Account Security: Best Practices for Yieldstreet Investors

laptop-data-privacy-security Yieldstreet cares very deeply about the security of your account and data. In an era where website hacks, data compromises, and commerce on the dark web are a matter of daily news, a security breach in one place can render your accounts at other unrelated places vulnerable, and open to compromise. At Yieldstreet, we take stringent measures and go the extra mile where security is concerned. From securing our infrastructure, to encrypting sensitive data whether at rest or in transit, and using advanced AI and pattern recognition to detect unusual behavior, we follow industry best practices on every front. While the list of technologies we use to ensure your data is protected is extensive, there is a lot that you, as an investor, can do to safeguard your account information.  There are some simple steps you can take to improve the security of your digital footprint. These recommendations are highly relevant to your Yieldstreet account. Ideally, you should consider using these tips across the board to prevent anyone from taking over accounts containing sensitive information. Below we summarize key steps you can take to protect yourself and secure your personal data: 

table-laptop-account-data-security

Take precautions with your logins and passwords

Keep passwords long and random. Passwords should be at least 16 characters or the full length of the website’s login form. We realize that this is easier said than done but actually, the best way is for you to not know what any of your online passwords are. We recommend using random password generators. Many browsers will generate these for you on signup forms but you can also generate them online at sites such as passwordsgenerator.net, dashlane.com/features/password-generator and the pwgen utility for those who like working off bash shells.  Using a password management tool like LastpassDashlane or 1Password makes this process easier because then you are only required to remember the password to your password management tool. We recommend 1Password—we use it ourselves at Yieldstreet.  Do not write passwords down in text files or notepads and keep rotating them every 3-6 months. Most importantly, never reuse passwords across sites as this is one of the most common causes of account takeovers. When one site is compromised, every other site for which you have used the same password becomes automatically vulnerable, no matter how secure it is. 

Use Multi-Factor Authentication (MFA) when possible

Multi-factor authentication is a way to provide an added layer of security to your online account. MFA acts like a series of doors that must be unlocked before entering an online property. The ‘front gate’ is typically protected by a username and password. This is the most obvious barrier and can be compromised by a hack. With MFA, the second door also needs to have a key, one that no one other than you possess, making your online accounts more secure.  We recommend enabling MFA on every online account and inquiring with the service provider if it’s not a readily available option. In the case of Yieldstreet, we provide two factor authentication via Authy The most secure form of MFA is a hardware option like a Yubikey. The safest non-hardware option is an authenticator app like Authy or Google Authenticator. The least secure mechanism is SMS or text messaging because it is not tied to a physical device you own (like your phone) but rather the SIM card in it. This leaves it open to compromise through hacking techniques like SIM swapping, which we discuss below.

Exercise browsing safety

Websites you visit range from highly secure and responsible, to careless to downright malicious. Be careful while browsing. Most modern browsers do this for you, alerting you to vulnerabilities in the sites you visit. At the simplest level, don’t ignore these warnings. Secure data transit. Be sure that the websites you log into and share information with have a valid HTTPS certificate. This certificate signifies that the data being transmitted between you is encrypted in-transit to prevent external parties from snooping in on your interactions. Modern browsers make this visible to you by putting a little lock icon on the right of the website’s address. Use an ad-blocker. Attackers are buying up advertising space to inject ads with malware that can do harm to your computer and your data. Ad-blocker extensions like uBlock , AdBlock Plus or AdGuard maintain lists that block ads that are known to be malicious.  Here’s an easy checklist  to help ensure website security.

Prioritize email safety

Email is often vulnerable to attackers who try to take your information by either sending you malicious attachments or impersonating someone else (also known as Phishing) To prevent being the victim of phishing, adopt the following habits:
  1. Do not open an attachment unless you know who it is from and are expecting it.
  2. Hover your mouse over links before you click on them to see if the URL is legitimate.
  3. Enable filters on your email programs and report spam when something seems wrong. 

