Hacked! – Part 1

The big idea and why it matters: We can pretend to have peace of mind through avoidance (not good). Alternatively, we can use the concept of antifragility to grow stronger from difficult experiences (better). But, our real goal should be achieving “robustness,” which we can develop proactively before difficult situations occur (best).

“The fragile wants tranquility, the antifragile grows from disorder, and the robust doesn’t care too much.” -Nassim Taleb

Big Breach

If you do a quick Google search for “recent hacks” or “data breaches,” you’ll find an assortment of websites with the latest updates on this topic. Most of these incidents don’t make major headlines; odds are, you didn’t even know they occurred. Recently, however, a breach of “a company named National Public Data could have made billions of personal financial records vulnerable” and got the attention of many people, including some of our clients. Thanks to Jonathan S. and others for reaching out with questions and inspiring today’s topic. With that, let’s look more into the data breach for insights on applying the concepts of antifragility to both cybersecurity and portfolio management to help increase our collective robustness (the basis for peace of mind – to Mr. Taleb’s point). Here we go!

Private or public?

As the above article points out, National Public Data (NPD) compiles data it finds “on the line” (aka online). But what has become “public” for each of us over the years could amount to very sensitive information like addresses, dates of birth, and – yes – even our social security or other ID numbers.

If you’ve had the pleasure of doing cybersecurity training, then you may already know this data as PII – or Personally Identifiable Information. The more pieces of it that someone (like a hacker) has in their possession, the easier it is to steal one’s identity. If NPD has done the work of neatly packaging this PII in a database that has been breached, you can ascertain why it may be a problem. Thanks, NPD!

Whatever happened to good ol’ physical theft?

The five readers who have stuck with Alt Blend for the past year may recall that – in the span of one week in November of 2022 – my family had our safe stolen (home burglary), and I separately had my wallet stolen (pickpocketing), which I covered in Be Better than Me in 2023. It’s still worth the read for some of the takeaways and potential action items from that experience.

The good part of those incidents was that I immediately knew my information had been stolen. And, while it took nearly a year to rebuild our arsenal of social security cards, passports, and other documents, at least we were able to take action right away. Had we not known that essentially every sensitive piece of our PII had fallen into the wrong hands, who knows the amount of damage that could have ensued? There could be a fake Steve Tresnan, now retired on a superyacht in international waters, solely based on the value of those thirty Don Mattingly baseball cards in our safe. Instead, we took action, so I assume my name has done them no good. Thus, they’ll just have to be content being super-rich from those Donny Ms (am I laying on the sarcasm thick enough to convey the wasted effort of holding onto worthless baseball cards for over 30 years?).

You can be antifragile…

The problem (or one of the problems) with online theft is that we usually don’t know it’s occurring. And, if we do learn of a data breach, it’s usually long after the incident, so it’s likely too late to do anything about it. Therefore, we need to be more proactive and increase our robustness! Because of our theft incidents, we added home security, subscribed to credit monitoring and identity theft services, increased the strength of important passwords, and now keep our credit locked/frozen at all times (other than when we actively unfreeze it for credit checks). Thus, when my sister-in-law told us about the NPD hack and that our information was exposed, it’s not an exaggeration to say I couldn’t have cared less. What else am I realistically going to do?

…or you can be robust!

While I feel like we’re in a relatively good place with regard to our digital/credit security, we only did it because we were faced with an adverse situation that affected us directly. We’re like the kid who only did her homework because she was threatened with losing her iPad (her name is Ruby if you’re wondering) instead of just doing her homework because it’s the right thing to do.

In contrast, a friend of ours installed a complete home security system after hearing about our robbery. And recently, while he and his family were overseas, their home was burglarized. However, the burglars had less than two minutes to leave before the police arrived. Do you think Leo was thankful for the proactive measures he took?

We essentially became more robust via antifragility. That challenging experience truly made us stronger and more prepared for future incidents, which is good, but – take it from me – it’s far from ideal. You can instead increase robustness proactively, like Leo.

What can you do?

First, on the physical/anti-burglary front, I’d encourage you to go back to my 2023 blog link above and review what we learned from that incident.

On the virtual side, there are also plenty of basic measures you can take (feel free to reach out to me for specific solutions):

  • Use a password management tool. This can make using stronger and unique passwords for each website you access easier. I know people under age 40 who use a spreadsheet to log their passwords. Seriously (not mentioning any names, Matt). If you continue doing that, at least write down hints to the passwords rather than the passwords themselves and try to password-protect the document. I assure you the password manager solution is better and more manageable.
  • Use passkeys or multi-factor authentication (MFA) to access websites/apps. You’ll see more and more of it being offered. I recently wrote briefly about passkeys here. The idea is to use something local and specific to you (like your phone, face, fingerprint, etc.) instead of passwords. Passkeys are harder to replicate, and there’s no password to remember, so it seems to be where the puck is going.
  • Freeze your credit. The three agencies that comprise your credit score are Experian, Equifax, and TransUnion. They are essentially gatekeepers lenders must go through to check your credit.
    • Go to each website, create an account, and freeze/lock your credit (they use different terminology). Use a password manager or passkeys to ensure you can easily get back into these sites in the future. Also, download their apps.
    • You can check and review your credit for free. Make sure nothing looks weird (it says you have a GAP credit card, but you’ve never shopped at the GAP? Probably not good..). They also have additional services related to credit monitoring and ID theft protection.

