Strengthening Cybersecurity: Best Practices and Emerging Trends

Cybersecurity is a critical issue in the financial industry. As the reliance on the internet for both professional and personal activities has grown, so has the threat from hackers, cyber-criminals, and fraudsters. These malicious actors exploit unpatched software and use social engineering tactics to steal data. With the increase in targeted exploits and attacks, there is growing concern about how to stay safe online. Human error remains the leading cause of cybersecurity threats. While extensive guidelines exist for various scenarios, we will focus on best practices for some recent issues and trends.

Best Practice 1: Be wary of any email or text message directing you to provide information

Phishing scams and Smishing (SMS Phishing or Text Phishing) are used by hackers to gain access to sensitive information by tricking individuals into revealing personal data. Text Messaging unfortunately lacks a lot of the same protections of a traditional email account, such as spam filtering, antivirus scanning, and authentication. Lack of protection and accessibility to victims has made Smishing a common method for fraud with bad actors. Apple users have the ability to enable a feature to reduce unwanted messages by separating texts from unknown senders using filters built into the Messages app^[1].

Best Practice 2: Verify the sender’s identity through trusted channels

If someone contacts you via phone, email, text, or social media and pressures you into buying gift cards, cryptocurrency, sending cash, or wiring money, it’s likely a scam. Be cautious when interacting with strangers online and remain skeptical of unsolicited messages.

Best Practice 3: Configuring your mobile device’s privacy settings

The National Security Agency (NSA) has warned smartphone users to disable location tracking to protect their privacy, following a significant data leak from Gravy Analytics (a company which aggregates location data) in January 2025^[2]. This leak exposed sensitive location data for millions of Americans, highlighting the risks associated with apps that collect and share location information. To mitigate these risks, the NSA recommends limiting app permissions, disabling ad tracking, and regularly resetting the advertising ID. Location settings for apps can be set to either not allow location data usage or, at most, allow location data usage only while using the app. Apple users are protected by the iPhone’s “Allow Apps to Track” setting, which can be disabled. Android users need to delete/reset the advertising ID. Depending on your device’s operating system and version, consider trying the following actions:

• On Android: Go to Settings \ Privacy \ Ads \ Delete advertising ID
• On iOS: Settings \ Privacy & Security \ Tracking \ Allow Apps to Request To Track

Best Practice 4: Regularly Monitor Accounts

Frequently check your accounts for any unauthorized transactions or changes. Report any suspicious activity immediately.

Best Practice 5: Use Strong, Unique Passwords

Ensure that your passwords are complex and unique for each account. Consider using a password manager to keep track of them securely.

Best Practice 6: Enable Two-Factor Authentication (2FA)

Add an extra layer of security by enabling 2FA (also known as Multi-Factor Authentication), which requires a second form of verification, such as a code generated by an authenticator app on your phone.

Best Practice 7: Use Secure Portals

Document transmission, especially during tax return preparation, without proper security measures can put your sensitive information at risk. JMG uses secure portals for transmitting documents with Personally Identifiable Information (PII) due to their robust security features tailored for sensitive data. While other services like Google Drive and Dropbox are excellent for general file storage and collaboration, users may not have them configured for the same level of security and compliance for handling PII. Using other third-party secure portals can pose the same risks. In addition to secure portals, JMG employees can initiate a secure email conversation with clients, rather than using regular email, to ensure privacy and integrity of the email and its attachments. Texting images of documents is prohibited due to a lack of privacy and encryption.

Best Practice 8: Educate your family and friends on these best practices to avoid falling victim to various scams

This knowledge empowers them to make safer decisions and reduces the risk of financial loss, identity theft, and other negative consequences associated with scams. Scammers are becoming increasingly sophisticated, using AI-driven techniques and deepfakes to appear legitimate in scams including phishing, smishing, cryptocurrency scams, catfishing, and other frauds. These sophisticated techniques can make it challenging to differentiate between genuine interactions and fraudulent ones, so it’s crucial to stay vigilant and skeptical. Additionally, contact your JMG Advisor if you need help navigating a potential fraud situation, which may involve reaching out to relevant authorities.

Helping you protect your digital experience has always been a priority at JMG. As the threat landscape evolves, staying informed about the latest trends is essential, yet achievable. Everyone has the opportunity to enhance their cybersecurity awareness and improve their personal security for the future. For more information on cybersecurity awareness, visit schwab.com/schwabsafe.

References:

¹ – Block, filter, and report messages on iPhone – Apple Support

² – NSA Warns Smartphone Users—Disable Location Tracking

Important Disclosure

Please remember that past performance may not be indicative of future results. Different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment, investment strategy, or product (including the investments and/or investment strategies recommended or undertaken by JMG Financial Group Ltd. (“JMG”), or any non-investment related content, made reference to directly or indirectly in this writing will be profitable, equal any corresponding indicated historical performance level(s), be suitable for your portfolio or individual situation, or prove successful. Due to various factors, including changing market conditions and/or applicable laws, the content may no longer be reflective of current opinions or positions. Moreover, you should not assume that any discussion or information contained in this writing serves as the receipt of, or as a substitute for, personalized investment advice from JMG. To the extent that a reader has any questions regarding the applicability of any specific issue discussed above to his/her individual situation, he/she is encouraged to consult with the professional advisor of his/her choosing. JMG is neither a law firm, nor a certified public accounting firm, and no portion of the content provided in this writing should be construed as legal or accounting advice. A copy of JMG’s current written disclosure Brochure discussing our advisory services and fees is available upon request. If you are a JMG client, please remember to contact JMG, in writing, if there are any changes in your personal/financial situation or investment objectives for the purpose of reviewing/evaluating/revising our previous recommendations and/or services, or if you would like to impose, add, or to modify any reasonable restrictions to our investment advisory services. JMG shall continue to rely on the accuracy of information that you have provided.

To the extent provided in this writing, historical performance results for investment indices and/or categories have been provided for general comparison purposes only, and generally do not reflect the deduction of transaction and/or custodial charges, the deduction of an investment management fee, nor the impact of taxes, the incurrence of which would have the effect of decreasing historical performance results. It should not be assumed that your account holdings correspond directly to any comparative indices. Indices are not available for direct investment.