mobile-security-data-privacy

Practice mobile phone safety

Phones are essentially portable mini-computers and are susceptible to the same kind of risks. They also have an added category of risk due to their functionality as telephones.   Here are a few things to be aware of with your smartphone:  Theft or loss of a phone isn’t just a financial hit, you might also lose personal information like photos and videos unless you back up regularly. More importantly, however, losing your phone can be a security liability if the lost device falls into the wrong hands. Here are a few preventative measures you can take: 
  1. Set up access gates. This means setting up PIN codes, biometrics such as Touch or Face ID, patterns, and anything else your phone provides as a security measure. You should make sure that they are needed for every access attempt. 
  2. Enable remote device management. This allows you to remotely locate and, more importantly, remotely wipe your device if necessary. Services like Prey make this easy and affordable. Apple and Google provide their own ways of doing this as well.
  3. Secure backups. Make sure your device is backed up daily. Apple iCloud backups and Google backups make this easy.
  4. Anti-virus protection. Smartphones are fairly resilient to viruses, but they are not immune. This is particularly true for Android devices if you install apps outside of Google Play. Installing a malware scanning/anti-virus app can provide peace of mind on both iPhone  and Android.
  5. Prevent SIM swapping This is perhaps the biggest security risk you face with a mobile phone. In the event that a SIM swap has taken place with your phone number, you end up in a situation where you may still have your phone, but your phone number no longer belongs to you. The FTC has a fairly detailed advisory on this and recommends the following:
  • Do not reply to calls, emails, or text messages that request personal information.
  • Limit the personal information you share online.
  • Set up a PIN or password with your service provider. (This is critical as it prevents someone from calling your provider and pretending to be you.)

Protect your online identity 

There are many ways that attackers might try to steal your identity. A compromised identity is possibly the most dangerous aspect of a lapse in your online security. It can lead to a whole host of issues that are difficult and time-consuming to resolve. Use an identity monitoring service like LifeLock. Take immediate action when this service sends you an alert, even if it is simply to check and dismiss a false positive.  Keep your credit information on major providers such as Equifax, Experian, and Transunion frozen at all time and only unfreeze it for specific purposes, like applying for a loan, credit card, or mortgage.  With banking and financial practices increasingly becoming available online, it is important for investors to take responsibility for their digital footprint. With Yieldstreet’s robust security measures and your own vigilance as a user, many of the easily preventable issues that surround account security can be avoided. 
This communication and the information contained in this article are provided for general informational purposes only and should neither be construed nor intended to be a recommendation to purchase, sell or hold any security or otherwise to be investment, tax, financial, accounting, legal, regulatory or compliance advice. Any link to a third-party website (or article contained therein) is not an endorsement, authorization or representation of our affiliation with that third party (or article). We do not exercise control over third-party websites, and we are not responsible or liable for the accuracy, legality, appropriateness or any other aspect of such website (or article contained therein).
How helpful is this content?

Share this article:

Sign up for Yieldstreet in 3 easy steps

Sign up with your email address

Securely verify your identity and link a bank account

Verify your accreditation (if applicable) to access all of Yieldstreet’s offerings.

The Yield

Our weekly podcast providing ideas about how to make money work for you and bring you closer to your dreams.

Since inception, over $1.8B has been invested on Yieldstreet

Join today for free to access alternative investment opportunities.

1 Past performance is no guarantee of future results. Any historical returns, expected returns, or probability projections may not reflect actual future performance. All securities involve risk and may result in significant losses.

3 "Annual interest" or "Annualized Return" represents an annual target rate of interest or annualized target return and "term" represents the estimated term of the investment. Such target interest or target returns and estimated term are projections of the interest or returns and or term and may ultimately not be achieved. Actual interest or returns and term may be materially different from such projections. This targeted interest or returns and estimated term are based on the underlying investments held by the applicable.

4 Reflects the initial quarterly distribution declared by the board of directors on February 6, 2020, which will be payable to stockholders of record as of June 10, 2020, and the initial offering price of $10 per share.

5 The Fund will cease investing and seek to liquidate the Fund's remaining portfolio no later than 48 months after the Fund's initial closing. It may take up to twelve months thereafter to fully monetize any remaining illiquid investments in the Fund's portfolio.

6 Represents the sum of the interest accrued in the statement period plus the interest paid in the statement period.

7 The internal rate of return ("IRR") represents an average net realized IRR with respect to all matured investments weighted by the investment size of each individual investment, made by private investment vehicles managed by YieldStreet Management, LLC from July 1, 2015 through and including Sept 6th, 2021, after deduction of management fees and all other expenses charged to investments.

