Power Up Wealth podcast – Episode 83 – 6 Steps to Being Secure Online
James Derrick 0:00
Each week brings news of another data breach of our personal information. I’m James Derrick, Chief Investment Strategist at Smedley Financial Services, and joining me today will be Shane Thomas to discuss all the things you can do to protect your data and your privacy.
Sharla Jessop 0:25
Welcome to the SFS Power Up Wealth podcast where we provide impactful insight and expert opinions on timeless financial principles and timely investment topics, preparing you to make smarter decisions with your money.
James Derrick 0:48
Shane, thank you for joining me today.
Shane Thomas 0:50
I’m glad to be here.
James Derrick 0:52
Shane is our technology guru with Smedley Financial Services. Shane, let’s talk about security online. I mean, this is an overwhelming but vitally important topic. Let’s begin with passwords and two factor authentication, which, frankly, is a little bit annoying but necessary.
Shane Thomas 1:10
Sure. Oh yeah, no, it definitely can get daunting both the passwords and the two factor because, in reality, everyone should have a different username password combination for every website you go to, whether it’s your your Uber Eats or your Door Dash, your Walmart, your Target, your Amazon, your email, your bank account, every one of those requires some login, and every one of those should have its own really hard password with the username, and now a lot of them to make it even harder if someone gets your password, is the use of the two factor, whether that’s a text message coming to you or through an authentication app, the special code that you can put in that’s something unique in revolving every 30 seconds or every minute. But the bad guys are figuring out ways to get into your account. And the best practice is really hard passwords, and if you have the option to use the two factor authentication to turn it on everywhere.
James Derrick 2:14
Personally, I find getting that verification through a text a little bit easier than having an app with a rotating number. Are they both equally secure?
Shane Thomas 2:25
They’re both good, but the authentication app is more secure. Unfortunately, bad guys have found ways to spoof the texting and get the code.
James Derrick 2:38
And obviously, if you ever got a text message that said, hey, I’m sending you a text message give me the number. I mean, like they could be phishing for that two factor authentication as well. Let me ask another question before we move on from passwords. Is every website I log into vitally important? I mean, you mentioned like Uber or DoorDash. I mean, is my login need to be secure for everything? Or should I be primarily just worried about my bank account or my credit card?
Shane Thomas 3:11
That is a good question. Oftentimes, you save your personal information within one of those so maybe Uber has one or two or three of your credit cards that you might use for ordering a ride. Amazon might have your purchase history and credit cards and shipping addresses that you have saved in there. So it would probably be better to make them unique and make them harder just because you’re starting to save inside of each of those accounts a little bit about you.
James Derrick 3:43
Could you talk to us a little bit about how to keep track of all of those?
Shane Thomas 3:48
Sure. I would recommend some kind of password manager. The reason a password manager is helpful is 1) It saves all of that information for you. You use one really hard pass phrase or password to get into the manager to unlock, let’s say, the vault. And once you’re in the vault, then you have access to all of that information, all of your usernames that you’ve been using, all the passwords you’ve been using in the websites that are saved in there. The nice thing is, is these password managers create really hard passwords for you, so you don’t have to come up with a 20 character password with uppercase and lowercase and special characters. And if a website needs it to be less or more, it can, you can quickly make that adjustment, and it saves it for you. The next time you go to the website, auto populates, it logs you in. You don’t have to remember each one of those or write it down on a yellow pad and hide it in your desk.
James Derrick 4:47
I think that’s awesome that you said 20 character password, because that just that’s a lot of it is numbers and letters. Having that for every single website is just completely overwhelming. So then I really would need a password manager. I think on a lot of cell phones they have built in managers. Are those just as good as the separate companies? Can you compare and contrast?
Shane Thomas 5:10
Sure. Apple recently re-released their they had a password manager that was okay, but they re-released it in the latest version of their iOS 18, and it is now its own separate app. So it’s a standalone app which works really well. And if you’re not using an Apple device, obviously it’s not going to work for you. So there are other password managers out there that are good, and I definitely would recommend them. Some of them will give you the option to have it work on one device for free. Some if you want to have it on several devices, they might charge a fee for the year. So you could have it on an iPad, an iPhone or a desktop or laptop, or if you pay the subscription, you could have it on all of those devices.
James Derrick 6:01
Seems like it would be critically important to be able to access it on multiple devices. I just see how we do things at my house. I mean, I might be logging in on my cell phone, but I might be using my laptop or my desktop. I might be logging in at work or at home. And so that ability, that’s something to think about, is whether it works on multiple devices. And you know, one of them could be Apple, but the other computer might be running Microsoft software, you know.
