features, IdentityForce offers daily monitoring of all three of your credit reports, instant notifications when your personal information is being misused, and 24/7 fully-managed restoration services from their Certified Protection Experts.

If you find yourself to be the victim of identity theft or a security breach that could lead to your personal information being misused, we recommend navigating to the Federal Trade Commission’s site for a comprehensive list of what to do next. Additionally, we ask that you notify us immediately so we can ensure your accounts are secured. We place our entire team on high alert regarding all of your accounts as soon as we’re aware of fraudulent activity or receive suspicious communication and we make sure to alert Schwab of the breach immediately – any fraudulent transactions that Schwab processes are 100% reimbursed. It’s a good idea to have Schwab’s fraud investigation hotline – (877) 566-7984 –  handy in the event you’re unable to reach us right away (ex. late in the evening or on a weekend).

While we don’t anticipate this problem fading away anytime soon, we’re confident that using a multifaceted strategy to combat identity theft is the best approach to securing your information. For more on what you can do to protect your identity, feel free to peruse the following articles we’ve written on the topic:

Phishing Season is Here

Cybersecurity, Financial Planningon February 25th, 20152 Comments

Online Fraud ConceptAs if coming to terms with our annual obligations to Uncle Sam isn’t stressful enough, tax time is also prime “phishing” season for scammers and identity thieves.  Phishing is an attempt to fool someone into revealing sensitive personal or corporate information by “masquerading as a trustworthy entity,” according to Wikipedia.  And as Michelle Singletary reported in the Washington Post last week (‘Tis the Season: How to spot a tax scam), phone fraud is one of the fraudsters most favored tactic:

These calls can be frightening, which is why people fall for them. In its annual list of “Dirty Dozen” tax scams, the IRS said threatening and aggressive phone calls by someone impersonating an IRS agent remain in the top spot. Callers often tell people that they will be arrested, deported or subject to other legal actions if they don’t send the money immediately.

Dave has himself received a number of these fraudulent voicemails recently on his home phone and we’ve shared it here for your general edification and amusement: Click to Play the Tax Scam Voicemail.

Singletary, meanwhile, goes on to give some good advice for anyone who receives a similar call:

I’ve instituted a rule to not believe any unsolicited communications from strangers. Caller ID can be manipulated to appear legit. So when I get a call, I tell the person that I’ll independently find a number for the business or agency and call right back. Almost every time, the person hangs up on me. In the few other cases, he or she tries to give me a number. But no, I don’t fall for that. I repeat that I’ll look for the number myself.

The important thing to remember is that, however scary the IRS may seem, they do not make threatening phone calls and do not demand your personal or financial information over the phone.

As always, you should also be cautious about clicking on links in emails purporting to come from the IRS and should never reply with personal or financial information.

Additional Resources

Your Identity: A Force to be Reckoned With

Cybersecurity, Financial Planningon May 2nd, 2014No Comments

Despite the many benefits of technology, it’s clear that there’s a dark side to living in a wired world. A January 2014 report from Pew Research Center’s Internet Project found that 18% of adults with internet exposure have had important personal information stolen; an increase of 7% from the same report in July 2013. Additionally, the recent discovery of the ‘Heartbleed’ bug has many questioning the security of their personal information. However despite the scares,  none of us wants to give up the conveniences that come from managing parts of our life electronically. The key to protecting your identity and personal information is to have as many safeguards in place as possible and to practice good computer “hygiene.”

With a strong desire to keep our Clients protected, Yeske Buie is excited to announce our new agreement with IdentityForce. IdentityForce, a service division of Bearak Reports, is a leading provider of proactive identity, privacy, and credit protection with over 35 years of experience. With an IdentityForce account, you will receive constant identity and credit report monitoring, instant alerts on suspicious activity, reports of all your personal information that is made public on the internet, anti-keylogging and anti-phishing software to protect you against malware and phishing sites, and more.

