Subscribe to Brooks’ blog

Cybersecurity Simplified: Best Practices to Reduce Risk

BY BROOKS / September 20, 2023

After delivering the keynote at AgWest Farm Credit’s “2023 Forest Products Summit” in Portland, I parked myself in a seat on the side to listen and take notes during presentations on geopolitics, macroeconomics, and cybersecurity. This final talk, by Rachel Wilson, current Head of Cybersecurity for Morgan Stanley Wealth Management and formerly an executive at the National Security Agency (NSA), changed the way I think about everything electronic with my team at Forisk and at home with my family.[1]

What is Cybersecurity?

Cybersecurity refers to protecting computers, data, and networks from digital attacks that destroy intellectual property or hijack systems via ransomware. Cyber criminals use simple, easily deployed tools to acquire access and personal information. Therefore, cybersecurity starts with educating ourselves on ways to minimize the risk and implications of attacks.

The basic “tools of the trade” for bad online actors include phishing and social engineering. With phishing, fraudsters send phony but reputable seeming emails or text messages to get you to reveal personal identifiable info. Hackers throw hooks in the water and hope you bite by clicking a link or attachment that downloads malware and disables your computer or network. 

Social engineering involves techniques to manipulate you to “bite the hook”, such as creating a false sense of urgency, appealing to your good will, or leveraging your personal network. For example, hackers sometimes check social media, pluck names of friends from your network, open an email account in that person’s name, and send you a phishing email from that account. (If unsure about an email, call your friend to confirm they sent it.)

Best Practices at Work (and Home) to Reduce Risk

To protect both your personal information and your firm, consider the following:

  • Keep all operating systems patched, updated, and current. This includes your phone, laptops, iPads, and anything connected to the web. Rachel Wilson emphasized that this is by far the most important and effective thing you can do.” 
  • Back-up everything with a “1-2-3 Strategy”. This means three back-ups in two locations with one disconnected from the internet (such as a regularly updated external hard drive). 
  • Practice uploading and restoring from a backup. Train to fight. If we don’t know how to restore a backup when needed, we’re not ready.
  • Use strong passwords (and a password manager). Use long, complex passwords with capital and lower-case letters, numbers, and symbols. Then use a secure password manager to organize and store them. Do not keep a “Note” on your phone or computer or desk labeled “Passwords” or a simple document on your computer that lists all your passwords.
  • Use secure wireless connections. Any public Wi-Fi connection, like drinking water downstream, is free but risky.
  • Enable two-factor authentication. This also significantly increases the security on your accounts. Two-factor authentication typically requires “(1) something you know and (2) something you have.” For example, logging in requires a password (something you know), followed by you receiving a confirming text message on your phone (something you have).   
  • Check your security settings on social media. Facebook and others often change security settings, and you may not be aware of how they’ve changed. A big risk to personal information is that you have little control over what your friends share, so if you don’t want your stuff going all over the place, prevent sharing via your personal security settings.
  • At home, consider having a single, standalone device for high impact activities and business. Typically, that would be a desktop or laptop computer, and the entire family would understand that “on this machine: no social media, shopping, gaming; only banking, investing, and business.”

Interestingly, your most secure device is apparently your mobile phone, so keep that in mind if banking by phone versus computer. That said, avoid letting people know when you’re not home by posting pictures from your phone while you’re on vacation. Share those exotic pictures after you return home.


[1] This post summarizes advice from Wilson’s presentation and from materials and videos provided by AgWest (https://agwestfc.com/education-and-resources/fraud-and-security).