Beyond Basic Security

Your passwords are the first line of defense against unauthorized access. It’s important to: 

• Use Strong, Unique Passcodes: Create passwords that are at least 12-16 characters long, combining uppercase and lowercase letters, numbers, and symbols. Avoid using easily guessable information such as birthdays, names, or common words.
• Employ Unique Passwords for Each Account: Reusing passwords across multiple services is a significant risk. If one account is compromised, all others using the same password become vulnerable.
• Utilize a Password Manager: A reputable password manager can securely store your complex, unique passwords and generate new ones for you. This eliminates the need to remember dozens of different combinations.
• Enable Multi-Factor Authentication (MFA): Whenever available, activate MFA (also known as two-factor authentication or 2FA). This provides an extra layer of security by requiring a second form of verification (e.g., a code sent to your phone) in addition to your password.
• Change Your Password Frequently: Passwords should be changed at least quarterly, with email passwords updated even more frequently.

Practice Safer Online Browsing

In today’s digital landscape, safe browsing starts with simple habits. Always verify links before clicking and stop to double-check any unexpected prompts before entering your credentials.

• Website Security: If your browser warns you that a site’s certificate is invalid, don’t ignore it. Those warnings mean the connection isn’t secure or the site may be fraudulent. If the site doesn’t use HTTPS, do not enter any sensitive information. It can easily be intercepted.
• Sensitive Sites: Type the web address yourself for sensitive sites. Don’t trust links in emails or chats.
  Manually entering https://yourbank.com ensures you land on the real site, not a spoof.
• Website Misspellings: Beware of URL misspellings. For instance, “examplle.com" isn’t the same as "example.com.” Attackers can register look-alike domains to trick you—always verify each character.
• Carefully Inspect Web Links: Never click a link you weren’t expecting, and examine search results before clicking on links. Phishing sites often hide behind innocuous or legitimate looking links. 

Keep Software and Firmware Updated

Software updates often include critical security patches that fix vulnerabilities exploited by cybercriminals.

• Operating System and Applications: Ensure your computer's operating system (Windows, macOS, Linux) and all software applications (web browsers, office suites, antivirus programs) are set to update automatically or that you regularly check for and install updates.
• Device Firmware: Many devices, from printers and smart TVs to network-attached storage (NAS) devices, have firmware, a type of embedded software that provides low-level control for the device’s operation. Check the manufacturer's website periodically for firmware updates and install them promptly. These updates often address security flaws.

Secure Your Router (Wi-Fi)

Your internet router is the gateway to your home or office network. Securing it is paramount, using strategies such as: 

• Change Default Credentials: The first step after setting up a new router should be to change the default administrator username and password. These are often publicly known and easily exploited.
• Update Router Firmware: Like other devices, routers receive firmware updates that improve performance and, more importantly, patch security vulnerabilities. Consult your router's manufacturer for instructions on how to check for and install updates.
• Use Strong Wi-Fi Encryption: Ensure your Wi-Fi network uses WPA2 or WPA3 encryption. Avoid older, less secure options like WEP.
• Guest Network: Consider enabling a guest Wi-Fi network for visitors, keeping your main network separate and more secure.

Protect Against Malware and Spyware

Malware (malicious software) and spyware can compromise your system, steal data, or disrupt operations. It’s critical to make sure you: 

• Install Reputable Antivirus/Anti-Malware Software: Use a trusted security solution and keep it updated. Regularly scan your devices for threats.
• Be Wary of Suspicious Emails and Links: Phishing attempts are common. Avoid clicking on links or opening attachments from unknown senders. If something looks suspicious, even if it appears to be from a known contact, don’t engage. 
• QR codes: Avoid scanning QR codes from unexpected or unfamiliar sources due to the risk of phishing and malware attacks. 
• Download from Trusted Sources: Only download software and files from official and reputable websites. Avoid third-party download sites that may bundle unwanted or malicious programs.
• Firewall: Ensure your operating system's firewall is enabled, or use a dedicated firewall solution, to control incoming and outgoing network traffic.

Be Mindful of Public Wi-Fi

Public Wi-Fi networks (in cafes, airports, etc.) are often unencrypted and insecure, making your data vulnerable to interception.

• Avoid Sensitive Transactions: Refrain from accessing banking, shopping, or other sensitive accounts when connected to public Wi-Fi.
• Avoid Wi-Fi Networks Without Passwords: These networks pose significant security risks. Without a password, these networks lack encryption, making your data vulnerable to interception by malicious actors.
• Your cell phone hotspot is considered more secure than public Wi-Fi.
• Use a Virtual Private Network (VPN): A VPN encrypts your internet traffic, providing a secure tunnel even on unsecured networks.

Your Role in Cybersecurity

Whittier Trust occasionally hosts cybersecurity seminars in which we share knowledge and strategies for handling online threats. During these events, attendees have the opportunity to learn practical skills and gain insights related to the topics discussed in this letter. Stay tuned for future event announcements. 

While we implement robust security measures at Whittier Trust, your vigilance is a critical component of a strong overall security posture. As a companion to this article, please review this helpful checklist, designed to help keep you on a regular schedule of maintaining good cybersecurity hygiene. 

Remember, Whittier Trust will never ask for your personal or secure information via text message or email. If you get such a suspicious piece of communication, please reach out to your client advisor directly. Also, Whittier Trust does not transfer your cash without verbal or written confirmation. If you have any questions or require further assistance with your cybersecurity practices, please do not hesitate to contact us.

For more information about how Whittier Trust can protect you, your family, and your estate from cybercriminals, start a conversation with an advisor today by visiting our contact page.