Clicky

Protecting Your Assets in a Digital World

New Reader? Get free regular updates from Can I Retire Yet? on saving, investing, retiring, and retirement income. New articles about twice/month. Join more than 14,000 subscribers. Unsubscribe at any time:

As anybody who has made progress along the road to financial independence knows, building wealth doesn’t make all your problems go away or automatically bestow peace of mind. Along with increasing financial assets come inevitable concerns about protecting what you have. And in today’s digital world, the rules and techniques for ensuring financial safety have changed substantially.

Nobody wants to obsess over their fortune, like Scrooge. Generosity is one of the proven paths to happiness and true wealth. But the fact is that in today’s world, having significant assets also means having to exercise careful attention and stewardship in order for those assets to survive and serve your intended purpose.

Whether it’s Internet scams, computer errors, or natural disaster, your wealth is subject to a variety of dangers. In this post I’ll detail some of the most serious threats, and some of the simple steps you can take to ward them off.

Identity Theft

Identity theft is widespread, according to most sources, with the FTC reporting that 5% of people in the U.S. were victims within a 3-year time span. Thieves use a variety of techniques to steal personal information and obtain credit in your name or dip into your bank accounts. Who hasn’t had a credit card number stolen? It’s happened to me at least twice, that I can recall.

The problem is so prevalent, or at least so feared, that a major industry has sprung up around protecting you from identity theft. There are insurance, monitoring, and alert services that purport to prevent identity hijacking, or at least help repair the damage once it’s happened. But, given my penchant for frugality and self-insuring, I’d recommend taking some simple steps on your own to reduce the threat of ID theft, and foregoing most of the paid services.

Those interested in impersonating you or breaking into your financial accounts will first need to gain access to personal information such as family names, birth dates, social security numbers, and other account numbers. So you need to be ever mindful of how you handle that kind of information. Every piece of paper that you discard is at risk, so every modern home probably needs a serviceable paper shredder. I’m not much for specialized appliances, but after struggling with cheap shredders for years I finally upped and bought a serious business-quality shredder. It’s been a worthy investment in time saved, if nothing else. When you have banker’s boxes full of old tax records to be destroyed, the difference between being able to feed a dozen pages reliably, versus a few pages with frequent jams, means a huge savings in time and frustration.

Better yet, get on the path to a paperless office and eliminate as much paper, especially sensitive financial documents, from your life as possible. I’ve been doing that with my smaller financial accounts and utility accounts for many years. However, I’ve been loathe to turn off paper statements for my few significant investment accounts. I long felt that having paper documents gave me stronger proof of our assets in the event of any banking errors. But, in today’s digital world, I seriously doubt that is the case any longer. It probably takes about the same amount of skill to forge a digital document as it does a paper one, so I’m not sure there is much difference in the authenticity. And paper documents are easier to steal or lose, depending on how you handle them. So, I am now in the process of going paperless on all my accounts.

A final, highly-effective step you can take to protect your identity is free, or very cheap, depending on the state you live in. That is to simply freeze your credit report at the three major credit reporting agencies: Equifax, Experian, and TransUnion. This stops many major forms of identity theft dead in its tracks, because it makes it impossible to get credit in your name. While your credit report remains frozen, no credit applications will be approved. This can be a minor inconvenience if you need a new credit card or auto loan. But those living frugally on the path to financial independence will find such needs few and far between. And the agencies will each equip you with an identification number that allows you to unlock your report for a short time span, if you need to allow a legitimate credit application through.

Hacking

There are many additional steps you can take to protect your electronic identity that come under the umbrella of ‘safe’ computing: keeping software updated, using anti-virus protection, not clicking on unknown links on the web and in email, not responding to requests for personal information. Most of those topics are covered well elsewhere. But let me say a few words about passwords since the game keeps changing and it’s an area that many people don’t take seriously.

It once was the case that a handful of digits or your dog’s name was adequate to protect your accounts. That was long ago. Today’s hacking tools are so sophisticated that it can be child’s play to break into an account that is protected by any but the strongest passwords. All that’s required for this to happen is two mistakes: First, an institution has to drop their normal protective measures and give a hacker unrestricted access to your login screen or data files. Unfortunately, this happens from time to time. Second, you have to use an inadequate password. If so, your account will be one of the first compromised.

Mainstream advice for password length has been to use about a dozen characters. But in today’s world, for your most important accounts, there is at least one authoritative recommendation to use at least 20 characters. It’s an unpleasant overhead, but it’s the only sure defense against brute force attacks on your password. And you can make the task of remembering such passwords easier by using phrases and/or password management tools. Be mindful that it is primarily length that counts. The automated tools used by hackers aren’t much affected by your clever mixes of letters, numbers, or symbols — but they can be defeated simply by the time it takes to guess long pass phrases, given that most people don’t use them. It’s like the old joke about outrunning a tiger: you don’t have to be faster than the animal, just faster than your companions!

Once you get in the habit of using more secure passwords, which should be different for every account and are hard to remember en masse, you’ll want some software support for managing them. There are a number of password managers available such as Roboform. And using any one of them would be better than depending on short, insecure passwords or writing passwords down on post-it notes in your office.

My own solution, recommended for the more technically-inclined, is to use the free open-source TrueCrypt encryption software. With software like this you can keep your passwords in a simple text file or document. It’s a bit more labor-intensive than the dedicated solutions referred to above, but TrueCrypt is a general-purpose tool that has other security applications. Also, as an open-source encryption project, it is probably more secure than a proprietary product from one company that could be compromised by a single errant employee.

(Note: TrueCrypt development was discontinued in 2014. But there are a number of free alternatives. I now use VeraCrypt.)