8 Investors should carefully consider the investment objectives, risks, charges and expenses of the Yieldstreet Prism Fund before investing. The prospectus for the Yieldstreet Prism Fund contains this and other information about the Fund and can be obtained by emailing [email protected] or by referring to www.yieldstreetprismfund.com. The prospectus should be read carefully before investing in the Fund. Investments in the Fund are not bank deposits (and thus not insured by the FDIC or by any other federal governmental agency) and are not guaranteed by Yieldstreet or any other party.

300 Park Avenue 15th Floor, New York, NY 10022

844-943-5378

No communication by YieldStreet Inc. or any of its affiliates (collectively, “Yieldstreet™”), through this website or any other medium, should be construed or is intended to be a recommendation to purchase, sell or hold any security or otherwise to be investment, tax, financial, accounting, legal, regulatory or compliance advice. Nothing on this website is intended as an offer to extend credit, an offer to purchase or sell securities or a solicitation of any securities transaction.

Any financial projections or returns shown on the website are estimated predictions of performance only, are hypothetical, are not based on actual investment results and are not guarantees of future results. Estimated projections do not represent or guarantee the actual results of any transaction, and no representation is made that any transaction will, or is likely to, achieve results or profits similar to those shown. In addition, other financial metrics and calculations shown on the website (including amounts of principal and interest repaid) have not been independently verified or audited and may differ from the actual financial metrics and calculations for any investment, which are contained in the investors’ portfolios. Any investment information contained herein has been secured from sources that Yieldstreet believes are reliable, but we make no representations or warranties as to the accuracy of such information and accept no liability therefor.

Private placement investments are NOT bank deposits (and thus NOT insured by the FDIC or by any other federal governmental agency), are NOT guaranteed by Yieldstreet or any other party, and MAY lose value. Neither the Securities and Exchange Commission nor any federal or state securities commission or regulatory authority has recommended or approved any investment or the accuracy or completeness of any of the information or materials provided by or through the website. Investors must be able to afford the loss of their entire investment.

Investments in private placements are speculative and involve a high degree of risk and those investors who cannot afford to lose their entire investment should not invest. Additionally, investors may receive illiquid and/or restricted securities that may be subject to holding period requirements and/or liquidity concerns. Investments in private placements are highly illiquid and those investors who cannot hold an investment for the long term (at least 5-7 years) should not invest.

Alternative investments should only be part of your overall investment portfolio. Further, the alternative investment portion of your portfolio should include a balanced portfolio of different alternative investments.

Articles or information from third-party media outside of this domain may discuss Yieldstreet or relate to information contained herein, but Yieldstreet does not approve and is not responsible for such content. Hyperlinks to third-party sites, or reproduction of third-party articles, do not constitute an approval or endorsement by Yieldstreet of the linked or reproduced content.

Investing in securities (the "Securities") listed on Yieldstreet™ pose risks, including but not limited to credit risk, interest rate risk, and the risk of losing some or all of the money you invest. Before investing you should: (1) conduct your own investigation and analysis; (2) carefully consider the investment and all related charges, expenses, uncertainties and risks, including all uncertainties and risks described in offering materials; and (3) consult with your own investment, tax, financial and legal advisors. Such Securities are only suitable for accredited investors who understand and willing and able to accept the high risks associated with private investments.

Investing in private placements requires long-term commitments, the ability to afford to lose the entire investment, and low liquidity needs. This website provides preliminary and general information about the Securities and is intended for initial reference purposes only. It does not summarize or compile all the applicable information. This website does not constitute an offer to sell or buy any securities. No offer or sale of any Securities will occur without the delivery of confidential offering materials and related documents. This information contained herein is qualified by and subject to more detailed information in the applicable offering materials. Yieldstreet™ is not registered as a broker-dealer. Yieldstreet™ does not make any representation or warranty to any prospective investor regarding the legality of an investment in any Yieldstreet Securities.

Banking services are provided by Evolve Bank & Trust, Member FDIC.

Investment advisory services are provided by YieldStreet Management, LLC, an investment advisor registered with the Securities and Exchange Commission.

Our site uses a third party service to match browser cookies to your mailing address. We then use another company to send special offers through the mail on our behalf. Our company never receives or stores any of this information and our third parties do not provide or sell this information to any other company or service.

Read full disclosure
Copyright © 2021 YieldStreet, Inc.