Account security best practices for Yieldstreet investors

January 19, 20226 min read
Account security best practices for Yieldstreet investors
Share on facebookShare on TwitterShare on Linkedin

Yieldstreet cares very deeply about the security of your account and data. In an era where website hacks, data compromises, and commerce on the dark web are a matter of daily news, a security breach in one place can render your accounts at other unrelated places vulnerable, and open to compromise.

At Yieldstreet, we take stringent measures and go the extra mile where security is concerned. From securing our infrastructure, to encrypting sensitive data whether at rest or in transit, and using advanced AI and pattern recognition to detect unusual behavior, we follow industry best practices on every front. While the list of technologies we use to ensure your data is protected is extensive, there is a lot that you, as an investor, can do to safeguard your account information. 

There are some simple steps you can take to improve the security of your digital footprint. These recommendations are highly relevant to your Yieldstreet account. Ideally, you should consider using these tips across the board to prevent anyone from taking over accounts containing sensitive information. Below we summarize key steps you can take to protect yourself and secure your personal data: 

Take precautions with your logins and passwords

Keep passwords long and random. Passwords should be at least 16 characters or the full length of the website’s login form. We realize that this is easier said than done, but actually the best way is for you to not know what any of your online passwords are. We recommend using random password generators. Many browsers will generate these for you on signup forms but you can also generate them online at sites such as passwordsgenerator.net, dashlane.com/features/password-generator and the pwgen utility for those who like working off bash shells. 

Using a password management tool like BitdefenderDashlane or 1Password makes this process easier because then you are only required to remember the password to your password management tool. We recommend 1Password—we use it ourselves at Yieldstreet. 

Do not write passwords down in text files or notepads and keep rotating them every 3-6 months. Most importantly, never reuse passwords across sites as this is one of the most common causes of account takeovers. When one site is compromised, every other site you have used the same password becomes automatically vulnerable, no matter how secure it is. 

Use Multi-Factor Authentication (MFA) when possible

Multi-factor authentication is a way to provide an added layer of security to your online account. MFA acts like a series of doors that must be unlocked before entering an online property. The ‘front gate’ is typically protected by a username and password. This is the most obvious barrier and can be compromised by a hack. With MFA, the second door also needs to have a key, one that no one other than you possess, making your online accounts more secure. 

We recommend enabling MFA on every online account and inquiring with the service provider if it’s not a readily available option. In the case of Yieldstreet, we provide two factor authentication via Authy

The most secure form of MFA is a hardware option like a Yubikey. The safest non-hardware option is an authenticator app like Authy or Google Authenticator. The least secure mechanism is SMS or text messaging because it is not tied to a physical device you own (like your phone) but rather the SIM card in it. This leaves it open to compromise through hacking techniques like SIM swapping. anchor-link to mobile safety below

Exercise browsing safety

Websites you visit range from highly secure and responsible, to careless to downright malicious. Be careful while browsing. Most modern browsers do this for you, alerting you to vulnerabilities in the sites you visit. At the simplest level, don’t ignore these warnings.

Secure data transit. Be sure that the websites you log into and share information with have a valid HTTPS certificate. This certificate signifies that the data being transmitted between you is encrypted in-transit to prevent external parties from snooping in on your interactions. Modern browsers make this visible to you by putting a little lock icon on the right of the website’s address.

Use an ad-blocker. Attackers are buying up advertising space to inject ads with malware that can do harm to your computer and your data. Ad-blocker extensions like uBlock , AdBlock Plus or AdGuard maintain lists that block ads that are known to be malicious. 

Here’s an easy checklist for ensuring website security.

Prioritize email safety

Email is often vulnerable to attackers who try to take your information by either sending you malicious attachments or impersonating someone else (also known as Phishing). 

To prevent being the victim of phishing, adopt the following habits:

  1. Do not open an attachment unless you know who it is from and are expecting it.
  2. Hover your mouse over links before you click on them to see if the URL is legitimate.
  3. Enable filters on your email programs and report spam when something seems wrong. 

Practice mobile phone safety

Phones are essentially portable mini-computers and are susceptible to the same kind of risks. They also have an added category of risk due to their functionality as telephones.  

Here are a few things to be aware of with your smartphone: 

Theft or loss of a phone isn’t just a financial hit, you might also lose personal information like photos and videos unless you back up regularly. More importantly, however, losing your phone can be a security liability if the lost device falls into the wrong hands. Here are a few preventative measures you can take: 

  1. Set up access gates. This means setting up PIN codes, biometrics such as Touch or Face ID, patterns, and anything else your phone provides as a security measure. You should make sure that they are needed for every access attempt. 
  2. Enable remote device management. This allows you to remotely locate and, more importantly, remotely wipe your device if necessary. Services like Prey make this easy and affordable. Apple and Google provide their own ways of doing this as well.
  3. Secure backups. Make sure your device is backed up daily. Apple iCloud backups and Google backups make this easy.
  4. Anti-virus protection. Smartphones are fairly resilient to viruses, but they are not immune. This is particularly true for Android devices if you install apps outside of Google Play. Installing a malware scanning/anti-virus app can provide peace of mind on both iPhone  and Android.
  5. Prevent SIM swapping. This is perhaps the biggest security risk you face with a mobile phone. In the event that a SIM swap has taken place with your phone number, you end up in a situation where you may still have your phone, but your phone number no longer belongs to you. The FTC has a fairly detailed advisory on this and recommends the following:
  • Do not reply to calls, emails, or text messages that request personal information.
  • Limit the personal information you share online
  • Set up a PIN or password with your service provider. (This is critical as it prevents someone from calling your provider and pretending to be you.)

Protect your online identity 

There are many ways that attackers might try to steal your identity. A compromised identity is possibly the most dangerous aspect of a lapse in your online security. It can lead to a whole host of issues that are difficult and time-consuming to resolve.

Use an identity monitoring service like Lifelock. Take immediate action when this service sends you an alert, even if it is simply to check and dismiss a false positive. 

Keep your credit information on major providers such as Equifax, Experian, and Transunion frozen at all time and only unfreeze it for specific purposes, like applying for a loan, credit card, or mortgage. 

With banking and financial practices increasingly becoming available online, it is important for investors to take responsibility for their digital footprint. With YieldStreet’s robust security measures and your own vigilance as a user, many of the easily preventable issues that surround account security can be avoided.