[Note: my family pays for identity theft and monitoring services because I wanted someone to call, as well as a layer of insurance coverage if anything ever happens. I think it would be difficult to go through local law enforcement or other gov’t entities to address such situations]

  • Beware the Internet of Things. More and more physical devices are connected to the internet. Each can represent a gateway into networks, servers, and sensitive information. Ensure these are all encrypted. Your wifi software may allow you to monitor all the devices on your home network, and the IT-savvy can even partition the network for increased security (more about that in this Dashlane article).
  • Keep software updated. It’s not hard, and computer systems or apps often force this upon us. Just do it.
  • Beware Keyloggers. As another Dashlane article points out, this is another reason to use a password manager, as no keystrokes typically need to be used for logins.

I’m already way over the target length for today, so I hope some valuable ideas are in the (non-exhaustive) list above. Like feeding and bathing your kid, the least you can do is freeze your credit and keep your software up to date. Good luck out there.

In Part 2, we’ll apply these concepts to portfolio management and, ideally, even some Alts.

Until next time, this is the end of alt.Blend.

Thanks for reading,

Steve

PDF / Print
Share

The Bahnsen Group is registered with Hightower Advisors, LLC, an SEC registered investment adviser. Registration as an investment adviser does not imply a certain level of skill or training. Securities are offered through Hightower Securities, LLC, member FINRA and SIPC. Advisory services are offered through Hightower Advisors, LLC.

This is not an offer to buy or sell securities. No investment process is free of risk, and there is no guarantee that the investment process or the investment opportunities referenced herein will be profitable. Past performance is not indicative of current or future performance and is not a guarantee. The investment opportunities referenced herein may not be suitable for all investors.

All data and information reference herein are from sources believed to be reliable. Any opinions, news, research, analyses, prices, or other information contained in this research is provided as general market commentary, it does not constitute investment advice. The team and HighTower shall not in any way be liable for claims, and make no expressed or implied representations or warranties as to the accuracy or completeness of the data and other information, or for statements or errors contained in or omissions from the obtained data and information referenced herein. The data and information are provided as of the date referenced. Such data and information are subject to change without notice.

Third-party links and references are provided solely to share social, cultural and educational information. Any reference in this post to any person, or organization, or activities, products, or services related to such person or organization, or any linkages from this post to the web site of another party, do not constitute or imply the endorsement, recommendation, or favoring of The Bahnsen Group or Hightower Advisors, LLC, or any of its affiliates, employees or contractors acting on their behalf. Hightower Advisors, LLC, do not guarantee the accuracy or safety of any linked site.

Hightower Advisors do not provide tax or legal advice. This material was not intended or written to be used or presented to any entity as tax advice or tax information. Tax laws vary based on the client’s individual circumstances and can change at any time without notice. Clients are urged to consult their tax or legal advisor for related questions.

This document was created for informational purposes only; the opinions expressed are solely those of the team and do not represent those of HighTower Advisors, LLC, or any of its affiliates.

TBG Teampage

TBG Homepage

About the Author

Steven Tresnan, CAIA®, CFP®

Private Wealth Advisor

Steve is a Certified Financial Planner as well as a Chartered Alternative Investment Analyst®. He is also an Accredited Investment Fiduciary, which helps him offer guidance to clients with fiduciary responsibilities, such as board members of trusts, foundations, and endowments. Steve earned a Bachelor of Science degree in Industrial Engineering from Penn State University.

Steve serves on the board and finance committee of New Music USA – a national nonprofit devoted to the development and appreciation of new music in the U.S.

Youtube Facebook-f Instagram Twitter Linkedin-in
Youtube Facebook-f Instagram Twitter Linkedin-in

Form Client Relationship Summary (“Form CRS”) is a brief summary of the brokerage and advisor services we offer.

HTA Client Relationship Summary
HTS Client Relationship Summary

Hightower Advisors, LLC is a SEC registered investment adviser. Registration as an investment adviser does not imply a certain level of skill or training. Some investment professionals may also be registered with Hightower Securities, LLC and offer securities through Hightower Securities, LLC, member FINRA/SIPC. You can check the background of our firm and investment professionals on brokercheck.finra.org. Unless otherwise indicated relative to a specific award or ranking, Hightower Advisors, LLC does not pay a fee to be considered for any ranking or recognition, but may have paid to publicize rankings obtained and disseminated prior to 11.4.2022. All awards / rankings / ratings obtained and distributed on or after 11.4.2022 will be accompanied by specific disclosure as applicable. 

Copyright ©2024 The Bahnsen Group LLC

.pf-button-text { color: #000000; font-family: 'Mulish', sans-serif !important; font-size: 16px; }