In the fall of 2020, Robinhood, an investing and stock trading application, experienced a security breach in which over 2,000 accounts were hacked when their email addresses were comprised outside of the app. An issue of security on the end of both the application and the individual customers. Its not the first time something like this has happened, and it certainly won’t be the last.
So how can you best protect yourself and your financial investments when an inevitable attack happens to a third party services company or bank that you utilize? The good news is, you can achieve additional protection for your investment funds, confidence and peace of mind – in just a few steps.
Step 1: Dark Web Scan
Your email is your key to all of your digital accounts, so its important to know if any of your accounts where it is used and their corresponding passwords have been compromised . Do a quick, free, dark web scan of your email address to find any account passwords that have been breached. For any that are, change the password by choosing a strong, unique password, and most importantly – never use your old password anywhere, ever again.
Step 2: Setup MFA for Email
MFA or multi-factor authentication, not to be confused with MMA or mixed martial arts (though both are technically an individual form of protection) is incredibly important to activate for your email.
Why? It helps protect from brute force attacks and phishing attempts. And since email is your main identifier for all of your personal accounts, including your financial accounts, you want to make sure it has maximum security.
How? Here are step-by-step guides for Gmail, ProtonMail and Yahoo accounts. There are a few of options to set it up – via SMS, an authenticator app, or with a physical security key. Each option has pros and cons, so be sure choose the one that is most convenient for you.
Recommendation: If you have a substantial sum of money in your accounts, or are at a higher risk for being attacked, choose the physical key. (Yubikey)
Step 3: Setup MFA for Financial Accounts
Next you’ll want to set up two-factor authentication for the financial accounts that you want to protect. This information is typically available right on the site or within the app of the bank or financial services company your account is with. Below are direct links to enable MFA for the follow accounts:
Step 4: Lock your Phone Number
No not locking your phone, locking your phone number. This prevents attackers from transferring your phone number to a different carrier, also known as an unauthorized port out. This is done in an attempt to gain access to your private accounts. And since your phone number is directly tied to most of your online accounts and identity, this is an important step. Especially for instances in which text message-based two-factor authentication is used as the primary security method or when your number is used as a backup access method. Every major US phone carrier allows you to create a PIN or passcode to lock your account.
Step 5: Theft Protection & Cyber Insurance
Finally, you need to purchase some type of cyber insurance or identity theft protection that covers loss of funds for investment accounts. It’s important to be careful when shopping around for this. Many insurers will say they provide $1M of protection but in actuality only have $25K of loss of funds coverage. So take your time and shop around for the best price from a reputable company.
Following the breach at Robinhood in 2020, I wrote an article on medium (here) about the steps to take to protect your account.
At Agency, our focus is on cybersecurity and privacy technology, so we have partnered with a major insurance company to offer our member’s coverage at no additional cost, including a full $1M in loss of funds coverage.
Stay safe. Invest your money with confidence! Learn more about protecting yourself and financial accounts with Agency.