Shane Thomas 6:30
Right.
James Derrick 6:31
Okay, let’s jump to antivirus software. You know what do people need to know about having it? About their antivirus software on their computers?
Shane Thomas 6:40
So the first thing is make sure you have it, regardless if it’s a Windows machine, if it’s a Mac, get good antivirus, anti malware software. There are versions out there that are free, there are some that you can pay for, that aren’t really that much, maybe $40 to $50 a year.
James Derrick 6:58
Totally worth it.
Shane Thomas 6:58
And completely worth it. They look for the bad malware. They look for viruses coming over. They do website filtering as well, and you can granularly adjust things. Sometimes you can even adjust it per device. So maybe the kids laptop is even more locked down than your laptop and so, but definitely worth it, and it should be on every device, because, unfortunately, the bad guys don’t care what you’re browsing the web with what you’re doing, you need to have something on there. And the other thing with that is make sure that it’s up to date. Oftentimes, you purchase a new laptop, it comes with a free trial of, you know, some software, and it lasts for six months or a year, and then it expires, and you get a little pop up in the bottom corner and that says, Hey, your trial is ending. Click here to subscribe. You’re like, whatever, I’m not going to worry about it. Or it’s, you know, $69 I’m not going to go on and pay for it. What I have is fine. Problem is, it isn’t fine. And because the definitions for the antivirus, they’ve lapsed, and there’s always new things that are getting pushed out, and you’re not getting those updates. The same with updates to your software, whether that’s on your Mac or on your Windows machine, or your iPhone, your Android, any of your devices. If there’s a new update that’s available that has security updates, get them applied. Make sure that those are applied.
James Derrick 8:18
Let’s talk about phishing. This is one thing that makes me a little bit nervous, because it’s not just me, but it’s everybody on my network, whether it’s home or work, we need to be basically flawless and avoiding phishing.
Shane Thomas 8:32
Sure! With an email, a phishing email, the bad guy only has to be right one time. We have to be right every time. And so the best thing is look to see if it looks suspicious, you know, if you weren’t expecting an email, you know, from your aunt with pictures or videos or PDFs or a Word document or a spreadsheet or whatever it is, and it says, Hey, here’s the list of stuff that you wanted. Call her and say, Hey, did you really mean to send me this? Or was your email hacked? The other thing you could look at is look to see if it really was her email, or was it somebody that just used an email that’s similar to hers and put her name in.
James Derrick 9:11
I’ve noticed when you scrutinize the email address, it oftentimes isn’t even remotely close.
Shane Thomas 9:18
Right
James Derrick 9:18
To what it should be, and that’s a huge red flag.
Shane Thomas 9:21
Yep, definitely.
James Derrick 9:22
And I always think too, like, what’s the harm if I don’t click on this link? You know, am I really missing out? Like, is it really important? And if it does seem important, like, let’s say that it’s claiming to be the credit card company or Amazon, I can just go directly to the website without clicking the link.
Shane Thomas 9:39
Exactly.
James Derrick 9:39
And then I don’t have to worry.
Shane Thomas 9:41
Yeah, you can go right to the website, log in and say, Oh, yep, you’re right. That was the tracking number for the package I ordered from XYZ company.
James Derrick 9:49
Yeah I see it a lot in texting too, like, oh, we were unable to deliver your package. I’m like, yes.
Shane Thomas 9:55
The USPS cannot deliver your package without you clicking the link. And so. Yeah, when in doubt, just delete it. That’s the best with that.
James Derrick 10:04
I know too, like spelling errors or a red flag, but more and more those old red flags don’t seem to work. I mean, I don’t know if it’s because they’re using AI or because people are just getting smarter, probably a combination of both.
Shane Thomas 10:19
It’s a combination of both, because, I mean, the bad guys have learned that you recognize, though, this doesn’t sound right, it’s not in, like, what we would consider proper English. It’s, you know, it’s got weird spelling errors. You’re like, that’s kind of a strange way that you would word a request for money or gift cards or something. And so they’ve gotten smarter, and just like you and I, have used AI programs like chat GPT to increase change the way the sound of text, or our kids have used it in helping them write papers, or people use it all the time for various things. In fact, it’s built in with the new iPhones have the apple intelligence built in that allows you to change the way you wrote an article. You want to say, Oh, this was too aggressive. I want to change it to be more friendly. If you’ve haven’t seen the ad, it’s pretty funny, but it can use the wording to make it sound better, or change it to be how a totally different format. And so the bad guys are smart too. They have access to the same stuff we do. They can go on there and say, Hey, write me an email that sounds amazing, that’s convincing people to click on this link, and it’ll create it, write it, and they go online, and they buy a kit that allows them to spam millions of people, and all they do is hope one person clicks the link.
