Retirement

Cybersecurity Risk Management: Protecting Yourself from Cyberattacks

By Chris Duderstadt

April 7, 2025

Cybersecurity Risk Management: Protecting Yourself from Cyberattacks

Key Points – Cybersecurity Risk Management: Protecting Yourself from Cyberattacks

  • Cybercrime Is on the Rise
  • Why Should Cybersecurity Be Something You’re Concerned with?
  • How to Protect Yourself from Cybersecurity Attacks
  • 6-Minute Read

Why Should Cybersecurity Be Something You’re Concerned with?

Have you or someone you know ever been a victim of a cybersecurity attack? If you said yes, know that you’re not alone. Microsoft’s Digital Defense Report found that Microsoft customers alone experienced more 600 million cybersecurity attacks per day between July 2023 and July 2024.1 From phishing, social engineering, and hacking to malware, identity theft, and ransomware, cybersecurity attacks take many shapes and forms.

Cybercriminals continue to find new ways to execute their attacks. As a financial institution, we are obligated to protect our clients’ personal information, financial or otherwise, but we want our clients and prospective clients to be educated about how to protect themselves too. America’s Cyber Defense Agency has outlined four small steps that everyone can take to make sure you stay protected from unsavory online activity.2 Let’s review those along with some other cybersecurity tips to help you stay safe from these online threats.

  1. Use Strong Passwords
  2. Turn on Multi-Factor Authentication (MFA)
  3. Recognize and Report Phishing
  4. Update Software

1. Use Strong Passwords

Strong, unique passwords are important because they are your first line of defense against unauthorized access to your personal accounts and information. Simple or recycled passwords are easy targets for hackers, allowing them to take advantage of that vulnerability. By using complex, unique passwords for each account, you can significantly reduce the risk of data breaches, identity theft, and other malicious activities. Make sure to check your password strength.3

A long, random password might be hard to remember, but don’t let that be an excuse for using a simple password that a hacker may be able to guess. It’s not worth the risk! Consider using a password manager rather than writing down your passwords or saving them in a file or note on your phone or computer.

Did you know that according to a 2021 Goodfirms.com survey on password strength and vulnerabilities, 30% of users said they experienced a data breach due to a weak password?4 Stronger passwords may help reduce the impact of account compromise, limiting access to only one system instead of multiple. Make sure that your privacy and confidentiality of personal, financial, and business data remain safe by using unique passwords.

2. Turn on Multi-Factor Authentication (MFA)

Data breaches can be extremely costly. According to Statista, global cybercrime annual costs are projected to reach $13.82 trillion by 2028.5 To help reduce the chances of being a part of that costly trend, don’t just keep your fingers crossed that cybercriminals won’t figure out your passwords. This is where multi-factor authentication (MFA) comes in.

MFA enhances cybersecurity by requiring users to provide two or more verification factors—something they know (password), something they have (a mobile device or token), or something they are (biometric data)—before granting access to an account. This added layer of security makes it significantly harder for attackers to gain unauthorized access, even if they have stolen the password. MFA ensures that a breach in one factor (like a compromised password) is less likely to lead to a full account compromise.

Microsoft has found that more than 99.9% of compromised Microsoft accounts don’t have MFA.6 That leaves their customers vulnerable to password spray, phishing, and password reuse. Hence why MFA is an important element in your cybersecurity toolbelt.

In addition to adding an extra layer of security beyond passwords, here are five more reasons to utilize MFA:

  • MFA protects against stolen credentials, even if passwords are compromised.
  • Using MFA can help mitigate phishing attacks by requiring additional verification beyond login details.
  • MFA is designed to enhance user authentication, especially for high-value accounts or sensitive data.
  • Utilizing MFA may help reduce the impact of data breaches by preventing unauthorized access with just one factor.
  • MFA ensures compliance with industry standards and regulations requiring stronger access controls.

3. Recognize Phishing and Report It

Phishing is one of the most common cybersecurity attacks. According to a Cybersecurity & Infrastructure Security Agency (CISA) analysis on phishing, bad actors online can often circumvent network protections lead to poor outcomes.7 The CISA outlined the following three steps that cybercriminals take when orchestrating a phishing attempt.

  • Select the bait
  • Set the hook
  • Reel in the catch of the day

Here’s a phishing example to help you understand what a phishing attempt may look like. Let’s say that an individual is charitably inclined and is passionate about raising money for cancer research. In this case, the cybercriminal might pose as someone who works for the American Cancer Society’s fundraising department and reach out to request a donation. They’ll send the individual an email with a subject line that reads, “Suport the American Cancer Society Today!” The email includes an attachment that appears to be a donation form and a link that supposedly directs the individual to an online giving form.

There are a few red flags here. First, “Support” is misspelled in the subject line. Always check for misspellings in subject lines, email signature, the sender’s email, and email copy if you’re being asked to provide any personal details or banking information.

Pay Attention! Think Before You Click

However, we’re all busy at times and sometimes might overlook a misspelled word. If you’re being asked to provide personal details or banking information via email, think before you click.8 That’s a crucial principle in cybersecurity, reminding users to stay vigilant and avoid falling for online threats like phishing, malware, and scams.

Cybercriminals are becoming more and more deceptive with their tactics to trick people into clicking on malicious links or downloading harmful attachments. By carefully evaluating emails, links, and messages before interacting with them, users can prevent a wide range of security breaches, data theft, and system infections.

