"Approximately USD 1.7m are lost forever", shared a wealthy entrepreneur with one of our partners. A few weeks earlier his Gmail account was hacked. The intruders had found old wire transfer instructions with the original signature of the account holder in the email archive, modified and resent them to the banks and thereby managed to send multiple large amounts to their offshore accounts. By the time the fraud was discovered the majority of the money was gone beyond recall.
This was unfortunately not the first and last case disclosed to us. Victims are embarrassed and their story is typically not shared with a wider audience. Whilst homes are protected with high-tech equipment, I would say many wealthy individuals pay too little attention to the risks of being hacked.
Hacking a password has become as simple as baking a cake. “Hacking for Dummies” techniques can easily be found in the internet. Mass theft from poorly secured websites, phishing attacks (e.g. emails luring you to a fake Gmail login), Wi-Fi traffic monitoring (internet traffic in public Wi-Fi hotspots can easily be monitored by anyone) and brute force attacks are common.
A few simple tips and tricks can protect your family and wealth:
- Use a unique password for every important account: Statistics provided by “Security Coverage” reveal that the majority of people use the same password across multiple platforms, from email, social media (Facebook, Twitter), to payment and shopping accounts such as Paypal and Amazon. With only one password in the wrong hands, a hacker can seriously harm your fortune and reputation. Using a unique password for your main email address, for every payment system/e-banking, etc. will act as a firewall.
- Use strong passwords: Avoid names, places, and dictionary words but also common substitutions such as using „$“ for the letter „s“ or number „0“ for the letter „o“ as a simple brute force attack will get an intruder right past them in little time. Visit Howsecureismypassword.net and compute how quickly a simple desktop PC can crack your commonly used passwords. Cryptographer Bruce Schneider published my favorite method to construct a secure password, in which you turn a familiar sentence into a password. Take a memory “When I was six, my sister threw my stuffed teddy in the toilet” and translate it into “Wiw6,mstmstitt” or the lyrics of a song “Twinkle twinkle little star, how I wonder what you are” turn into “Ttl*,hIwwya”. Another popular approach is derived from Carnegie Mellon University’s Person-Acton-Object memorisation method.
Think of an interesting place (Grand Canyon), of a famous person (Elvis Presley), along with a random action (driving) and an object (green banana), and combine those in an image “Elvis Presley drives a green banana across Grand Canyon”. Resulting password: “EPdagbaGC”.
- Change passwords frequently: “Oh, not again!” used to be my first response to software prompting me to change my password. “Now that I got used to my password I have to figure out a new one!”. Realizing what damage the breach of IT security can cause, however, makes changing passwords an important habit on at least an annual basis.
- Keep passwords safe: Gone are the days where we got away with memorizing half a dozen “easy to remember but hard to guess” passwords. Having a different password for every important account will make it hard to handle all your authentications; therefore, the use of a password manager is recommended. Applications such as 1Password, LastPass or Apple’s Keychain are popular aids and are generally deemed secure. One weak spot is the master password, which unlocks all the others. This is when rules 1 – 3 should be followed. Make sure that the master password is memorable because once it is forgotten, you’re locked out of your digital world. Another risk is the ability to sync passwords across devices as some platforms are easier to hack than others.
- Raise the hurdle: Activate two-step verification Many online services, including free email, support two-step verification, an additional hurdle that requires for authentication not just username and password, but also a unique one-time code, that is sent to the user’s cell phone. This feature typically needs to be activated manually but for increased security, it is worthwhile to check the settings.
- Understand the dark side of free email services: Search engines and internet portals offer email with integrated contact management, calendar and other essentials – they are convenient and free. In reality however, those services come at a cost as users pay a price by sharing information with the tool provider, such as online shopping history, interests (newsletter subscriptions), contacts, travel itineraries, and sometimes even bank statements and wire instructions. The email providers analyze and try to monetize that information through targeted marketing or by selling useful information to third party marketers. The main risk however lies in the growing wealth of information accumulated. What is attractive to the service provider is even more attractive to an ill meaning hacker with sudden access to the wealth of 10+ years of sensitive information of an individual. As illustrated in the first paragraph, it can be very expensive. Separate email addresses for different purposes, self-hosted solutions, or hosting with a trusted (and paid) third party can mitigate such risks.
Having read this far, you might as well take ten extra minutes now and start to implement a more secure environment that helps protect and sustain your family wealth.
At Parkview we use multiple state-of-the-art tools for secure end-to-end communication and information storage. Please do not hesitate and contact us for further assistance.