IdentityForce offers two packages: UltraSecure and UltraSecure + Credit. We recommend the UltraSecure + Credit package as we feel it is the best way to keep your identity protected.

UltraSecure UltraSecure + Credit
Monitoring of your personal information in over four ways Everything from UltraSecure, plus

  • Daily 3-Bureau Credit Monitoring
  • Quarterly 3-Bureau credit reports
  • Quarterly 3-Bureau credit scores
  • Monthly credit score tracker

 

Important Note: all of the credit monitoring and reporting counts as a “soft pull” and will not adversely affect your credit score.

Instant notification when IdentityForce determines your identity may be at risk
Medical ID Fraud Protection (Medical ID Fraud is on the rise)
Exclusive “Delete Now” feature, which allows you to take control of your online personal data that violates your privacy
ChildWatch optional add-on service
24/7 fully-managed restoration services from their Certified Protection Experts if your identity is stolen
Backing by a nation-wide $1 million insurance policy
Annual Yeske Buie negotiated cost: $99.50
(MSRP $179.95)
Annual Yeske Buie negotiated cost: $169.50   (MSRP $239.50)

TEXT

ADDITIONAL INFORMATION:
arrow
 Sign up for IdentityForce now

Your Email Inbox: The Weakest Link?

Articles of Interest, Cybersecurity, Financial Planning, Yeske Buie Millennialon June 20th, 2013No Comments

EmailAdvancements in technology have revolutionized how we live and communicate, with few technologies dominating more of our daily life than email. The convenience and ubiquity of email, however, has a dark side: as more of our personal and financial information finds its way to our email inbox, it becomes an irresistible target to hackers and identity thieves. It is only with prudence and the diligent application of good email “hygiene” that we can keep the hackers at bay. To that end, we here offer tips for practicing safe email hygiene, as well as a plan of action for dealing with a compromised email account.

 

Practice Safe Email Hygiene

  • Be sure the passwords attached to your accounts follow these best practices:
    -Employ a mixture of letters, numbers, and special characters
    -Do not use actual words
    -Avoid patterns that would be easy to identify such as birthdays or names of family members
  • Set up two-step account verification – this means no computer or device can access your email without first being authorized by entering a code sent to your cell phone.
  • If something seems strange or out of the ordinary, trust your instinct and take a closer look at the email you received.
  • Double check the sender’s email address as hackers will use familiar names in the address line and body of the email but have a strange email address listed as the sender. For example, if an email address is johndoe@gmail.com, they may modify it to johndoe1@gmail.com, johndo@gmail.com, or some other similar variation hoping you won’t notice the minor change.
  • ALWAYS hover over a link before clicking and read the website address. If it doesn’t make sense (isn’t clearly about what it is meant to be about), don’t click on it and contact the sender to see if they are legitimate. Even something as seemingly innocent as clicking on a link can unleash evil stuff onto your computer and onto your network.
  • Do not save important information (Social Security Number, passwords, date of birth, etc.) via email. Emails don’t get intercepted, accounts get hacked. They will find it in your inbox. If you must send information via email, make sure to delete the message from your sent folder and trash folder, or from your inbox and trash folder if you are the recipient. Ideally, it would be best to either password protect a document that has this information or transmit the information verbally so there is no written record to potentially be hijacked.
  • Many of us check our email on devices other than our computer, such as our cell phones, iPads, tablets, etc. Protect these devices by setting up a passcode and selecting the option to have the devices’s memory erased if too many attempts are made with the wrong code. If you’re using Apple products, be sure to activate “find my iPhone,” which will allow you to remotely erase the memory of lost iPhones and iPads.
  • Have a list of your contacts saved to another email account or other storage device that you can access easily. If you are ever locked out of your email account by a hacker, this list can be a good back up for the information you will need so you can notify your network about the breach immediately.

