Our Family of Companies
western & southern financial group logo
western & southern life logo
columbus life logo
eagle realty group logo
Fabric by Gerber Life
fort washington logo
gerber life logo
integrity life logo
lafayette life logo
national integrity life logo
touchstone investments logo
w&s financial group distributors logo
Cyber Security with a lock icon

How Clients Can Protect Themselves

Explore tips to enhance your cybersecurity, become aware of the common scams, and learn about actions to take if you become a victim of a cyberattack. Utilize our cybersecurity checklist to ensure you apply these critical approaches to boost your security.

Tips to Boost Your Cybersecurity

Explore the tips below to enhance your cybersecurity and learn about the significance of harnessing these techniques:
Setting up a username and password on laptop.

Establish Strong, Unique Passwords and Apply Effective Password Management:

  • A strong password is at least 12 characters long – implementing upper- and lower-case letters, numbers, and symbols.
  • Utilize different passwords across accounts to minimize account exposure with a password breach.
  • Periodically change your passwords across your accounts, especially after a suspected compromise, and never share your passwords with others.
  • Memorize your passwords or store them securely.
Laptop updating

Routinely Review and Update Your Software to Ensure It Is the Most Current Version:

  • Confirm that your installed software, operating system, and web browser are the latest versions. The latest versions of software fix bugs and provide the greatest protection against potential vulnerabilities.
  • If possible, enroll in automatic updates for your software and consistently restart your devices so that updates are fully implemented.
  • If you’re unsure how to check if your software is the latest version or how to enroll in automatic updates, review resources from your vendor or research steps online.
Email message warning user about using caution when opening an email from an outside organization.

Practice Caution and Verify Sources:

  • Practice caution when visiting new websites, opening emails from unknown senders, clicking unfamiliar links, and downloading software.
  • Verify the authenticity and security of sources before clicking or downloading any links, attachments, or software.
    • Look for clues such as sense of urgency, grammatical errors, generic messaging, unusual tone, or suspicious requests when assessing the authenticity and security of a source.
    • Hover your mouse over links (do not click) to see where they will direct you if clicked.
  • Only take action with known, reliable sources. If a source seems unreliable or suspicious, avoid any action.
  • To determine the authenticity or security of a source, use known and trusted methods of contact to verify them directly.
Businessman installs antivirus software.

Install Antivirus Software with a Firewall from a Reputable and Strongly Reviewed Vendor:

  • Antivirus software and firewalls protect against malicious threats. Antivirus software prevents malware (malicious software) and viruses from penetrating your devices and threating your data. A firewall provides defense from hackers, viruses, and other threats that occur over the internet by guarding the internet activity entering your device.
Person using two-factor authentication to Log In.

Opt Into Two-factor Authentication:

  • Two-factor authentication is an additional layer of security beyond solely username and password. It requires a second form of verification, such as inputting a code sent to your personal device, to ensure fraudulent parties cannot access your accounts. Therefore, even if a cybercriminal gains access to your password, they cannot access the account without the second verification method.
Person using Virtual Private Network technology on laptop computer.

Consider Use of a VPN from a Reputable Vendor:

  • A Virtual Private Network (VPN) boosts your cybersecurity protection by encrypting your internet activity and protecting your online privacy. It increases your security against external attacks and disguises your IP address – hiding your location.
Businessman on his tablet at the aiport.

Exercise Caution When Using Public Wi-Fi:

  • Public Wi-Fi lacks security; therefore, it is a common access point for cybercriminals to attack.
  • Common attacks by cybercriminals include routing your internet activity through themselves to steal your data, connecting to your devices, or malware attacks.
  • Refrain from sensitive activities, like online banking, when using public Wi-Fi. If you have to use public Wi-Fi, verify the exact spelling of the public Wi-Fi, as hackers will create a similar looking Wi-Fi access point (i.e., network name). In addition, consider use of a VPN while on a public Wi-Fi network.
Cloud like filing cabinet with folders stored.

Frequently Back Up Your Data:

  • Valuable data can be lost in a ransomware attack when cybercriminals gain access to and hold the only source of data hostage. Cybercriminals can gain access through victims clicking malicious links or downloading malware.
  • Data can also be lost if you are required to reset your devices to remove viruses.
  • Therefore, you should regularly back-up important files and store them in a secure location, such as the cloud or an external hard drive, to avoid potential data loss.
Person using mobile smartphone sending text messages.