Computer Glitches

It can be sobering to realize that the vast majority of your wealth doesn’t exist in any physical form. It is simply a series of bits on a computer somewhere. An ethereal scorecard maintained in the modern ether — the Internet “cloud.” Although all major banks and brokerages have elaborate backup and disaster recovery systems, reality has a way of thwarting the best-laid plans. Though the probability is low, one of my biggest security concerns is the potential for a longer-lasting computer glitch in the financial services industry — a software bug, hardware failure, or networking issue that damages data and requires days or weeks to recover.

As a software engineer for several decades, I’ve seen just about every kind of hardware/software failure you can imagine. How about a hard drive that malfunctioned whenever the Santa Ana winds blew? Or a floppy disk drive that rejected certain disks because of their color? Or verified tape backups that were unusable when needed? Or computers that booted, or not, depending on the temperature? Or one that rebooted, spontaneously, whenever it was touched? Or a major East Coast data center that came within a few hand-carried gallons of generator gasoline of going offline during Hurricane Sandy? It all happened.

I’m generally confident that most major financial institutions are capable of surviving and functioning after most imaginable disasters, natural or man-made, given some time. And that’s the main issue for us customers. If you need cash to buy gas and groceries or pay bills, you may not be able to wait weeks for an institution to sort out its recordkeeping systems in an emergency.

That’s why the simplest way to protect yourself against computer glitches may be to diversify your assets around at multiple institutions, keeping at least two checking accounts, and two credit cards, and perhaps multiple investment accounts. Although I’m a strong proponent of financial simplicity, I make an exception in this area. I know there are some wise heads who think it unnecessary, but our personal assets are divided among three institutions: USAA, Schwab, and Vanguard. So we can function and operate our financial life for quite some time, as long as just one of those institutions is up and running.

Physical Disasters

Even if your assets and data are safe at several different financial institutions, there is a certain amount of information you need to maintain for immediate personal access. Birth certificates, passports, insurance contracts, vehicle titles, wills, and passwords are all examples of sensitive and important personal information that you need to manage at or near home. Yet these items are vulnerable to a number of common perils: fire, flood, theft, and loss.

In times past, many people kept safe deposit boxes at their local bank for such items, but that’s old technology, and not necessarily a good fit for managing information in the modern era. Aside from the ongoing cost, you are subject to the bank’s rules and timetable for getting access to your documents. Instead, you can employ a dual system of hardened home-based storage plus secure online storage.

Sentry offers a wide range of waterproof and fireproof file and media safes that can provide protection for documents, CDs, memory sticks, and USB drives. A few hundred dollars can preserve all the computer data you need, plus a dozen or so physical file folders, against most possible disasters at home. Just beware that computer media generally needs a higher level of fire protection than paper, and protection ratings on safes can be confusing, so do your homework carefully.

The most reliable way to protect your important documents these days is to convert as many of them as possible to electronic form and save them in the cloud. There are dedicated web services available just for archiving important documents, but I prefer to use the large-scale, general-purpose storage services such as DropBox, Amazon S3, or Evernote. If you are concerned about security on these general-purpose services — and some of them have already had notable breaches — then you can combine them with a tool like TrueCrypt, discussed earlier, and encrypt documents on your end before uploading to the cloud.

Combining the offsite redundancy provided by cloud storage, along with your own choice of encryption technology, gives you a nearly impenetrable shield of protection for your key documents and data. Your valuable assets will be protected from most conceivable avenues of destruction by virtue of being stored remotely and redundantly on the Internet cloud. And they will be protected from theft or prying eyes by virtue of the encryption you’ve applied.

Asset Protection, Redefined

If you’ve worked hard in life it only makes sense to take some reasonable measures to protect what you’ve achieved. But those measures, and countermeasures, are quite different in today’s digital world than they were in the past.

We’ve reviewed a number of threats to your wealth in the modern era and what you can do to defuse and prevent them. Owning a shredder, freezing your credit report, employing longer passwords, using encryption software, diversifying your assets, purchasing a media safe, and storing documents securely on the cloud are just some of the necessary and effective tools at your disposal.

What’s your experience? Do you have any stories or lessons learned for the safety of your financial assets that would help the rest of us maintain our prosperity and sleep easier? Leave a comment below….

Comments

  1. Thanks, Darrow, great info!

    Here’s a nasty bit of trivia. I’ve learned (the hard way) that the Social Security Administration will not let users sign up for an online account if they have a credit freeze on their reports:
    http://ssa-custhelp.ssa.gov/app/answers/detail/a_id/2444/~/creating-a-my-social-security-account-with-a-credit-freeze-or-fraud-alert-on

    A credit freeze is a good idea, but people should sign up for their online SS account before carrying out the freeze. Otherwise you end up having to try to do it over the phone, or in person at a SS office, or unfreezing your credit files before trying again.

    • Thanks Nords, good tip! I’ve had to unfreeze my credit report a couple of times now for various reasons. It is an extra hoop to jump through, but has always gone smoothly. And, I like the extra protection provided!

  2. I use the free, open source KeePass program for all my passwords storage:

    http://keepass.info/

    I’ve been very happy with it.

  3. Lorraine says:

    Good ideas but it is hard when one spouse is computer literate and the other is not. Also what have you done in the event that both you and your wife are killed? Have you given a copy of everything to a family member or have you placed it in a safe deposit box? It used to be easy with a paper trail to follow but now things would be much harder for family to find and access easily. Thanks for any thoughts or advice you have.

    • Good questions Lorraine. These are not easy issues and as you note they’re even tougher when there are different levels of computer literacy in the family. I think it’s important to keep another computer-capable family member other than just you two updated with at least the essentials for accessing your financial life if necessary. You might think in terms of maintaining a single document, either printed or online, that contains the key information to get started in the event you’re not around.