The risks to our personal finances—and our very identity—posed by cybersecurity threats were scary enough before the machines started to think for themselves. Now with the emergence of AI into our daily lives, it seems there is no better time to take another look at this issue and ask the question, “How can we best shield ourselves against cyber threats?” And who better to ask than a leading expert on the topic?
In this case, it wasn’t hard to find one. For years, my work in the arena of personal finance has oft been confused with the writing of one of our foremost experts in cybersecurity—because we share the same name. Dr. Tim Maurer is a Harvard grad, former White House national security official, and current Senior Fellow at the Carnegie Endowment for International Peace, and after being confused many times online, we finally decided to team up for an article to help you shield you—and your money—from the myriad threats posed by hackers.
The other Maurer is regularly considering the impact of cybersecurity on large corporations, municipalities, and countries. But, I wanted to know: When you think about cybersecurity and its impact on individuals and households, what are the first few recommendations you’d make for us regular folk?
Shield Yourself From Cybersecurity Attacks
“The good news,” he told me, “is that there are actually a number of concrete actions you and I can take.” Whew! Some are classics that still apply today, and others are helping to keep up with an ever-evolving landscape.
Multi-factor authentication is when you log into your online bank or other important accounts where, in addition to your password, they require another form of confirmation—like sending a code or text message to your mobile phone, for example. Most accounts these days give you the option to add multi-factor authentication, but many of us just hit the “Skip” button and move on with our days. But clicking “Yes,” Maurer recommends, could be the very step that helps secure our accounts.
Yes, this one may be old news, but I know there are still people out there rolling with “1 2 3 4” for their PIN code and “password” for their password. A strong password will have at least 12 characters and include a mix of upper and lowercase letters, numbers, and symbols.
And maybe you’ve evolved to use a better password, but you use the same one for just about everything. It may be time to use a password app or third-party service, where you only have to remember your primary password, and it generates unique, cryptic passwords for each of your logins.
Dr. Maurer acknowledges, “If you are a large company or a government, things, like ‘concentration risk,’ a single third-party or app that will hold many passwords centrally, is something you worry about—but for everyday Americans, it provides a useful, additional layer of security.”
Here he made another excellent point, that there are tradeoffs to be considered in all of these cybersecurity decisions, so while there may be a slight risk to an individual for centralizing all of your passwords with a single entity, there is a greater risk to attempting to maintain scores of disparate passwords.
Yes, that means the networks at your hotel or on the plane.
One of the scariest things I learned from Maurer is that, “We simply can’t rely on the security of our Social Security numbers.” Over the course of our lifetimes, too many people and companies have gained access to this most sensitive of our sensitive identifiers. And if they have access to our Social Security number, they have access to our credit, one of the most important things to protect.
So, how can we stop hackers from gaining access to our credit—even if they have our Social Security number? Freeze it. By freezing your credit, you make it impossible for anyone to access your credit.
How? Go to each of the three major credit bureaus—Equifax
Please know that if you freeze your credit, virtually no one can access it. Therefore, if you plan to use your credit for any reason, you’ll need to “unfreeze” and “refreeze,” or better yet, just “thaw” your credit for a stated timeframe. For example, if you’re buying a new car and plan to use your credit, ask the lender which credit bureau they use and then thaw your credit with that bureau for the necessary time.
Parents, you may also seriously consider freezing your children’s credit—because if they have a Social Security number, they have a credit file, and it may just be your kids’ unmonitored credit that makes for low-hanging fruit for hackers and thieves.
I know it might not suit the Dave Ramsey schtick, but unless you actually have an addiction to credit card spending, their utilization is one of the best ways to hold onto your cash—because you’re using someone else’s.
This was a recommendation I first heard from Frank Abagnale, Jr., the former fraudster turned FBI informant made popular by Leonardo DiCaprio and Tom Hanks in the great movie, Catch Me If You Can, and this recommendation is purely about logistics.
While most debit cards still have a degree of protection that will help you reclaim your money if stolen, if someone steals your debit card and runs up a bunch of purchases, it is your money that is lost and in need of finding. If you’re using a credit card, however, it’s the credit card company’s money that they’ll be hunting down. Of course, if you leave a balance on the card monthly, the benefits to be gained from this are muted if not eliminated—because then the credit card company is “stealing” your money with exorbitant interest rates.
You know those security questions about Mom’s maiden name, Dad’s middle name, your least favorite vegetable, and your favorite pet? Well, you may be required to give these answers, but “there is usually no requirement for you to answer the specific question that was asked,” Dr. Maurer told me.
Ahh, so you could just respond to the question, “What is your least favorite vegetable?” with the answer for “What was the name of your favorite pet?” Yup! Because if you’re answering all of the same questions the same way, it’ll only make it easier for hackers to access multiple accounts of yours if they crack the code for one.
So, should we just eschew online banking altogether? Maurer suggests no. Online banking provides significant benefits and makes it easier for people to access financial services, for example, for people that are less mobile or in rural areas. Most of the big financial companies have some of the best security systems and protocols, so we’re better off getting to know and understand these protocols than we are keeping our heads in the proverbial sand.
And even then, it’s still entirely possible that your information will be stolen. There’s only so much we can do to proactively forestall this eventuality. So, one of the best ways to ensure any damage is limited is one of the most old-fashioned: track your transactions.
I do this weekly as part of my budgeting process using a top-notch third-party software while Dr. Maurer does it monthly using, of all things, a paper statement that he can scan and check off.
This, Maurer suggests, is actually a good-news-bad-news story. The bad news is that the advent of AI has made it even easier for foreign criminals to seamlessly translate their cryptic false messages into fluid English and other languages to target their victims. But, it’s not all bad news. AI’s ability to rewrite more secure website code may actually help enhance the security of more sites and applications overall.
“It really is about putting a few things in place so that you’re better protected than you currently are, and that will make a huge difference and will make it so much harder for any cyber criminal to really get at you or your money.” Take it from Tim Maurer. Dr. Tim Maurer, a leading cybersecurity expert, that is.
Tim Maurer served as the cybersecurity advisor (official title: “Senior Counselor for Cybersecurity and Emerging Technology”) to the U.S. Secretary of Homeland Security, Alejandro N. Mayorkas, from February 2021 till April 2022, and subsequently at the White House National Security Council until May 2023. He has left the U.S. government and is a Senior Fellow in the Technology and International Affairs Program at the Carnegie Endowment for International Peace. The views expressed in this article do not represent the views of the Biden-Harris Administration, the National Security Council, or the Department of Homeland Security.