Trail Financial Planning, LLC is a fee-only financial planning and investment management firm located in Bellingham, WA

Pain in Ukraine part 2: Cybersecurity

Pain in Ukraine part 2: Cybersecurity

The situation in Ukraine is terrible and unstable.  As the world takes a stand against Putin’s war, there may be backlashes.  One such backlash may be increased cyberattacks.  The war in Ukraine has prompted me to consider my exposure to cybersecurity risks, our defenses, and our resiliency if a breach were to happen. 

The most secure protection would be to never login to anything digital, work only in cash, and move to a bunker in the hills.  That is the abstinence approach.  For me, and I think most people, abstinence was never a viable strategy.  So, the next layers of defense are protections – the conversations, condoms and pills of defense against cyber attacks.

This sort of post is not an easy one for me to write.  By nature, I am not a “the sky is falling!” chicken little sort of person.  However, I also agree with the aphorism, “An ounce of prevention is worth a pound of cure.”  Thus, I will focus on the prevention side.  I will aim to keep this post readable, in other words, short.  This post is a very non-thorough assessment, written by a very non-expert (me).  Hopefully, though, it will give you something to think about and, if so desired, act upon.

This post is also the second in my series “Pain in Ukraine.”  In the first post, Pain in Ukraine part 1: Giving, I described some resources you can use to find ways to help if you are interested in giving financially.

The Risks of Cyber Attack

The risks we face in an increasingly digitally-connected and stored world are innumerable.  They all start with a nefarious player, who might be an individual person, a criminal organization, a legal business operating in a country without strong consumer protection laws, or a government intent on causing disruption.  Here are few of those risks:

  • Theft of your sensitive digital information, provided by you (often done through “phishing emails”)
  • Theft of your sensitive digital information through a crack in your personal digital defenses (often done through a virus or malware)
  • Theft of sensitive digital information through a crack in the defenses of a 3rd party storing your information (often called “hacks” by the media)
  • Blocking access to sensitive digital information, and demanding some sort of ransom (often called “ransomware”)
  • Deleting important digital information you have stored online, purely to cause harm
  • Disrupting services we use and rely on for our daily life (such as transportation or financial systems)

 

Defenses against Cyber Attack

Start with ourselves

The most common way that cyber-attacks are successful is through human error.  Examples:  Responding to an inquiry from a nefarious player posing as someone else.  Clicking on the wrong link.  Willingly sharing personal information.  Using a password that is easily guessed by a human or computer.  Thus, the most important lines of defense are close to home, and tend to be behavioral.  Here are a few defenses you can employ:

Always check the source.  Many cyberattacks pose as legitimate sources.  Check the website address.  Check the phone number. 

Have conversations with others when something seems odd.  The best cyber attacks start with a compelling hook, an intimate inquiry, couched in information that feels personal to you.  If you receive a strange message or inquiry, ask someone about it.  Show it to someone you trust, ask their advice.  Lean on others.  Outside perspectives are important in many areas of life.  In this area, an outside perspective may help us see our own blindspots.  Ask older relatives or friends how they deal with such inquiries. 

Model your behavior by showing your kids (or other relatives?) weird messages or inquiries.  Ask their opinion of what they would do.  Show them when you encounter something particularly compelling.  Point out how it is enticing to you.  

Protection with partners

Create strong electronic passwords, and if possible, use two-factor authentication.  A password manager is a godsend for this task.  LastPass and 1Password are both well regarded.  My family uses LastPass, and we are quite happy with it.

Make sure you only use secure (password protected) wifi networks when doing anything with sensitive information.  

Have good security stuff on your computer (anti-virus and malware software).  I wish I knew the right solution to this one.

Keep your computer and devices up-to-date.  Make sure you turn them off routinely, which often triggers updates to install.  If you only shut the lid to a laptop, it may not get updated with new security patches. 

Resiliency Against Cyber Attacks

Eventually, some cyber-attacks will be successful.  It is impossible, and an unpleasant way to live, to try to protect against every possibility of harm.  So, we can also think about minimizing damage and disruption if something were to happen.  Here are a few things to do, which again, is by no means a thorough list:

  1. Freeze your credit.  If someone steals your personal information, a frozen credit report may stop them from impersonating you.  If you want to read more on how to do so, I wrote about it What I did to secure my credit.  
  2. Keep some cash on hand. 
  3. Keep an emergency fund.  Consider splitting it into two different institutions.  We keep a “layer 1 emergency fund” with our primary bank, then a “layer 2 emergency fund” with a second institution.  If you are asking “Why is an emergency fund important?” I wrote about it:  Add a superpower to your finances: The Emergency Fund.
  4. Have backup systems for your digitally stored information, especially important stuff like photos.
  5. Have backup systems for non-digital, but important systems that could be disrupted by cyber attacks.  These thoughts are veering into the “bunker” mentality, but they may be worth thinking about.  I am thinking about things like:
    • Transportation.  If your primary transport system was disrupted, what is your backup plan?  
    • Financial.  If the primary way you pay for things shut down, do you have a backup?
    • Financial.  If the access to your bank was disrupted, is there a backup? 

 

To learn more

For a much more thorough discussion of cybersecurity risks and preventions, here are two good resources I used:

  1. Cybersecurity overview from the US Government through Ready.gov, which is a larger effort to protect against emergencies.  The link to the cybersecurity risk page is at:  https://www.ready.gov/cybersecurity
  2. The small business administration has a cybersecurity page which I found useful as the owner of a small business:  https://www.sba.gov/business-guide/manage-your-business/stay-safe-cybersecurity-threats
  3. A one-page informational sheet from FEMA about cybersecurity.  You can find a copy here:  Cybersecurity two-page info sheet from FEMA 

Wrap up

You’ve reached the end!  If you want to talk about your financial picture, reach out to us through our Contact page.  Or, if you are a current client of ours and you want to talk about your own cybersecurity plans, schedule a meeting with John or Liz.  

John Chesbrough

John is a financial planner and investment manager. He, along with his business partner Elizabeth Snyder, founded, a fee-only, independent financial advisory firm called Trail Financial Planning (Trail FP) in Bellingham, WA. John and Liz enjoy working with people who care for others and their community – parents, firefighters, therapists, doctors, nurses, and teachers. They work with people by appointment. To learn more, or to schedule some time with John or Liz directly, please visit www.trailfp.com.