What To Do If Your Email Account Has Been Compromised

  • Change your password IMMEDIATELY.
  • Search your sent folder to see who the hacker may have contacted. In some instances the hacker may have deleted the emails they sent, so search your trash folder as well.
  • Send an email to your contacts telling them that they should not act on any requests for money or private information and that you either have regained control of your email or will be switching to a different email soon.
  • If you decide to change your email or are locked out of it, update any accounts that had your old email address listed as a login ID or for electronic correspondence.
  • If you are concerned the hacker may have gained access to your financial details, sign up for a credit monitoring service with TransUnion, Experian, Equifax, and/or IdentityForce.

Other Resources

How To Guard Against Identity Theft
Learn about the different types of identity theft, how hackers get your information, and how to protect yourself

Staying Safe in the Technology Age
Review Schwab’s Security Guarantee and Yeske Buie’s Security Policies

Live Big® Digest – Housekeeping Edition – Cloud Hygiene
James Fallows wrote an interesting article in the November 2011 issue of The Atlantic (“Hacked”),  in which he relates the experience he and his wife had when her Gmail account was hacked

TheLiveBigWay* Digest – Staying Safe in the Technology Age

Cybersecurity, TheLiveBigWay® Digeston July 13th, 2012No Comments

In early June, it was reported that more than six million usernames and passwords were stolen from LinkedIn computers and posted to a Russian website. Barely five weeks later, Yahoo reported that 450,000 usernames and passwords were stolen from its computers and posted online by an anonymous group that claimed to have done so to spur greater security efforts.  However much damage may or may not have resulted from those two incidents, it’s clear that there’s a dark side to living in a wired world. But there are great advantages too, and none of us wants to give up the conveniences that comes from managing our accounts electronically. The key is to have as many safeguards in place as possible and to practice good computer “hygiene.”  We’re dedicating this issue of the Digest to inform you of the ways that Yeske Buie and Schwab work together to keep your assets safe as well as to remind you of steps you can take to protect your identity.

Schwab Security Guarantee

Schwab will cover 100% of any losses in any of your Schwab accounts due to unauthorized activity.  For more information about Schwab’s Security Guarantee, click here.

Yeske Buie Security Policies

Our security policies include the following measures:

  • Protecting the information on your Client Private Page® with an encrypted connection
  • Ensuring any document we send via email containing personal information is password-protected
  • Requiring identity verification for any transactions that are not part of an already established distribution schedule to an approved destination account

Helpful Tips

  • We strongly encourage you to check your monthly statements and cross-reference them against the reports on your Client Private Page®.
  • Make sure the passwords attached to your financial accounts follow these best practices:
    -Employ a mixture of letters, numbers, and special characters
    -Do not use actual words
    -Avoid patterns that would be easy to identify such as birthdays or names of family members
  • Consider employing identity theft protection such as IdentityForce.  Yeske Buie clients are eligible for a discount; please contact Cristin Etheredge at Cristin@yebu.com for details.

For more helpful tips about protecting yourself from identity theft, please refer to the following article.

-The Financial Planning Team
(minus Elissa and Dave)

Mark Your Calendar – An Evening with Greg Valliere

Have you found yourself engulfed in the details for the upcoming election? Are you concerned about how you will be affected by the results? If so, please join us for an interactive discussion with political expert Greg Valliere as he discusses how the new administration can affect the economy, you, and your investments. Click here for details.

Note from Elissa and Dave – The Alaska Edition

We’ve been at the Mt. McKinley Princess lodge since Monday, having begun our stay with the traditional vigil on the back deck waiting for the elusive Mt. McKinley (aka Denali) to make an appearance. No luck on our first day, though the clouds lifted enough to reveal the base of nearby foothills. Interestingly, everyone who joined us on the deck assumed they were seeing the base of McKinley. When you have no frame of reference and the landscape near and far is obscured by clouds, it’s hard to even know where to look.

