Morgan Stanley
  • Wealth Management
  • Oct 15, 2019

Cyber Hygiene: 5 Habits to Help You Protect Your Wealth

In a world of increasing cybersecurity risks, keeping good digital hygiene should be a matter of routine.

In an era when billions of people are affected by data breach and a growing number are seeing their account information and online passwords stolen, it's essential to be proactive about managing your digital security. As the cyber threat landscape intensifies, people are increasingly worried about the safety of their personal financial information online, according to Rachel Wilson, head of cybersecurity for Morgan Stanley Wealth Management.

“You brush your teeth in the morning and at night. We have to be treating our cybersecurity the same way,” she says. Taking even basic precautions can make you a much more difficult target to hack. “If you make life too hard on the hackers, they will move on and focus on someone else.”

While your financial institution can take great care to help you secure your data, it takes a partnership—where you also take an active role in helping to keep your information safe from cybercriminals. Following these five cyber hygiene habits can help you to stay one step ahead of bad actors.

1. Patch everything

When you see a notification that your operating system or an application is ready to update, don't ignore it. “Hacking into a fully patched device, operating system or browser is very challenging,” Wilson explains. “Where the hackers have the advantage is when people are using out-of-date software, when they're using unpatched operating systems.”

Regardless of what operating system you use, keeping it updated is key to protecting your personal information.    

2. Use a password manager

Nearly one third (29%) of hacking-related breaches took advantage of stolen passwords.1 If you use the same password on every website and app, a hack at just one website could put all of your other logins at risk. Seeing as 71% of breaches were financially motivated,1 you should be especially cautious about using unique passwords for your banking and investment accounts.

Between financial, communication, business and social media accounts, you could have dozens of logins to manage. Remembering all of those passwords is nearly impossible. That's where password managers come in. A password manager is designed to be an ultra-secure app that stores all of your usernames and passwords for each account. Save each unique combination there and you'll need to remember just one password to log in and access your other passwords. That way, if one of your account logins leaks, you don't have to change every password you have.

3. Use multi-factor authentication

If your password does fall into the wrong hands, there's still another wall that can keep criminals out. When multi-factor authentication (MFA) is enabled, you need to provide something other than your username and password to confirm your identity and access your account. This additional factor of authentication could be a fingerprint, a registered trusted device or a security key. Through MFA, you can get into your account while preventing access by anyone else.

4. Phishing awareness

Tricking you into clicking a bad link or downloading an infected attachment in email is one of the most common routes for hackers to gain access to a computer. And once hackers have access to your system, they can steal your data, try to access your accounts and even use your personal or business contacts to perpetuate their scam.

Vishing is a similar scheme conducted by phone, and SMiShing happens over text message. Whatever form the scam takes, remember that messages from unknown people should be a red flag. Never give out your information unless you are confident about who is on the other end.

5. Pick a financial services firm with the best safeguards

A recent Morgan Stanley Investor Pulse Poll found that 82% of high net worth investors consider online access to account information important, if not essential.2 But at the same time, 43% expressed a lack of confidence in the safety of their personal financial information online.2

Before working with a financial institution, it’s essential to make sure key safeguards are available to you as a client. Those include MFA to verify your identity and protect your accounts, as well as advanced alerts and notifications, fraud detection and other digital tools to empower you as a partner in digital security.

Wilson notes that many independent financial advisers and smaller wealth management shops may not have the Information Technology departments, let alone the cybersecurity expertise, needed to properly safeguard client assets and data to the fullest extent possible. “We take cybersecurity incredibly seriously and are able to devote tremendous resources to the protection of Morgan Stanley and our clients,” Wilson says.

Remain vigilant against cyber threats

Knowing about weaknesses of out-of-date software, how password managers work and using multi-factor authentication are just some of the steps you should take to improve your cybersecurity. Also, work with the tools you get from your financial services firm to help you prevent identity theft and fraud.


1 Source: 2019 Data Breach Investigation Report, Verizon:

2 Source: Morgan Stanley Investor Pulse Poll, August 2019:


For more on the cybersecurity risks, speak to your Morgan Stanley financial adviser or representative. Plus, more Ideas from Morgan Stanley's thought leaders.