33% of adults in the U.S. have experienced identity theft. One of the larger stories that hasn't gotten enough attention recently is the Solar Winds hack. It's believed that Russia was able to infiltrate federal government agencies and Fortune 500 companies by installing malicious code into a software that many companies use. These companies and government agencies include Microsoft, Deloitte, the Department of Defense, and The U.S. Treasury. These companies and agencies haven't fully communicated exactly what data was breached, but I believe it was a huge data breach.
It's important to protect yourself online. So, grab a cup of coffee. Today I'm going to teach you how I keep myself safe online and how you can do the same. I don't want my data stolen, accounts compromised, or bank accounts hacked. While there's always a chance this stuff can happen I like to reduce the probability of this happening. Let's jump into the few areas where you can take action.
Passwords
Do you have the same password across multiple sites? If so, you need to stop doing that IMMEDIATELY. If one company gets hacked and they get your email address and password they will immediately have access to login to all your other accounts that use that same username/password combination. The way to fix this is to use a password manager such as Lastpass or 1Password. These products create a unique password for each site that you have an account with. You can download an extension so when you go to the site, you don't need to remember your password. It will automatically login for you when you try to sign into a website. I personally recommend Lastpass - if you'd like to use them just click right here. And if you'd like a tutorial of how to use it, you can watch this video.
Browsers
Over 300 million people are using Google Chrome as their main browser. The problem with Google Chrome is they track everything you do, know your location, and don't seem to care about your privacy. The browser that I recommend using is called Brave. Brave is known as a privacy browser which does not track your activity online. In addition to this, the experience on Brave is great as well. It feels like you're using Chrome, but it's even faster. If you'd like to use Brave just download it by clicking here.
VPNs
A VPN is also known as a Virtual Private Network. When you log in to your computer and you're connected to wifi at home, at a coffee shop, or in an airport your computer is transmitting data to through your Wifi to your internet provider. It's unclear how secure this data transfer is, but it's likely very insecure -- especially in public places. A VPN gives you online privacy and anonymity by creating a private network from a public internet connection. A VPN creates a secure and encrypted connection. This makes it tougher for someone to access the information that you have on your computer and you're working with online. It increases the level of protection you have while connected to the internet. I always use a VPN and the one I recommend is ExpressVPN. And here's a more in-depth video of ExpressVPN
2FA
2FA is also known as Two-factor authentication. When you log in to an account and you get a text with a code that you enter into the website before it lets you in, that's known as 2FA. You're using a second device to verify your identity. The problem with using text for 2FA is that if your phone gets hacked then you are in a vulnerable position. While getting your phone hacked may seem unlikely, it's not. A few years ago this was a huge problem in the crypto space with something known as SIM swapping. People would identify someone they know had Bitcoin or Ethereum. Then they would go to Verizon, T-mobile, AT&T, or (insert cell phone company) and convince employees that they had lost their phone and needed a new SIM card. They would get a new SIM card impersonating someone else. They would then insert that SIM card into a new phone and log into this person's email. They would hit the forgot password button and do the 2FA through text to get access to this person's email. Then they would go to the person's Crypto brokerage accounts and hit forgot password. They would then reset the person's password because they have access to their email. And just like that, they have access to your brokerage account and an easy way to liquidate your money. Don't think this can happen to you? Here's a story one of my former work colleagues wrote about how this happened to him.
While you're probably scared as hell reading that, there's a way to mitigate this. Instead of using text based 2FA, use a better way to do 2FA. The one I found that slows me down the least but still provides a good level of security is the Google Authenticator. When I log into a website and I have 2FA enabled, it will tell me to input the code from Google Authenticator. I go to my Google Authenticator app on my phone and simply put in the code. Before doing this, you should watch this video to learn how it works. Then download the app on your phone. Keep in mind if you lose your phone or upgrade it, it takes some time to do the entire set up again, but this video teaches you how to do it as quickly as possible.
If you want even more advanced options for 2FA, this article talks about some more sophisticated security 2FA options.
Bank Accounts
You can take all the precautions in the world, but there's still a chance that someone can get access to your cell phone or email. And if they do, it may be relatively easy for them to get into your bank accounts. One way to stay on top of any suspicious activity is to have alerts on for any transactions. So, if there's a transaction that occurs you get a push notification on your phone. But this is more of a reactive action.
The more sophisticated method is to create a separate email account that nobody knows but you. This email is the one that is used for all of your financial accounts. You only log onto this email from a laptop that you use nothing for besides financial transactions. This reduces the chances of people being able to find your email that's associated with your bank accounts. This does end up adding a lot of friction. For example, if you're traveling it may be tough to make transfers, check on things, etc. But, I believe it's one of the safest things you can do.
Protecting yourself online is extremely important. I'm surprised we don't see more hacks than we do already. But there's protections you can put in place to reduce the chances that you are harmed. I use each of the above products on a daily basis. It's not perfect and you need to stay vigilant, but it adds a level of protection many people don't have.
As always, if you're enjoying my Reflections, I'd love it if you shared it with a friend or two. You can send them here to sign up. My goal is to make it one of the best emails you get each week -- an email that you actually enjoy receiving.
And if you come across anything interesting this week, send it my way! I love finding new things to read through readers of our community.
Have a great Sunday,
Rohun