Fortunately, we awoke the next day to gloriously clear, sunny skies and the sight of Denali in all her glory. Even forty miles away, the view is breathtaking. Later in the day, we flew to the mountain and landed on a glacier. Elissa took the photo above from the copilot’s seat, showing (right to left) Denali, Hunter, and Foraker. There’s nothing like a visit to a magnificent mountain to make the many daily sources of worry fade away into the background.

We hope you’re all having a wonderful summer and we look forward to talking to you upon our return.

-Elissa and Dave

*SM

How to Guard Against Identity Theft

Cybersecurity, Uncategorizedon July 13th, 2011No Comments

Three Types of Identity Theft

Medical:

Identity thieves will use your personal information to find your medical insurance information. Once they have it, they will go have procedures done under your name and insurance. When this happens your medical record will reflect procedures and conditions that are not yours. The next time you go in for treatment you could get medications you don’t need or treatments that could be harmful to you.  You will also be responsible for the bills that the insurance did not cover and it may increase your insurance rates.  And those treatments and conditions will be included in your medical history.

Criminal:

Identity thieves will commit a crime using your name. You can then be arrested and charged for a crime you didn’t commit and it can be very difficult to prove it was not you.

Financial:

Once identity thieves have your information they can gain access to your credit cards, bank accounts, and brokerage accounts. They will open new credit card accounts and take money from your accounts. They will steal your money and will ruin your credit history making it difficult to buy a house, get new insurance, or get a job.

How They Get Your Information

Hacking into your PC:

Hackers will put a virus on your computer called Key Stroke more widely known as a Trojan Horse.  What this does is allow them to see what you are typing giving them access to your accounts and passwords without finding out your address or SSN first. Once they have access to your accounts they can find your SSN and from there any other information they want.

Skimmers:

Small Electronic devices known as Skimmers are used to copy information from a credit card or ATM card. Thieves will hide one over an ATM machine and when you put your card in to access your account it copies and stores all your information giving them access to your accounts.  This is also used in restaurants; waiters will swipe your card through a skimmer before charging you for your meal. If possible watch where your card goes once you give it to the waiter.

Phishing:

This is where you receive an email that looks like it is from your bank or any other company that you may do business with asking for your personal information. When you fill it out it connects to a hacker who gets your information and who may install a spyware program on your PC. Don’t be fooled by a business logo in an email.  Always go to a business website independently of any link in an email you receive.

Dumpster Diving:

The easiest way for someone to get personal information is to go through your trash.  Your trash is their treasure. Go paperless and shred any documents you throw away.

Public Records:

Public records such as mortgages and death certificates contain your SSN and other personal information.

If you want more information consider Steve Weisman’s book titled “50 Ways to Protect Your Identity and Your Credit.”

