Cybersecurity has changed dramatically since we first wrote about this subject in 2017. The basic problem, however, remains the same: criminals do not need to “hack” every part of your life if they can gain control of one important account. Access to an email account, a mobile phone number, a financial login, or a poorly protected password-reset process can create a domino effect that exposes bank accounts, credit cards, investment accounts, tax records, and personal information.
Today’s criminals are also more sophisticated. Many scams no longer look like obvious spam. Criminals can imitate banks, delivery companies, government agencies, technology companies, charities, online stores, and even family members. Artificial intelligence can make fraudulent emails, text messages, websites, and voice impersonations look and sound more convincing than they did only a few years ago. That makes prevention more important than ever.
The goal is not to make your life “hack proof.” No one can promise that. The realistic goal is to make your accounts much harder to compromise, reduce the chance that stolen information can be used against you, and have a recovery plan if something goes wrong.
Protect Your Email Account First
Your email account is often the master key to your digital life. If a criminal gains access to your email, they may be able to reset passwords for financial accounts, shopping accounts, cloud storage, social media, and other services.
Use a strong, unique password for your primary email account. Better yet, use a password manager to create and store it. Turn on multifactor authentication. If your email provider supports passkeys or security keys, consider using them. These are stronger protections than passwords alone and are harder for criminals to steal through phishing.
Review your email account recovery options. Remove old email addresses and phone numbers you no longer control. Make sure your recovery information is current, private, and protected.
Use a Password Manager
One of the most important cybersecurity habits is to use a different password for every important account. Reusing passwords is dangerous because one data breach can give criminals the password they need to try logging in elsewhere.
A password manager solves this problem by creating and storing long, random, unique passwords. You only need to remember the master password for the password manager itself. Choose a strong master password and protect the password manager with multifactor authentication.
Avoid storing passwords in documents, spreadsheets, notebooks, browser notes, or unencrypted files. Also avoid small variations of the same password across accounts. Criminals know to try those patterns.
Use Multifactor Authentication, Preferably Stronger Forms
Multifactor authentication, sometimes called two-step verification, requires something more than a password before someone can log in. This can dramatically reduce the risk of an account takeover.
When available, consider the following order of preference: passkeys or hardware security keys, authenticator apps, and then text-message codes. Text-message codes are better than no multifactor authentication, but they are weaker than app-based or phishing-resistant methods because phone numbers can sometimes be hijacked or manipulated through social engineering.
At a minimum, turn on multifactor authentication for email, banking, investment accounts, credit cards, tax accounts, password managers, cloud storage, and mobile phone provider accounts.
Freeze Your Credit Files
A credit freeze is one of the most effective steps you can take to reduce the chance that someone opens new credit in your name. A freeze restricts access to your credit file, which makes it harder for an identity thief to open a new account.
Freeze your credit with the three major credit bureaus: Equifax, Experian, and TransUnion. Consider freezing files with other specialty reporting agencies as well, especially if you have been a victim of identity theft or are at elevated risk.
A credit freeze does not stop all fraud. It does not prevent misuse of existing accounts, tax identity theft, medical identity theft, or scams where you are tricked into sending money. But it is still one of the most useful protective steps available.
Add Alerts to Financial Accounts
Set up alerts on bank accounts, credit cards, brokerage accounts, retirement accounts, and payment apps. Useful alerts include large transactions, external transfers, password changes, new payees, debit card use, credit card charges, failed login attempts, and profile changes.
The sooner you notice suspicious activity, the faster you can respond. Quick reporting can also be important for limiting losses and preserving your rights under account agreements and consumer protection rules.
Protect Your Tax Identity with an IRS IP PIN
Tax-related identity theft occurs when someone uses your Social Security number or taxpayer identification number to file a fraudulent tax return. One way to reduce that risk is to obtain an IRS Identity Protection PIN.
An IP PIN is a six-digit number known only to you and the IRS. It helps verify your identity when your federal tax return is filed. If you use an IP PIN, a criminal who has your Social Security number should not be able to successfully file a federal return in your name without that PIN.
Be Skeptical of Urgent Messages
Many scams rely on urgency. A message may claim that your account will be closed, your package cannot be delivered, your bank account is locked, your computer is infected, a loved one is in trouble, or you must act immediately to avoid a penalty.
Do not click links or open attachments in unexpected emails or text messages. Instead, go directly to the official website or app, or call a verified phone number from a statement, card, or official website. Do not use the contact information provided in the suspicious message.
This is especially important for messages that appear to come from banks, investment firms, the IRS, Social Security, Medicare, delivery companies, technology companies, charities, or online retailers.
Create a Family Verification Plan
Because voice cloning and impersonation scams are becoming more convincing, families should consider a simple verification plan. This can be especially helpful for older adults, caregivers, adult children, and anyone who may be targeted by emergency scams.
Agree on a private family phrase or verification question. If someone calls claiming to be a family member in distress, hang up and call that person back using a known number. If you cannot reach them, call another trusted family member before sending money, buying gift cards, transferring cryptocurrency, or sharing financial information.
