Protecting your personal information—a cybersecurity checklist
The pandemic has taught us many lessons, including the importance of safeguarding our personal information. Realizing our focus was elsewhere, hackers stepped up their efforts to gain access to our data. And in many cases, they succeeded. The Federal Trade Commission received 1.4 million reports of identity theft in 2020—double the number in 2019.¹ Here are some things to consider to help you strengthen your cybersecurity.

Have you registered your retirement and other financial accounts?
You may think the best way to protect your accounts is to not register them online. After all, hackers can’t get into your online accounts if they don’t exist, right? Unfortunately, that’s not entirely true. If your personally identifiable information (birth date, Social Security number, and other personal information) has been compromised, hackers may be able to locate and register your accounts—setting their own passwords to keep you out. By the time you receive the next paper statement, the damage may already be done. Registering your accounts can help you safeguard them and quickly identify any suspicious activities.
Are you following best practices for password security?
Your passwords are the door to your online presence, so you want to make it as difficult as possible for hackers to unlock them.
Use a unique password for each account
While it may be tempting to use the same password for everything, this approach can make you more vulnerable. If hackers were to get ahold of this password, they’d potentially have access to all your online information.
Create complex passwords
Simple passwords such as 123456 and those that contain personal information are easy for hackers to figure out. Strong passwords typically include:
- At least eight characters—the longer, the better
- A mix of upper- and lowercase letters
- At least one number and special character (!, #, $, etc.)—put them between letters instead of at the end for heightened security
Each website you use will typically have its own password security rules that you’ll need to follow. Most will likely require some combination of the above.
Change your passwords regularly
For many people, creating passwords is a one-and-done event—and that’s what hackers are counting on. As a general guideline, you should consider changing your passwords every three to four months. You should also update them immediately if you’re notified of a security breach.
Keep your passwords in a secure location or use a password manager
Remembering multiple complex passwords can be a challenge. That’s why many people may resort to posting sticky notes on their computers or keeping a list in their desk drawer—neither of which align with prudent cybersecurity best practices. As an alternative, you may want to consider using a password manager, an online program that helps you store, create, and manage your passwords. If you decide to go this route, you’ll want to do your homework as a variety of password managers are available. If you prefer to stick with paper, you should keep your passwords in a secure location, such as a safe or lockbox. You’ll also want to make sure a trusted friend or family member knows the location in case something happens to you and they need to access your accounts.
Are you using multifactor authentication?
If you’re not already, you should consider using multifactor authentication whenever it’s offered. How does it work? After entering your password, you have to provide additional information—usually a code sent to your cell phone—to verify your identity in order to access your account. Since it’s unlikely a hacker will have both your password and your phone, it can be a simple way to help strengthen your cybersecurity.
Do you know how your financial institutions are protecting your data?
Your mobile devices, tablets, and computers aren’t the only way hackers can acquire your personally identifiable information. They can also get it by breaching the companies you do business with. Seventy-three percent of surveyed businesses have experienced a cyberattack.2 Make sure you understand the protocols in place to safeguard your accounts, and your recourse if a breach occurs. If you don’t think a company is doing enough, you may want to consider moving your business elsewhere.
Are your social media accounts private?
Social media is a great way to stay connected with friends and family. It’s also a treasure trove of information that hackers can use to personalize their scams and figure out the answers to security questions. So be selective in what you post and the friend requests you accept, and consider keeping your accounts private.
Do you know what info the apps on your phone can access?
Apps are fun, convenient, and helpful, but some may request permissions they don’t need, which can put your data at risk. Take some time to verify the settings on your apps and disable those that make you uncomfortable. And be selective about the apps you add in the future. Before granting permission, ask yourself whether an app really needs all the information it’s requesting. If the answer’s no, you may want to search for a comparable, less-intrusive one.
Protect yourself from prying eyes
The number of cyberattacks will likely continue to skyrocket, so don’t let your guard down. Be vigilant, and consider following the latest cybersecurity guidelines. Because when it comes to protecting your personal information and online accounts, the best offense is a good defense.
Important disclosures
The content of this document is for general information only and is believed to be accurate and reliable as of the posting date, but may be subject to change. It is not intended to provide investment, tax, plan design, or legal advice (unless otherwise indicated). Please consult your own independent advisor as to any investment, tax, or legal statements made.
John Hancock Investment Management Distributors LLC is the principal underwriter and wholesale distribution broker-dealer for the John Hancock mutual funds, member FINRA, SIPC.
John Hancock Retirement Plan Services LLC offers administrative and/or recordkeeping services to sponsors and administrators of retirement plans. John Hancock Trust Company LLC provides trust and custodial services to such plans. Group annuity contracts and recordkeeping agreements are issued by John Hancock Life Insurance Company (U.S.A.), Boston, MA (not licensed in NY), and John Hancock Life Insurance Company of New York, Valhalla, NY. Product features and availability may differ by state. Securities are offered through John Hancock Distributors LLC, member FINRA, SIPC.
MGR1004222441166 MF2441166