How to Protect Yourself

  • Monitor your credit report. Everyone has a right to a free credit report annually, which can be obtained at www.annualcreditreport.com or by calling 1-877-322-8228. If you forget the web address you can also go to www.ftc.gov, which is the site for the agency charged with dealing with free credit reports.
  • Be careful to whom you give your personal information. The more places that have your information the easier it is to get. Opt out of information sharing. Get off the pre-approved credit card lists at www.optoutprescreen.com or 1-888-567-8688. Get off junk mail lists at www.dmaconsumers.org. Enroll in the do-not-call registry at www.donotcall.gov.
  • Be careful when shopping online.
    1. It’s a good practice to be familiar with the name or reputation of any company you’re dealing with. You can often find helpful information about online companies from Internet news sources, directories, and rating services. The Federal Trade Commission maintains a web site (www.consumer.gov) that provides many buyer’s guides, lists of tips, and links to helpful resources.
    2. Only provide personal and credit card information when the merchant is using SSL (Secure Socket Layer).  You can tell when you are on a site using SSL because the website address will start with https:// (vs. http:/) or will have the tiny SSL lock symbol located at the bottom of the web browser.  SSL means that your information is encrypted when it is sent over the internet.  It does not mean that the information is safe once it gets to the merchant, however.  So other safeguards are needed.
    3. Know what information the merchant is collecting about you, how it will be used, and if they share it with or sell it to others. You can do this by checking the web site to make sure there is a privacy policy posted, and that you’re comfortable with the way your personal information is treated under that policy. Look for seals from privacy enforcement organizations like TRUSTe or BBBOnLine. Be cautious if you’re asked to supply personal information not needed to make a purchase, such as your Social Security number or personal bank account information.
    4. Check for expected delivery dates, shipping and handling fees, warranties, return policies, and other important information. Look for an email address to write to (or a phone number to call) if you have a question, a problem, or if you need help.
    5. It’s a good practice to pay with credit cards, because under federal law (and your credit card agreement) your liability for an unauthorized charge is limited to $50. While the same may be true of ATM-VISA cards, if your ATM information is stolen and cash is withdrawn from your account, that money could be gone, at least until the matter is resolved.  So it is recommended never to us an ATM card on the internet.
    6. Keep your passwords safe, and don’t share them with other people.  Change them regularly (at least every 6 months).
    7. Make sure to print or save electronically any records related to your online transactions. This will help you keep track of shipping dates, shipping and handling fees, and other details of your transactions.
    8. To file a complaint about a fraudulent business practice or to get free information on how to spot, stop, and avoid one, call the Federal Trade Commission, toll-free, at 1-877-FTC-HELP (382-4357) or visit www.ftc.gov and click on “Consumer Protection.”
  • Remove information from old computers by taking out the hard drive and destroying it. There are companies, such as Data Killers (www.datakillers.com), that securely and completely purge or destroy hard drives, back-up tapes, CD’s, memory devices, etc.
  • Be careful when downloading. There can be hidden files containing spyware and Trojan Horses. Deal with known and reputable businesses.
  • Install anti-spyware, anti-virus and firewall programs on your computer and keep them current.  Norton and MacAfee are well known anti-virus and firewall programs. You can download free anti-spyware programs at www.comparitech.com. Beware of free virus and anti-spyware programs offered on the internet.  They are often viruses and spyware … and sometimes they aren’t even free! We believe the information at pctools to be safe, but always make sure any offer passes the “smell” test.
  • Use precautions when using WIFI (wireless internet access found at various places such as hotels and Starbucks). A very good WIFI  overview and guide can be found at http://www.hp.com/sbso/productivity/howto/it_wifisecurity/
  • Choose good passwords and pins and do not write them down.  If that seems impossible to you (who has that sort of memory?), at least store your passwords in a password-protected document (and don’t write that password down, that on you’ll have to remember).
  • Check your medical insurance payments regularly to make sure they are all payments for actual treatments you have received.
  • Freeze your credit, making it harder for people to access your credit report.
  • We recommend IdentityForce to monitor your credit activity and have negotiated a discount for Yeske Buie clients.
  • Cross shred all mail and documents containing personal information.
  • Don’t carry your Social Security Administration card with you. Keep it in a safe place.
  • Go Paperless on bills and bank statements. If your computer is secure it is safer than the bills/statements going through the mail. A primary source of information for identity theft is credit card bills and bank statements stolen from mailboxes.

© Yeske Buie 2008. This information has been gathered from various sources believed to be credible and reliable. Yeske Buie® has not tested or researched all of these businesses.  Please do your due diligence and be careful who you do business with and what information you give them.


“Our deepest fear is not that we are inadequate. Our deepest fear is that we are powerful beyond measure. It is our light, not our darkness that most frightens us. We ask ourselves, Who am I to be brilliant, gorgeous, talented, fabulous? Actually, who are you not to be? Your playing small does not serve the world. There is nothing enlightened about shrinking so that others won't feel insecure around you. We are all meant to shine. And as we let our own light shine, we unconsciously give others permission to do the same. As we are liberated from our own fear, our presence automatically liberates others.” ~Marianne Williamson