No legitimate emergency requires secrecy from every trusted person in your life.
Secure Your Mobile Phone Account
Your phone number may be used to receive password-reset codes and account alerts. Criminals may try to take over a phone number through SIM swapping or by tricking a mobile carrier.
Ask your mobile provider about adding a port-out PIN, account lock, or extra security password. Use strong authentication for your mobile provider account. Do not rely on your phone number as your only recovery method for critical accounts if stronger options are available.
Keep Devices and Software Updated
Software updates often fix security weaknesses. Turn on automatic updates for computers, phones, tablets, browsers, apps, and routers when practical. Replace devices that no longer receive security updates, especially if you use them for email, banking, investing, taxes, or medical accounts.
Use reputable security software where appropriate, but do not assume antivirus software can protect you from every threat. Many modern scams succeed by persuading the victim to give away information, approve a login, install remote-access software, or send money voluntarily.
Secure Your Home WiFi Network
Change the default administrator password on your router. Use strong WiFi encryption, such as WPA2 or WPA3. Use a strong WiFi password. Disable WPS if it is enabled. Keep the router’s firmware updated. Consider creating a separate guest network for visitors and smart-home devices.
If your router is old and no longer receives updates, replacing it may be a worthwhile security upgrade.
Be Careful with Public WiFi
Public WiFi can be convenient, but it should not be trusted for sensitive activity unless you are using secure websites and good device security. Avoid logging in to financial accounts on public computers or shared devices. Consider using your phone’s cellular connection or hotspot for sensitive tasks.
A VPN can add privacy on untrusted networks, but it is not a complete security solution. It will not protect you from phishing, fake websites, malware, or scams.
Back Up Important Data
Ransomware and device failures can make important files inaccessible. Keep backups of important documents, photos, tax records, estate planning documents, and financial records.
A good backup plan includes more than one location. For example, you might use a secure cloud backup and an external drive. At least one backup should be protected from routine access so that ransomware or accidental deletion does not destroy every copy.
Reduce What Criminals Can Learn About You
Criminals often use public information to answer security questions, impersonate you, or make scams more believable. Review privacy settings on social media. Be careful about posting birthdays, travel plans, family relationships, school history, pet names, addresses, and other details that could be used to guess account recovery answers or personalize a scam.
Avoid using truthful answers to old-style security questions when a site allows you to choose your own answers. A password manager can store unique, random answers just as it stores passwords.
Protect Children and Vulnerable Family Members
Children can be targets of identity theft because their credit histories may not be checked for years. Parents and guardians should consider checking whether a child has a credit file and freezing it if appropriate.
Families should also discuss protections for older adults or anyone who may need help managing finances. Trusted contacts, account alerts, powers of attorney, and regular family check-ins can help reduce the risk of financial exploitation.
Know What to Do If Your Identity Is Stolen
If you believe your identity has been stolen, act quickly. Change passwords from a trusted device. Start with your email, financial accounts, mobile phone account, and password manager. Turn on multifactor authentication if it is not already enabled. Contact your bank, credit card company, investment firm, or other affected institution. Freeze your credit files. Review recent transactions and account profile changes.
You can report identity theft and obtain a recovery plan at IdentityTheft.gov. You can report cybercrime and online fraud to the FBI’s Internet Crime Complaint Center at IC3.gov.
Keep records of calls, letters, case numbers, and dates. If money was moved, report it immediately. In some cases, speed can make a difference in whether funds can be recovered.
A Practical Cybersecurity Checklist
Use this checklist as a practical starting point for protecting your identity, financial accounts, and personal information.
PDF version of this checklist
- Use a password manager.
- Use unique passwords for every important account.
- Turn on multifactor authentication for email, financial accounts, tax accounts, mobile phone accounts, cloud storage, and the password manager.
- Use passkeys, hardware security keys, or authenticator apps where available.
- Freeze your credit with Equifax, Experian, and TransUnion.
- Set account alerts on banks, credit cards, investment accounts, and payment apps.
- Consider getting an IRS Identity Protection PIN.
- Keep computers, phones, browsers, apps, and routers updated.
- Secure your home WiFi network.
- Be skeptical of urgent emails, texts, calls, and pop-ups.
- Do not click links in unexpected messages. Go directly to the official website or app.
- Create a family verification phrase for emergency calls and AI impersonation scams.
- Back up important data.
- Review privacy settings on social media.
- Know where to report identity theft and online fraud.
Final Thought
Cybersecurity does not require perfection. It requires layers. A strong email account, a password manager, multifactor authentication, credit freezes, account alerts, software updates, family verification habits, and a recovery plan can make you much harder to victimize.
NOTE: Stout Wealth Advisory Group is not a cybersecurity firm. We provide this information to encourage clients and readers to take cybersecurity and identity-theft prevention seriously. For technical cybersecurity questions, consult a qualified cybersecurity professional. For suspected identity theft or fraud, contact the appropriate financial institution, government agency, or law enforcement resource promptly.
