7 steps to secure your financial accounts online

These days, many people spend lots of time worrying about the security of their personal financial information stored online. "Will I become the next victim of identity theft?" is a question I often hear from people fearing for their online safety.

Unfortunately, we all have to accept that chances are good at least some of our personal info is already out there, thanks to the many companies that have failed to protect their systems from hackers.   

Fortunately, you can still do several things to increase the safety of financial information stored on your computer and mobile devices. Here are some of them:

Secure your mobile device: A thief who steals your iPhone may be able to easily access the information on it. For this reason, make sure you select the option to "turn off Siri" when the phone is locked." If not, a simple press of the home button on a locked phone and speaking commands to Siri can allow anyone to get access to a lot of the information on your otherwise locked phone.

Also, don't use the four- or six-digit numerical password. Instead, select the option to set a password using a full keyboard and follow the password advice below. Finally, select the option to "find my iPhone/iPad." That way if you lose it, the next time it's connected to the internet, you'll be able to locate it and erase it remotely. Follow similar steps for other mobile devices of other providers.

Use two-factor authentication: This requires you to enter a unique security code, randomly generated and sent as a text to your phone or other mobile device. You retrieve this code and use it to complete your login. While it's not completely foolproof, two-factor authentication makes cybertheft much harder. Also consider it for nonfinancial sites: Google (GOOG), Apple (AAPL), Microsoft (MSFT), Facebook (FB), Amazon (AMZN) and Twitter (TWTR) all offer two-step authentication options.

Use strong passwords: What makes a strong password? The most important factor is length -- at least 12 to 14 characters is best. Complexity also makes a password more difficult to hack. Use a combination of letters (upper- and lowercase), numbers and special characters and stay away from dictionary words or common combinations of words. Avoid common substitutions within words, like replacing the letter "o" with a zero. Using uncorrelated words with numbers and special characters is best. Also, change your passwords often, and use a different one for each financial website you use.  

Keep software and operating systems updated: Make sure you keep your operating system up to date. The main providers (Microsoft, Apple, Google, etc.) have teams of cybersecurity specialists dedicated to fixing vulnerabilities in their systems, and they're on the lookout for new ways cybercriminals can hack into their products to access users' data or install malicious software.

Back up often: Backing up your data immunizes you from ransomware attacks. In this increasingly common scheme, criminals lure you into clicking an email link that downloads malware and blocks your access to the computer. They hold your hard drive hostage, demanding a ransom payment to unblock it. If your system data is backed up elsewhere, it eliminates the most damaging leverage these creeps have.

Never log onto financial websites using an emailed link: Instead, go directly to your provider's website by using a bookmark you've saved. That way, you'll be sure you arrive at a legitimate website. Always look for the "https" prefix in the site's address. This indicates that the connection to the site is encrypted to protect your data.

Always use a secured Wi-Fi connection: Never use an unsecured public wireless hotspot to log onto your financial accounts. These open networks are easy to monitor and allow a hacker to view your online activity and keystrokes. Only use Wi-Fi networks secured with a custom ID and password, not a system default. If you must use your laptop or mobile device while traveling, purchase a subscription to a paid hotspot provider or use your phone as an encrypted hotspot. 

For your home Wi-Fi network, your internet provider typically supplies a router that's set with a default ID and password. Cybercriminals know the defaults for major network providers, so you should change these default settings. If you don't, your "secure" home Wi-Fi network isn't secure. 

Also, consider installing intrusion-detection or -prevention software, as well as an applications-based firewall, to further secure your network. 

  • Ray Martin

    View all articles by Ray Martin on CBS MoneyWatch»
    Ray Martin has been a practicing financial advisor since 1986, providing financial guidance and advice to individuals. He has appeared regularly as a contributor on the CBS Early Show, CBS NewsPath, as a columnist on CBS Moneywatch.com and on NBC-TV's morning newscast TODAY. He has also appeared on the Oprah Winfrey Show and is the author of two books.