 Be Prudent with the Information You Share Online:

  • Everyone can be a potential target to cybercriminals; therefore, we must exercise careful judgment with the information we share, especially through social media. What we believe to be harmless information can be a valuable clue to cybercriminals.
  • Refrain from posting sensitive information, such as your phone number, home address, date of birth, or any other personally identifiable information (PII). On social media, strengthen your security by setting your privacy setting to limit who can see your posts. The data you post on social media can be used as content to trick you in a phishing email.
Financial fraud alert message on smartphone.

Regularly Monitor Your Accounts for Suspicious Activity and Properly Dispose of Sensitive Information:

  • It is important to review your bank accounts, credit card statements, and any other financial accounts for suspicious activity. If any suspicious activity is noticed, report it to the appropriate institutions immediately. 
  • Review your accounts for any unauthorized changes to your settings, such as contact information changes or changes to verification method.
  • Enroll in alerts or notifications offered by these accounts. They can help you monitor your accounts and detect unusual activity quickly.
  • Destroy sensitive information, such as paper financial statements, by methods such as shredding. If possible, opt into electronic statements to reduce the amount of hard copies with sensitive information.
Women reading her laptop screen with a confused look.

 Be Alert for Social Engineering Scams:

  • Social engineering is a method used by cybercriminals to deceive an individual into sharing sensitive or compromising information.
  • The most common modes for social engineering are emails, phone calls, or text messages. Be vigilant towards suspicious communications and never share sensitive information with unknown sources.
  • Common scams involve a family member needing money to get out of jail; IRS claiming you owe back taxes and other “urgent” scenarios like your bank account was compromised.
Person at the charging station of an airport, plugging in their phone.

Never Use Unknown External Devices:

  • External devices, such as a wireless mouse or USB drive, can contain viruses and malware. If plugged into other devices, these external devices can infect other devices. Therefore, you should never use unknown external devices.

Common Cyber Scams

Learn about the common cyber scams:

Phishing Scams

Phishing is one of the top security risks companies face today. 

Phishing scams are fraudulent attempts to obtain valuable personal information, such as payment information, passwords, or social security numbers, by disguising them as a reputable source, like a company or organization. Phishing can occur through several types of communication, such as emails, text messages, or phone calls.

Email message warning user about using caution when opening an email from an outside organization.

To Prevent Phishing Scam Attacks:

  • Scrutinize all communications that ask for personal information, avoid clicking on unknown links, and refrain from downloading attachments from unfamiliar sources.
  • Before taking any action, verify the credibility of the source.

Malware Attacks

Malware attacks seek to install malicious software on a computer or device. Once installed, the malware can be used to steal information on the device or take control over the device. 

Updating systems and applications

To Prevent Malware Attacks:

  • One should utilize an antivirus software from a reputable provider and regularly update your operating systems and applications to ensure the latest security features are installed.
  • Do not download material from suspicious or unknown sources.

Ransomware Attacks

Ransomware attacks aim to gain control of a user’s valuable files stored on their devices.
Once a victim clicks on a malicious link or website, a ransomware attacker will infiltrate a victim’s device and encrypt files, preventing the victim from accessing the information. The attacker will then demand payment from the victim in exchange for access to the files.

Ransomware attack message on laptop.

To Prevent Ransomware Attacks:

  • Do not engage in communication with suspicious or unknown sources. Never click links or download files from unverified sources.
  • Furthermore, back up valuable files by storing them through sources outside your devices, such as the cloud or external hard drives.
Cyber criminals phishing stealing private personal data, user login, password, document, email, and card.

Identity Theft

Identity theft is when a criminal steals a victim’s personal information, such as their name, date of birth, address, or social security number, and poses as the victim in order to commit fraud or theft under the victim’s identity.

To Prevent Identity Theft:

An individual should never share sensitive or personal information online and should limit engagement with unknown sources.
Regularly monitor your credit reports to detect unauthorized activity.
Shred documents containing sensitive information before disposing of them.

Investment Scams

Investment scams defraud victims by convincing them to invest in fake or fraudulent opportunities, such as Ponzi schemes.
The scammer will often go to great lengths to make the fraudulent opportunity appear legitimate.

