The inclusion of tools, software and brand names below does not constitute an endorsement by Granite Investment Advisors. This is NOT a comprehensive security plan or solution, and they are included for informational purposes only. If you are concerned that you might have a cybersecurity issue, you should consult with a Cybersecurity consultant immediately. Granite Investment Advisors cannot be held responsible.

In my last post, I gave you an overview of some different types of cybersecurity breaches you might be faced with—hacking, viral, email, identity theft, ransomware and more—along with some ways that such a breach might impact you. In this post, I’d like to share some pragmatic ways that you can protect yourself and minimize the possibility that this could happen to you. Next month, I will cover things you can do should your online information or data be compromised.

There are a number of ways to protect yourself from a majority of cybersecurity threats. While most of these are common sense, they don’t work unless you actually employ them. And, while this is not a comprehensive list, you need to start somewhere when protecting your data—and yourself.

Protect Your Devices

A key component in protecting yourself from malicious online activity is using cyber security software to protect your devices. Software comes in a variety of shapes and size, but there are some key tactics that can help you minimize issues and threats, including:

  1. Use antivirus software. While Macs and PCs inherently try to protect you from “bad actors” online, their coverage is nowhere near comprehensive, so it’s important to make sure that you leverage a tool like Norton Antivirus or Malwarebytes.
  2. Keep your cyber security software up-to-date. Tools like Norton and Malwarebytes are great, but only if they’re updated with the latest files needed to fight new viruses and malware. The same goes for key software on your computer, including web browsers and your OS (Mac or Windows).
  3. Know what devices you have connected to your internet—and protect them (if possible) as well. Your computer isn’t the only thing that is connected to the internet. Your smartphone, smart watch, gaming systems, Amazon Alexa, and even your appliances may be (and probably are) connected to the internet. Each of these devices should also be protected from malware and viruses. While each device has a different way to protect it, you should at least change the default password keep your software up to date on these devices as well.
  4. Automate what you can, including software updates (antivirus, OS, and other major software) and device/media backups. In addition, as an investor, you may want to keep some additional records of transactions.

Protect Your Identity

We all hear a lot about identity theft online. While there are a number of services that will monitor possibly fraudulent activity like LifeLock, there are a number of actions you can take to reduce the possibility of experiencing an online problem.

  1. Be smart about your passwords—especially those that protect your banking and investment-based websites. According to Splashdata, an internet security firm, In 2016, the most common passwords included “123456” and “password”. Use the most secure and specific-to-you passwords you can—and change them frequently (ideally once a month). Make sure that your password is greater than 10 or 12 characters, and is unique to every site and account that you have. In some cases, you can even make it a sentence, so that it’s harder to figure out, yet easier for you to remember. In addition, if you EVER share your password with someone else, change it as soon as you can after they’ve used it.
  2. Use Multi-Factor Authentication whenever you can. Gaining in popularity with the increase in smartphone usage, Multi-factor authentication (according to Wikipedia) “is a method of computer access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are).” Essentially this means that you should have more than one way of making sure that you are YOU. This might include biometrics (thumbprint), a unique code sent via SMS to your mobile device, or security keys. Passwords can be hacked, so having a separate (and if possible physical), second authentication can save you the headache.

Proceed with Caution

Protecting your devices and yourself can go a long way in protecting you from cyber threats like identity theft and ransomware. But strong passwords and antivirus software can only do so much. Your individual activity can absolutely impact your exposure to online threats.

  1. When you’re doing anything online that has to do with banking, investing, or shopping, make sure that the site you’re visiting is secure.
  2. Wi-Fi spots are convenient, but could leave you open to threatening activity. Limit your activity on “free” networks, and make sure that your devices are secure.
  3. Trust yourself. If something like an email, advertisement, popup, link, app or file to download or social message seems suspicious, avoid it and—if possible—delete it without opening. Viruses, malware, and ransomware can masquerade as benign content. And—avoid at all costs forwarding along material like this to others.
  4. Do not email critical information. Typically, email is still relatively insecure, so avoid emailing account numbers, passwords, credit card info and social security numbers. If you need to share this information, pick up the phone and call.
  5. Be aware of your activity. Every click, form submission and action online can be collected and used to tailor advertising offers and content to you—or can be used against you. Understand what information you’re sharing, how it’s being collected, and how it’s being used by the parties involved.
  6. If you’re investing with an online provider, make sure that they have a cyber attack response plan in place should you—or they—experience a breach. While an actual attack on your investment advisor would be extremely rare or unlikely, it’s important to know that they have a plan and procedures in place to deal with the event, should it happen.

In closing, as an investor with access to online accounts, it’s important that you take at least the most basic steps to protect yourself and your data online. Do you know someone who’s experienced some sort of ransomware or computer virus? If you’re not protecting yourself and your investment accounts right now, it’s not too late to start!


Past performance is no guarantee of future results. Returns are presented net of management fees. There can be no assurance that any of the securities referred to herein were produced for or remain in portfolios managed by Granite Investment Advisors. A complete list of all Granite Investment Advisors’ recommendations within the preceding year is available upon request. It should not be assumed that recommendations made in the future will be profitable or will equal the performance of the securities described herein.