James Derrick 11:35
Let’s talk now about social media. We put a lot of our lives up there, but we don’t often think about security of our social media accounts.
Shane Thomas 11:45
Yeah, it’s definitely something to think about, because oftentimes you’re adding pictures from events, you’re adding all of this to people that are your quote friends, and oftentimes you start to grow your friend following. And now it’s not just friends, it could be friends or acquaintances. And it keeps growing and growing. And now you’re putting more and more stuff out there. It’s recommended if you plan to travel somewhere, don’t put where you’re going or that you’re Hey, we’re headed to the airport. We’re on our way to, you know, Italy for the next two weeks. We won’t be back till Yeah, we’ll be back next Friday, yeah, so in the event that somebody that you know is in your quote, friend group, maybe they’re really not your friend. I mean, that’s just advertising out there, you know. And oftentimes all these social media companies come up with different security ways to, you know, you can lock down your account so only people see certain things. Well, sometimes those security settings get updated. They add new filters or new changes, and it doesn’t hurt to go in every now and then and just make sure that what you’re showing is what you want. Like, do you really want it to show to the whole world your profile picture? Or do you want it to just say your name?
James Derrick 12:59
Is it possible that my friend Shane Thomas is not the Shane Thomas.
Shane Thomas 13:04
And it is very possible. There might be someone that says, who sees my profile and on there and takes my name, makes a new account, downloads or screenshots my profile picture and makes a new Shane Thomas account, and then starts trying to be friends with the same people that I’m friends with, in hopes that those people will be friends with them, and then they can start messaging them and eventually take over Shane Thomas’s whole profile and cause confusion and chaos. And there are people out there that that’s what they do. And so if you do happen to get something weird, like a friend request from someone you know you’ve been friends with on a social platform. Now that’s strange, and you go on and look and they maybe they don’t have updates, or they don’t have as many friends as you think they should. Maybe question that. Maybe reach out to the person and send them a text or a call and say, Hey, did you open another profile? Did you mean to do that? And it could be that it’s suspicious and should be reported to, you know, whichever company that is.
James Derrick 14:01
Fascinating. Let’s talk about credit. Freezing your credit.
Shane Thomas 14:06
Yeah, freezing your credit is probably a good thing to do for most people, honestly. The amount of data breaches that have happened over the last several years go up every year. There’s more and more companies that are losing some kind of data, whether that’s just your name and address or your phone number, your email, sometimes it’s more. Maybe it’s credit card numbers. The best thing to do is, unless you plan on, you know, purchasing a car or opening a credit card or closing on a loan on a home or or for something else, just go ahead and freeze your credit. Reach out to.
James Derrick 14:41
Everyone?
Shane Thomas 14:42
Everyone.
James Derrick 14:43
Everyone?
Shane Thomas 14:43
Everyone at each of the three credit bureaus. Go on to their website. It doesn’t take very long to do.
James Derrick 14:49
It’s free?
Shane Thomas 14:49
Yeah, the credit freeze is free and with each of the credit bureaus, and sometimes it can take a day to have that thaw. So then you’re you can apply for credit for somewhere if you need it. There are some of the companies offer a service called a credit lock, which comes with the monthly charge, and usually that might have other whistles and bells that they might include in that, like credit monitoring or other things like that that you’re paying for. And it also includes the ability to thaw your credit almost instantly. So if you’re at a car dealership, you can undo it, apply for the loan, get the loan, buy the car, and then re freeze your credit, but it comes at a cost, whereas you know, the credit freeze for most people is sufficient and should be something you should do so you don’t all of a sudden have someone opening lines of credit, you know, at a bank or buying cars or credit cards with your information, because, unfortunately, your information is somewhere out there.
James Derrick 15:46
It’s probably safe to assume that everyone listening to this podcast has had their information stolen from somewhere.
Shane Thomas 15:53
Some portion of your information is somewhere that the bad guys have.
James Derrick 15:57
What about children? What about a deceased spouse? Do you freeze their credit?