Businessman studying his laptop screen with concern.

To Prevent Investment Scams:

  • Scrutinize all unsolicited investment opportunities, perform research to determine the legitimacy of the opportunity, and consult with reliable third parties to examine the opportunity.

Credit Card Fraud

Credit card fraud occurs when a criminal uses a victim’s credit card information to make unauthorized purchases.

Credit cards with an open lock and chain. Protect your credit cards concept.

To Prevent Credit Card Fraud:

  • Never share your account information with unknown sources, only transact with trustworthy sources, and regularly monitor your account statements.
  • If possible, enroll into notifications that will alert you when your credit card is used. A credit card company will never ask you to confirm your password.

Online Shopping Scams

Online shopping scams deceive individuals into purchasing goods that they never receive, goods that are stolen, or goods that are falsely advertised or counterfeit.

Person using their credit card information to make an online purchase via laptop.

To Prevent Online Shopping Scams:

  • Scrutinize offers that seem too good to be true, only transact with trustworthy and reputable sellers, and utilize payment methods that provide buyer protection. Never purchase from ads listed on social media sites.

Tech Support Scams

Tech support scams involve scammers posing as tech support to convince victims they falsely need technology services. The scammers use this deception to gain access to devices or fraudulently charge individuals for their fake services.

Smart Phone with Application Error.

To Prevent Tech Support Scams:

  • Scrutinize messages or random phone calls offering technical support.
  • Never provide remote access to your devices unless engaging with a trustworthy vendor.

Business Email Compromise (BEC) Scams

BEC scams are a concern for many, given that work contact information is often publicly available. BEC scams target employees of companies with the intent to induce these employees into sharing valuable information or transferring money.
These criminals may pose as a superior or group within the company or a trusted vendor to deceive the victim.

Businesswomen observing her laptop screen while concerned on a phone call.

To Prevent BEC Scams:

  • Examine work emails to verify they are from trusted sources. Confirm all payment requests with a phone call or in-person meeting.
  • Discuss the risks of BEC scams with co-workers or employees.

Social Engineering Scams

Social engineering scams trick people into sharing sensitive information or transferring money by capitalizing on the victim’s trust or emotions.

Person holding phone displaying an IRS scam call.

To Prevent Social Engineering Scams:

  • Do not respond to unsolicited messages or phone calls from unverified sources. Never exchange sensitive information or transfer money unless you are certain the source is legitimate and trustworthy.
  • Be wary of urgent requests that need immediate action to avoid a negative consequence. For example, someone impersonating the IRS claiming you owe taxes.
Phone displaying online dating site and credit card phishing. Romance and Phishing Scam Concept.

Romance Scams

Romance scams are an attempt by cybercriminals to form disingenuous online romantic relationships with victims to exploit their emotions for gain, such as exchanging money or valuable personal information. These cybercriminals may communicate through email, social media, or dating websites and will utilize fake photos and personal information.

To Prevent Romance Scams:

Practice caution with unsolicited messages

If a person randomly contacts you online and shows romantic interest very quickly, it may be cause for concern.

Verify with research

Perform online research (Google) to verify the legitimacy of the romantic interest’s name, photos, or other information they have shared.

Do not share sensitive information

Do not share sensitive personal information or send payments to people you have only met online.

Be alert for inconsistencies

Be alert for and probe any inconsistent information that the person shares. This may be a sign that they are not who they claim to be.

Meet in person

If communications advance, meet in person to corroborate their identity. First, ensure you have exhausted the online tools to verify their identity. If you still decide to meet in person, meet in a public place and/or ask a friend or family member to accompany you for the initial visit.
Concerned man looking at his mobile phone.

Family Imposter Scams

Family imposter scams involve cybercriminals posing as a victim’s family member to deceive the victim into a course of action, such as transferring money or sharing valuable personal information. A common scheme is a cybercriminal contacting a grandparent and impersonating their grandchild who needs financial assistance. The scammer will portray a sense of urgency to get the victim to act quickly without thinking thoroughly.

To Prevent Family Imposter Scams:

Verify their identity

Confirm the person contacting you is a friend or family member by testing them with a personal question only a trusted source could answer.

