By: Jerry Horton, Technology Director
Earlier this month, an estimated 2,000 people who use the popular Robinhood stock-trading app had their accounts hacked and looted. Hackers infiltrated trading information, trading account numbers, and bank account numbers.
A New York college student who uses the app said it took just minutes for $4,020 to disappear from his bank account. Another victim in Chicago said she woke up to alerts that her investments were being sold and discovered she was locked out of her account.
Robinhood claims the attack did not stem from a breach of their systems, but was due to compromised email accounts. Because the FTC and SEC will likely weigh in, we don’t have all the details on this breach just yet. We do know that Robinhood is advising clients to step up their account security. Let’s take a look at how each of us should be securing all of our digital accounts to protect ourselves from a cyber-attack.
Improve Your Cyber Hygiene
Cyber hygiene refers to steps taken to improve cybersecurity and prevent common threats. Here are a few of those key steps that will help strengthen your defenses online.
- Password Discipline
- The average online user has somewhere in the vicinity of 130 digital identities. I’d be willing to bet you aren’t using a unique password for each one. When it comes to passwords, length is far more important than complexity. So, to follow this rule and remember your passwords, use a passphrase (i.e. I’m dreaming of a white Christmas). This is easy for you to remember and difficult for others to figure out. From a password cracking ability, brute-forcing is almost impossible. (A brute force attack is when a hacker submits many passwords or phrases, hoping to eventually guess correctly. The longer the password, the more combinations they need to test to guess correctly. More than 15 characters is virtually impossible to guess.)
- To make things even more difficult for them, don’t use the same username (especially email) for every account. This is true for business and personal accounts.
- Pro Tip: Password managers can randomize passwords for your accounts. In addition, if you pay for a good one, you can set up a rescue account, which allows a person of your choosing to have your passwords in case something were to happen to you.
- Turn on multi-factor authentication (MFA)
- When you have the option, turn it on. In fact, as part of their efforts to encourage clients to step up account security, Robinhood is suggesting all users now turn on multi-factor authentication. MFA considers 2 or more of 4 factors: something you have (i.e. a token: one-time password, authentication app push notification, etc.); something you know (password); something you are (i.e. thumbprint, facial recognition, retina scan); or somewhere you are (geolocation).
- Pro Tip: When it comes to using a token for multi-factor authentication, using an app that sends you push notifications for approval authentication is more secure than using a one-time password.
- Keep track of your records, especially when it comes to finances
- Look at transaction logs. Check your credit report occasionally. Check your email on a regular basis for unusual traffic. Make sure that if you have signed up for something you’re not using anymore, you disable or delete that account. In order to be successful as an identity thief, the cybercriminal only needs one entry point. Do not leave any “entry points” hanging out in the cyber world unmonitored.
- Even if you take all these steps and sew everything you have up tightly, that doesn’t mean someone can’t come in through a backdoor and wreck your account. It happens. But, taking all the precautions you can will help minimize your odds of becoming a victim, and help minimize the damage if you do become one.
- Cyber breaches have become a real problem as we have moved toward software–as–a–service and cloud-based services. Most of it is due to people not turning on two-factor authentication. When you realize what bad people can do with information that you have unintentionally left out there to be found, they can wreck your business, drain your bank account, file for loans as you… the possibilities are literally endless. Yes, companies have a responsibility to secure their systems, but we as consumers have a responsibility to track and secure our information.