Practical analysis for investment professionals
05 October 2017

Weekend Reads: Information Security Hygiene

A few months ago, I saw a terrifying warning when I logged into my personal email account. It read: “Government-backed attackers may be trying to steal your password,” and boy, did it get my attention. Apparently, a number of people have received these warnings since 2012, and the summary advice on what to do about it is: “Be alert but not alarmed.”

How exactly does one do that?

This summer’s Equifax hack was the fourth largest data breach in the last few years. Hackers have targeted companies ranging from Yahoo to Verisign. It’s likely we’ll see increased information security regulation in the coming years, but it is also reasonable to expect that at some level we are all on our own.

Perfect and permanent “security” is probably outside of our reach. It exists on a spectrum and requires a set of practices that are best understood as another category of hygiene. Nobody can wash their face enough to permanently eliminate all chances of ever getting a blemish. But we wash our faces because we know it mostly works.

My hope with this essay is to help you find an approach that mostly works and connect you with some resources to go deeper if you’d like.

It is comfortable for some of us to think about information security through an economic lens. The picture is bleak, but computer scientist Ross Anderson summarized it well in his 2001 paper, “Why Information Security Is Hard: An Economic Perspective.” I find the first paragraph of his conclusion striking:

“Much has been written on the failure of information security mechanisms to protect end users from privacy violations and fraud. This misses the point. The real driving forces behind security system design usually have nothing to do with such altruistic goals. They are much more likely to be the desire to grab a monopoly, to charge different prices to different users for essentially the same service, and to dump risk. Often this is perfectly rational.”

The world is somewhat different 16 years later, but not in a way that makes security any easier. In fact, by welcoming internet-connected locks, refrigerators, thermostats, and wheelchairs into our lives, we have broadened our collective vulnerability.

For an individual, the first step to sanity is to check if your information has already been compromised. I recommend a visit to to see if your email address and password have been revealed in any recent data breaches.

Hopefully, you are in the clear. But if not, it’s time to change your passwords. The best approach is to use a unique password for each of your online accounts so that if a hacker gains access to one site, they can’t necessarily move on to others. That sounds quite daunting. Without some help, it means a lot of passwords to memorize.

Fortunately, a number of different password managers exist that can help you generate, remember, and categorize your various accounts. The most popular are 1Password, Dashlane, LastPass, and KeePass, and it’s worth spending some time figuring one of them out. They make life significantly easier because they will also do other things for you like fill out tedious forms.

Once you have set that up, take a look at this guide to personal information security. It contains many useful tips and is written to be accessible for your friends, colleagues, and perhaps clients. You may also want to develop a better understanding of how an attack may unfold or explore whether your firm is equipped to maneuver fast enough. It is past time to be alert, but hopefully thinking these issues through now will help keep you from being alarmed should they actually occur.

I’ll leave you with my wishes for a great weekend, and some more upbeat reading.

If you liked this post, don’t forget to subscribe to the Enterprising Investor.

All posts are the opinion of the author. As such, they should not be construed as investment advice, nor do the opinions expressed necessarily reflect the views of CFA Institute or the author’s employer.

Image credit:  ©Getty Images/Endai Huedl

About the Author(s)
Sloane Ortel

Sloane Ortel is the founder of Invest Vegan, an ethics-first registered investment adviser that manages distinctive discretionary portfolios of public equities on behalf of aligned individuals and institutions. Before establishing her own firm, she joined CFA Institute’s staff as a sophomore at Fordham University and spent close to a decade helping members adapt to a changing investment landscape as a collaborator, curator, and commentator. She is also a co-host of Free Money, a podcast for sustainability-oriented investors with a sense of humor.

1 thought on “Weekend Reads: Information Security Hygiene”

  1. lilly says:

    nice post

Leave a Reply

Your email address will not be published. Required fields are marked *

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.