Evaluate the urgency

Scrutinize the urgency of the request and refrain from sharing personal information with unexpected communications. An “out of the blue” request for urgent personal information may be a red flag.

Communication channels

If possible, verify the request for personal information or a transfer of money through other communication channels. For example, if you receive a request through a suspicious email, call the individual directly with a phone number you already know to verify the request. Requests through unusual channels, such as social media, may also be a red flag.

What to Do if You Are a Target of a Cyberattack

Learn about actions to take if you become a target of a cyberattack:

Man on the phone contacting help to report a cybersecurity attack.

1. Contact legal authorities:

You should report your attack to the appropriate authorities, such as the police. They will be able to provide guidance, help remediate the situation, and walk you through the next steps.
Credit cards with a closed lock. Protect your money concept.

2. Contact your financial institutions:

If the attack involves information that could impact your financial accounts, contact your bank or credit card company to report the incident. They should be able to provide guidance and can freeze your accounts.
Meter detecting risk on a low to high scale.

3. Assess the situation:

Determine the scope and severity of the attack. What is the value of the information or access that was stolen? What assets, such as accounts or devices, are now at risk due to the attack? If personal financial information is affected, take immediate action to resolve the situation.
Warning label appears in front of a new message.

4. Identify the type of attack and pinpoint the instrument of attack:

Your response to an attack will be determined by the type of the attack. For example, if it is a phishing attack, you will be required to detect and delete the malicious communication. If it is a malware attack, you will need to isolate the impacted device by disconnecting it from your network.
Businessman isolating a red, infected piece from a Jenga tower.

5. Isolate the exposed device:

If it is suspected that a device is infected, isolate the device by disconnecting it from the network and/or the internet. Disconnecting the device will limit the potential of an infection from spreading to other devices and also block any communications from the infected device over the internet. If you suspect that the attack is across several devices, then disconnect each device.
Reset password message

6. Create new passwords for your accounts:

Determine which accounts may have been compromised and change their passwords. Ensure that the new passwords are strong and unique. It may be appropriate to change passwords on all vital accounts if there is uncertainty on whether or not these accounts were exposed in the attack.
Phone message concerning an unauthorized credit card transaction.

7. Review your accounts for unauthorized changes:

As a result of the attack, the cybercriminal may have gained access to your accounts. Therefore, you should inspect your accounts for unauthorized changes. Examples of unauthorized changes include changes made to login credentials, verification methods, or contact information. If any changes are detected, reverse them immediately.
Laptop message shows it is secured after running an antivirus software.

8. Run a scan using your antivirus software:

The cybersecurity attack could have installed malware or infected your device with a virus. Therefore, you should run an antivirus scan of any infected or potentially infected devices. Your antivirus software should have the capability to remove any malicious software or files from your devices.

Explore More About Cybersecurity

Cybersecurity Checklist

Defend yourself from the new risks and vulnerabilities of cyberattacks. This checklist outlines multiple strategies in several key areas to improve your cybersecurity.
Explore Cybersecurity Checklist

How Fort Washington Protects Clients

We partner with our parent company, Western & Southern Financial Group, to ensure information security is a top priority.
Learn About Client Protection

Cybersecurity Program

In our tech-driven world, cybersecurity is a critical part of any successful company. We strive to achieve and maintain the highest level of security, through a comprehensive cybersecurity program.
Learn About Cybersecurity Program
Additional resources 
To learn more about cybersecurity, how to protect yourself, or to report an issue, visit the Cybersecurity & Infrastructure Security Agency (CISA) website. CISA leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure.

If you identify suspicious activity or believe you are a victim of a cybersecurity attack that impacts your financial information, please contact Fort Washington at 888.244.8167. Furthermore, if you receive unusual communications identified as Fort Washington that seem fraudulent, contact us to verify the communications. If Fort Washington is unable to verify the communication or you feel certain it is fraudulent, you may file a report with the FBI using this link: Internet Crime Complaint Center(IC3) | File a Complaint
Fort Washington Investment Advisors is not liable for any data, information, or cyber threats that may affect you, based on the contents of this document. The sole purpose of this material is to inform and is not intended to be construed as cybersecurity advice. Clients should consult with cybersecurity experts before making decisions regarding the safety of their personal information.