Protect Your Finances from Cyber Attacks with these 5 Strategies

Over the past few weeks companies have been strengthening their cybersecurity measures, foreseeing more attacks in light of the ongoing war in Ukraine. The risk of cyber-attacks on private citizens is also ramping up and expected to peak over the next five years. Here is what you can do right now to protect your digital financial assets

Modern-day wars are fought as much through information systems as they are through weaponry and physical attacks. Cut a country off from the global financial system or supply chain, and their people will lack food, medicine, and other basic needs (note: pretty much what is happening in Russia).

The big difference between the ongoing wars and the last big wars of the 20th century is that nowadays, most wealth is stored digitally through cloud-based systems. In fact, almost 90% of US dollars have no physical existence — they are purely digital (source: Forbes).

If that doesn’t scare you, think again. Let’s assume the internet cut out for a day and you didn’t happen to have any cash reserves. Your credit cards wouldn’t work, neither would Venmo, Zelle, and any other way you are used to sending money. Checks could not be validated. Worst of all, you’d have no way to prove you actually own any money, because all banking systems would be down.

While we can rely on larger banks to have adequate backups of their databases, these backups can take a while to access. Smaller banks might not even have adequate systems in place to promptly respond to the incident. Meanwhile, everyone would try to take cash out of ATMs, starting a run on banks, who don’t physically hold enough reserves to meet the new cash demand.

Most likely, given that we live in one of the most advanced countries in the world, they would come back online, and this would all be resolved in a couple of days as nothing more than a big scare. However, if the outage were to last a little longer, or if any terrorist organization were to target specific banks wiping their databases, most Americans would be in a lot of trouble, faced with the burden of proving their wealth.

Regardless of what the next couple of years hold in store, here are five things you can do to mitigate the risk of a cybersecurity attack on you, or any financial/governmental institution guarding your wealth.

1. Print and save your quarterly financial statements. If you move around a lot it might be challenging to hold paper records detailing several years of wealth. One way around this is to save your statements to a reliable cloud-based storage service such as Dropbox or G-Suite, AND save another copy on a physical drive which is mostly disconnected from the internet. As added protection, physical devices with sensitive information should be kept in a fireproof safe. If you have a track record of your wealth and possess solid proof, you will be amongst the first people to be able to claim it back as banks come back online in the event of a cybersecurity incident
2. Hold a month’s worth of expenses in physical cash in a fireproof safe at all times. A couple years ago I was a victim of a cybersecurity attack where a bad actor stole almost $40,000 from an account I held with a local bank. I eventually got it back, but it took me hours of paperwork and phone calls, and almost two months of time. If I had depended on that money to live, I would have been forced to take out a loan. Now imagine having to take out a loan while banking systems are down, and you have no way to prove your credit worthiness or any other assets. In that scenario, there would likely be millions of others like you also looking to get a loan. Don’t put yourself in that position. Holding other valuables such as jewelry and watches to sell in case of need also won’t do the trick, as many others would be looking to do the same, deflating the value of your precious possessions
3. Hold your wealth in multiple separate banks. Bigger banks have a higher budgets for cybersecurity and for database backups, which are surprisingly expensive. However, they also tend to be the most overleveraged ones, which puts them at risk during a financial crisis. So diversifying your reserves between large and small banks, possibly headquartered in different regions (or countries, if you have that luxury), will give you the highest chance of preserving your wealth in case of a cybersecurity crisis- it’s not likely for all banks to be targeted at once
4. Keep your savings in FDIC insured accounts. Many are surprised to learn that not all banks are FDIC insured. Even for those who are, the insurance does not cover all account types. In the experience recounted in #2, if the bank hadn’t had the funds to reimburse me, the FDIC would have kicked-in. If they hadn’t been insured, I would have lost the funds. In the event of a financial institution being offline for a prolonged period of time, or their database being wiped, if you hold proof of ownership you can get your money back through the FDIC- reinforcing the importance of #1
5. Delete all your banking apps from your mobile devices. If you can’t, minimize how often you log into any financial app from mobile. Mobile is much easier to hack than desktop. It’s quite easy for hackers to create an app that installs spyware on your mobile device, gaining access to sensitive information such as your net worth, social security number, and passwords. These apps can be anything, such as a flashlight, a messaging app, or a fitness program. They are designed to be something the average person wouldn’t suspect. If someone knows your personal details, answers to your security questions, and exact dollar amounts in your bank accounts, it’s not hard to call the bank and empty your account. Once that happens, it’s very hard to get your wealth back- see my story in point #2

I wrote this article because when I moved to the US from Switzerland back in 2016, I was shocked at how easy it was to access my financial accounts digitally. It’s getting a bit better, but back then most banks didn’t even have two-factor authentication. All that was required was a username and a password. Meanwhile, back in Switzerland, all banks required a physical token registered to the account owner, in which you need to insert a physical card with a chip associated with your account, before even being able to enter your password.

During the pandemic, Americans have lost trillions of dollars to cybersecurity attacks. American financial institutions have a lot of catching-up to do to bring their cybersecurity standards up to speed with the times. In the meantime, I hope you’ll find this article helpful to gain some peace of mind.

Thank you for reading. If you’d like to continue the conversation, you can find me on Twitter or LinkedIn.