Shane Thomas 16:03
Yes. I would recommend that you go on and check your kids accounts, check their credit report, plug in their information, go on and look and see if there have been times when the bad actors have gone on and applied for credit under children’s social security numbers and gotten loans out, and it doesn’t come to fruition until that child goes, maybe off to school, goes to buy their first car, tries to open a credit card or something, and then they get flagged and that they have, you know, bad credit. But that also being said, if, if someone, the loved one, passes away, you should go in and freeze their credit, so then nothing new under that person’s name can be open, because there are still the credit card offers that might be out there. There’s still your information, and the deceased person’s information is still out there that someone could try to use to open a card.
James Derrick 16:54
All of these things sound like a real pain, but once you get it done, you don’t have to worry.
Shane Thomas 17:00
Right? Once you go in and you turn that credit freeze on, and, of course, with each of the credit bureaus, you would have to create an account with a hard password, and probably, probably using two factor as well.
James Derrick 17:00
We’re going in circles.
Shane Thomas 17:01
Yeah, we’re right back to where we started. But once you do that, and you go in and you have access to that information, you go in and turn those things on until you need to go take out a loan to buy a car or close on a house. You just leave it. And some of the services that they offer for free, they’ll send you information about, you know, where your credit’s at, where your things are. You know, if you’ve paid off a balance, it alert you. Hey, it looks like you paid off a loan way to go. And so some of those things are nice. So you can, you know, kind of keep track, and it’s it maybe gives you more insight than just getting your credit report once a year from each of the credit bureaus as you comb through it to make sure it looks good. You have the ability now, with a login, to go look, you know, maybe once a month, maybe every couple months, just to make sure what’s on there looks good.
James Derrick 17:57
Yeah, having set up a couple of these, one of the things that I like too, is, is that they email me once a month and just tell me, Hey, you had one new activity or you had no changes.
Shane Thomas 18:07
Right.
James Derrick 18:08
And then I don’t even need to log in. I see it right there. So it’s, it’s very convenient.
Shane Thomas 18:13
Yep, exactly.
James Derrick 18:14
Let’s jump to cell phones. I mean, our whole lives are on cell phones, and they can be opened with our face or a passcode. And I know those things are secure because we hear these stories about the FBI trying to get in, and it’s just so hard, and Apple says we’re not helping you. So could you talk a little bit about how secure those are, and how can we make sure they’re secure?
Shane Thomas 18:38
The nice thing is, is when you set up a new phone, it asks you for a passcode, and you can put in the four digit. I would recommend doing a six digit or using a pass phrase, which would be some type of word that you type.
James Derrick 18:53
People don’t even realize you can do letters now.
Shane Thomas 18:56
Yeah, you can change it. You don’t have to use 1234, or 123456. You can put in a phrase and have it be that phrase, and then, of course, it also recommends that you set up your face, and your face simplifies the login process into your phone, because you may not want to enter that code every time, but we highly recommend using a harder pass code or a hard pass phrase, and especially using face recognition.
James Derrick 19:22
Should I feel comfortable 100% with the face recognition?
Shane Thomas 19:26
Yes, it’s stored solely on the device.
James Derrick 19:29
Okay and they can’t hold up a picture of me and get in?
Shane Thomas 19:33
No, it uses interesting technology that captures like the curves of your face, like the three dimension so a flat picture doesn’t work. Now, I guess if you were Tom Cruise and you threw on a cool mask that you just 3d printed in a briefcase on a train, maybe that would work.
James Derrick 19:53
I think you just spoiled the plot of the next Mission Impossible. This has been fantastic Shane.Thank you for joining me.
Shane Thomas 19:59
Yeah, thanks for having me.
Thank you for joining the Power Up Wealth podcast. Smedley Financial is located at 102 S 200 E Ste 100 in Salt Lake City, UT 84111. Call us today at 800-748-4788. You can also find us on the web at Smedleyfinancial.com, Facebook, Instagram, Twitter, and LinkedIn. The views expressed are Smedley Financials and should not be construed directly or indirectly as an offer to buy or sell any securities or services mentioned herein. Investing is subject to risks, including loss of principal invested. Past performance is not a guarantee of future results. No strategy can assure a profit nor protect against loss. Please note that individual situations can vary. Therefore, the information should only be relied upon when coordinated with individual professional advice. Securities offered through Osaic Wealth, Inc., member FINRA/SIPC. Investment advisory services offered through Smedley Financial Services, Inc.® Osaic Wealth is separately owned, and other entities and/or marketing names, products, or services referenced here are independent of Osaic Wealth.
