7 Ways to Shield Yourself From Cybersecurity Threats

Cyberattacks continue to make headlines around the world. Ticketmaster recently reported that a hacker group is claiming responsibility for a data breach affecting roughly 560 million users.¹ Disney also recently fell victim when disgruntled fans of the shuttered online game Club Penguin hacked into the company’s internal servers. In addition to stealing Disney’s data, the breach reportedly includes tools used by Disney’s software developers and corporate and advertising plans.² Even a town in Massachusetts fell victim when payments intended for a vendor working on their high school were diverted to an overseas hacking group through a business email compromise scheme.³

Recommendations for individuals

While attacks on big companies make the news, financial information and identity of individuals are often most at risk. However, there are seven actions you can take to help shield yourself from cybersecurity threats.

1. Use multi-factor authentication. Multi-factor authentication involves logging into your online accounts by providing an additional form of verification along with your password, such as a code sent to your mobile phone. Most accounts offer the option to enable multi-factor authentication, but many people choose to skip it. Opting in could significantly enhance the security of your account.
2. Choose passphrases over passwords and use a password manager. Replace passwords with passphrases, a sequence of at least four words and 16 characters that’s easy for you to remember and hard for anyone else to guess. Even if you’ve upgraded from a password to a passphrase, using the same passphrase for everything is risky. Consider using a sophisticated password manager to store your passphrases instead of the built-in password manager on your browser. Dedicated password managers offer more features and security than rudimentary browser-based password managers.
3. Think twice about public Wi-Fi. When using unsecured Wi-Fi in hotels, airports, coffee shops, and other public places, avoid logging into accounts that contain your sensitive information. Unsecured Wi-Fi makes it easy for cybercriminals to access your accounts, view sensitive information, or steal your identity.
4. Freeze your credit. If a hacker gets hold of your Social Security number, they can easily access your credit. Prevent this by freezing your credit with the three major credit bureaus – Equifax, Experian, and TransUnion. Freezing your credit makes it inaccessible to others. If you need to use your credit, temporarily unfreeze or “thaw” it for a specific timeframe. Parents should also consider freezing their children’s credit to protect them from identity theft.
5. Use chip-enabled credit cards. In recent years, chip cards have become the standard for credit cards due to their enhanced security over magnetic stripe cards. The embedded EMV chip (named for Europay, Mastercard, and Visa, the credit card companies that developed the technology) makes it harder for fraudsters to copy information from in-person transactions. EMV chips are exponentially more secure than the magnetic strips on cards, in large part because they don’t transmit the card’s real number during a transaction. Instead, they generate a unique code for every purchase and send the code to the business’s card reader. The codes generated by EMV cards can’t be replicated, used more than once, or easily faked – protecting EMV cards from the security vulnerabilities that plague magstripe payments.
6. Get creative when answering login authentication security questions. Security questions about personal details like your mother’s maiden name, father’s middle name, and favorite pet are often required for account security. However, there is typically no requirement to provide the exact answer to the specific question asked. For example, you could respond to “What is your mother’s maiden name?” with the answer to “What was the name of your favorite pet?” This strategy helps prevent hackers from accessing multiple accounts, as uniform answers to security questions can make it easier for them to breach your accounts.
7. Track your transactions. Typically, big financial companies have some of the best security systems and protocols. Even so, it’s still possible that your information might be stolen. One of the best ways to ensure any damage is limited is to check your transactions against your statement.

How to spot a suspicious email or text message

Clicking a link in an email or text could cost you time and money. Fraud tactics are becoming increasingly sophisticated. According to the FBI’s annual Internet Crime Report, cybercrime accounts for billions of dollars of losses to businesses and individuals each year. Differentiating a scam email or text from a legitimate one can be challenging, but there are often subtle clues that indicate its criminal nature.

• Requests for sensitive information. Be cautious of unsolicited emails from organizations that provide a link or attachment and ask for sensitive information. Reputable companies will not request passwords, credit card information, credit scores, or tax numbers via email, nor will they send links requiring you to log in.
• Unsolicited attachments. Never open attachments from unknown senders as they often contain malware. Always verify the validity of attachments by contacting the sender directly.
• Links and email addresses. Check the sender’s email address by hovering over the ‘from’ address to ensure there are no alterations. Additionally, double-check URLs. If the link in the text does not match the URL shown when hovering over it, it’s likely a malicious site.

What to do if you’re a victim of a cybersecurity breach or identity theft

• Visit identitytheft.gov for free resources to report and recover from identity theft.
• Under federal law, you can request a free copy of your credit report once a year from each of the three credit reporting bureaus: Equifax, Experian, and TransUnion.
• Place a free fraud alert. A fraud alert requires a business to verify your identity before it issues credit in your name, making it harder for people to open accounts without your permission. Once you place an alert with one of the bureaus, that bureau will send your request to the other two bureaus.
• Put a security freeze on your credit. A freeze prohibits credit bureaus from providing your credit reports to businesses that request them, making it much more difficult for someone to open an account in your name without your permission. Credit freezes need to be requested from each of the three bureaus.

How Mercer Advisors protects your information

At Mercer Advisors, our highest priority is the confidentiality, security, and protection of your personal and financial information. Our many internal safeguards to help protect your online, telephone, and video interactions include:

• Compliance and cybersecurity policies
• Extra login security
• Wire transfer verification
• Systems surveillance
• Encryption on all endpoint devices
• Anti-virus software
• Firewalls
• Physical security at our offices
• Restricted access to data
• Secure customer relationship management (CRM) system, enterprise-grade file-sharing, and storage platform
• Employee education

View our security measures or speak with your wealth advisor for more information. If you are not a client and want to learn more, let’s talk.

¹ Binder, Matt. “Ticketmaster Hacked. Breach Affects More Than Half a Billion Users.” Mashable, 29 May 2024.

² Zeff, Maxwell. “Vengeful Club Penguin Hackers Reportedly Steal 2.5 GB of Disney’s Data.” Gizmodo, 6 June 2024.

³ Tenser, Phil. “Town of Arlington, Massachusetts, Lost $445,945 From High School Construction To Email Scheme.” WCVB 5 ABC, 7 June 2024.