Keep in mind that cybercriminals might not stop with trying to obtain your sensitive information. They might be after your employer’s or organization’s finances as well, so be aware of suspicious attempts that could compromise that information as well. Before we move on to the fourth and final step of cybersecurity risk management, check out these phishing statistics from recent CISA assessments.9

  • Seventy percent of all attached files or links containing malware were not blocked by network border protection services.
  • Fifteen percent of all malicious attachments or links were not blocked by endpoint protections, which are set up to reduce the amount of unwanted or malicious activity.
  • Eighty-four percent of respondents took the bait within the first 10 minutes of receiving a malicious email by either replying with sensitive information or interacting with a spoofed link or attachment.
  • Thirteen percent of targeted respondents reported phishing attempts.

4. Update Software

Keeping devices updated is a critical practice in cybersecurity, as software and security updates often contain important patches that fix vulnerabilities and protect against new threats. If you have questions about software or security updates on your operating system, review these FAQs for Windows and Mac users.10, 11

Hackers frequently exploit unpatched security flaws to gain unauthorized access to systems, so regularly updating devices ensures that they are equipped with the latest defenses. This simple yet essential action minimizes the risk of cyberattacks and helps maintain the integrity of personal and organizational data. Along with keeping sensitive information about you and your employer secure, updating your devices offers several other potential benefits, such as:

  • Improving device performance and stability by addressing bugs.
  • Compatibility with new technologies and services.
  • Maintaining compliance with industry regulations and security standards.

Secure Web Browsing

Another key component of cybersecurity risk management is secure web browsing. The internet collects copious amounts of personal information, so it serves as a hotbed for hackers. Cybercriminals also tend to spread malware to steal data, disrupt access, or inflict damage to a computer’s software, server, or network. So, how can you use the web without constantly worrying that you might get hacked? Here are a few tips to consider from America’s Cyber Defense Agency.12

  • Update your browser and close out of it regularly.
  • If your browser is connected with an account, utilize MFA.
  • Turn off personalized advertisements and block third-party cookies within your browser’s settings.
  • Don’t install a browser extension without carefully reviewing it.

Avoid Using Public Networks or Devices

If you frequently travel, whether it’s for work or pleasure, and you need internet access, do you use public Wi-Fi or devices? It’s typically available in coffee shops, airports, libraries, and many other public places. While it may seem convenient at the time, using public networks or devices might make you more susceptible to cybersecurity attacks.13

Consider using a virtual private network (VPN) rather than free public networks to safely browse the web. If you do end up using public Wi-Fi or networks, many of cybersecurity tips we’ve already reviewed, such as using strong passwords, MFA, and keeping software up to date may help with keeping cybercriminals at bay.

Stay Aware and Review Financial Contact Info

It’s no secret that the world’s digital footprint is expanding rapidly. According to Kepios, about 5.56 billion people use the internet, which is nearly 68% of the world’s population.14 That number only figures to grow, as the trend of shifting from paper to paperless (digital) continues. Think about the impact of that as it relates to your finances.

For example, did you know that President Trump signed an executive order for all federal departments and agencies to cease using paper checks by September 30.15 That means that the U.S. Treasury has less than six months to begin issuing checks electronically, including tax refunds, tax payments, and Social Security checks.

One of the goals of this executive mandate is to defend against financial fraud and security risks.16 However, as you can hopefully see from this article, that doesn’t mean that there won’t be cybersecurity risks that you need to protect yourself from. Always make sure to stay aware and review your financial contact info.

What Should You Do If Your Account Is Compromised?

Modern Wealth wants its clients and prospective clients to understand how to protect themselves from all forms of cybersecurity attacks. If you believe that one of your financial accounts has been compromised, contact your financial institution immediately. Additionally, make sure to contact the three major credit bureaus so they can place a fraud alert on file.17

And if you’re a Modern Wealth client and think that your account(s) have been compromised, please inform your advisor as well. We want to make sure that you have all the information and resources possible to protect yourself and prevent fraud.

Do You Have Any Questions About Cybersecurity and Your Finances?

The safety and wellbeing of our clients always comes first at Modern Wealth Management. If you have any questions about our approach to cybersecurity risk management and the important role it plays in your wealth management strategy, start a conversation with our team below.

SEE OUR SCHEDULE

Other Sources

[1] https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024

[2] https://www.cisa.gov/cybersecurity-awareness-month

[3] https://www.cisa.gov/secure-our-world/use-strong-passwords

[4] https://www.goodfirms.co/resources/top-password-strengths-and-vulnerabilities

[5] https://www.statista.com/chart/28878/expected-cost-of-cybercrime-until-2027/

[6] https://learn.microsoft.com/en-us/partner-center/security/security-at-your-organization

[7, 9] https://www.cisa.gov/sites/default/files/2023-02/phishing-infographic-508c.pdf

[8] https://blog.knowbe4.com/bid/251994/preventing-cyberheist-a-new-internet-creed-think-before-you-click

[10] https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2

[11] https://support.apple.com/en-us/108382

[12] https://www.cisa.gov/resources-tools/training/tips-stay-safe-while-surfing-web-part-1-web-browser-settings

[13] https://us.norton.com/blog/privacy/public-wifi

[14] https://datareportal.com/global-digital-overview

[15] https://www.cnbc.com/2025/04/01/the-us-government-is-phasing-out-paper-checks-what-that-means-for-you.html

[16] https://www.whitehouse.gov/fact-sheets/2025/03/fact-sheet-president-donald-j-trump-modernizes-payments-to-and-from-americas-bank-account/

[17] https://www.fidelity.com/security/report-an-issue

Investment advisory services offered through Modern Wealth Management, Inc., a Registered Investment Adviser. 

The views expressed represent the opinion of Modern Wealth Management a Registered Investment Advisor. Information provided is for illustrative purposes only and does not constitute investment, tax, or legal advice. Modern Wealth Management does not accept any liability for the use of the information discussed. Consult with a qualified financial, legal, or tax professional prior to taking any action.