Cybersecurity: What It Is and Simple Steps You Can Take That Can Help You Stay Protected

Share this article

What we’ll cover:

We can do nearly everything online these days: order groceries, pay bills and even invest in the stock market. All of that convenience and buying power at our fingertips makes it easy to get things done, but using personal data online (like credit card numbers) also means it’s a good idea to educate ourselves on how to protect our information. And that’s where cybersecurity comes in. 

For the average person, cybersecurity is about making sure your personal data doesn’t get in the wrong hands. But it also includes other practices like keeping companies’ intellectual property protected, helping track down hackers and detect leaks, and a lot more. To be honest, we could write an entire book on this topic. For the purposes of this article, though, we’ll stick to the information most relevant to you.

Ahead, we’ll cover what cybersecurity is in more detail and the different ways that you can (and should) protect your information. Considering how much we use our various devices and the internet these days (are we ever not plugged in at this point?) it can be helpful to know there are ways to keep using your devices while also protecting your sensitive information. We’ll share a few easy steps you can take to help keep your information secure when you log in online or download an app. 

Cybersecurity: what is it?

You might already know what cybersecurity is, but as a jumping-off point let’s address the textbook definition. Cybersecurity is essentially the practice of protecting your information from unauthorized access and/or criminal use on the internet, as well as ensuring confidentiality, integrity, and availability of that information. And in perhaps more relevant terms - have you ever gotten a computer virus (who hasn’t?) or clicked on a pop-up that then crashed your computer? Following cybersecurity best practices can help protect you when it comes to those things.

Beyond computer viruses, cybersecurity also deals with other serious issues like having sensitive information stolen, or even crimes being committed using your personal network. No one wants to find themselves in any of these situations – while there’s no guaranteed way to avoid these risks altogether there are things you can do to help mitigate some of the risks.

You’re probably already familiar with some of the common cybersecurity tactics – like logging into an account with a unique username and password – but we’ll cover additional important (and often easy) things you can do to continue using your devices later on.

Did You Know?

If you’re still concerned about identity theft, you can always freeze your credit reports. That way, even if someone does gain access to your sensitive information, it will be difficult to open accounts in your name. To freeze your credit reports, call each of the major credit-reporting bureaus Experian, TransUnion and Equifax.

Cybersecurity: 8 helpful practices

Before you start panicking about having to come up with a hardcore defense strategy, take a deep breath. You’re likely already taking steps to stay protected. Maybe you’re even doing all of the things we’re about to discuss (in that case – good for you!) or maybe you’d just like to feel more comfortable surfing the internet or using your bank’s mobile app. Whatever the case may be, here are some steps you can take to protect your identity and sensitive information online. 

1. Don’t share your personal data with anyone/any site you’re not familiar with

Yes, this is painfully obvious, but we’re going to say it anyway – never share your personal information when responding to any unsolicited phone calls, emails, or text messages. If we’re being honest with ourselves, is there ever a situation where you should share your Social Security number, credit card information, and any personal identifying information (e.g., your date of birth) with a stranger? Probably not.


Be on the lookout for unsolicited calls, emails, and direct messages asking for your personal information.


Some helpful tips for figuring out if the source is reputable or not includes looking closely for any obvious typos or grammatical errors (if it’s an email or message), and even searching the company or individual’s name to see if it comes up as reputable or not. In the case of a phone call, if you’re uncertain you can always end the call and then call the actual company directly to verify the information. You can also ask the caller for specific details, such as a call back number or supervisor name. In any situation, do not give any personal information out if you’re not positive it’s a legitimate source.

2. Use strong password protection 

One of the easiest ways to protect yourself is to have a strong password (strong being the key word). Simple passwords, like Password1234 or one that includes personal info like your name or name of your children, can make gaining access to your computer and data easy. Use complex passwords with a mix of uppercase and lowercase letters, as well as numbers and symbols. You could also consider using a passphrase, which can be a series of random words or a sentence. Passphrases can be easier to remember and are generally longer than a normal password for added security.

It’s also a good idea to vary passwords across different websites and profiles and change them frequently. Again, you’re probably already aware of that, but there are still a lot of people out there who aren’t doing these things. After all, it’s easier to remember our passwords if we always keep the same, right? Which also means it’s easier for others to guess them and/or hack into your accounts.

Don't Forget

Use complex passwords with a mix of uppercase and lowercase letters, as well as numbers and symbols.

3. Use multi-factor authentication (MFA)

MFA goes along with protecting yourself from the password stage, and can be a helpful additional step to verify your identity if you have access to it. Not all apps and software have the option for MFA, but if yours do, it’s worth taking advantage of. If you haven’t used it before, MFA works by using at least two different components to verify someone’s identity and grant access during login. This can help you feel better about the danger of compromised passwords by adding an additional layer of security.

  • There’s a chance you already have experience with MFA. Do any of your logins require you to enter a password as a first step, and as a second step, you receive an email/text message/notification asking you to verify you are the person attempting to log in? If so, that’s MFA. You also might be asked to download an app that then sends you a push notification every time you log in and you have to accept the push in order to gain access.
  • MFA is important because it means even if a hacker or phisher is attempting to gain access to your personal information, they can’t without the next factor authentication, and you’ll likely be aware almost immediately that someone’s who’s not you is trying to log in to your account(s).

Cybersecurity also deals with other serious issues like having sensitive information stolen, or even crimes being committed using your personal network.


4. Avoid pop-ups, unfamiliar links, and emails from unknown senders 

Have you ever been surfing the web and received a pop-up with a sale offer that seemed too good to be true? Well, there’s a fair chance you’re right in being suspicious – it could very well be a phisher. Phishers masquerade as trustworthy sources in order to convince someone to hand over sensitive information. Phishing scams often use text messages, emails, and even phone calls to pose as a reputable source and ask for your Social Security number, account numbers, and passwords. They can then access your bank accounts, email, and other sensitive information.

Common messages you might receive from a phisher include emails or texts saying there’s been suspicious activity on one of your accounts and asking you to verify your account info. They also may include links to make payments, say you’re eligible for a government refund, or even offer promotions for free things. (As tempting as it may sound, it’s best to resist!)

  • A smart and easy way to protect yourself against phishers is to simply never enter any of your personal information in any window, pop-up box, or email that you have not opened or initiated yourself. 
  • If you ever receive suspicious emails you don’t recognize, immediately delete them or send them to spam. Don’t open or click on them to further investigate .
  • If something suspicious is sent to your work email, you can try contacting your IT department. They may be able to see trace where the email has originated and if it’s a reputable source or not. 

Alright we’re halfway through – still with us? We know this can be a bit daunting, but being informed can go a long way in keeping yourself protected online.

How Marcus Protects Your Information

At Marcus, we make it a priority to protect your privacy and safeguard your account information. We take the security of your personal information seriously and work to limit access to your personal information to authorized employees, agents, contractors or vendors. We also maintain physical, electronic and procedural safeguards designed to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure while in our possession.

5. Keep your software up to date

We’re used to seeing the pop up window prompting us to install the latest software updates. And there’s also a chance we typically ignore them, or hit the “remind me later” option (not just us, right?). Well as it turns out, as annoying as they sometimes seem, those updates are pretty crucial to keeping our information secure . Keeping your software up to date is one of the easiest ways to protect yourself against hacking. Software patches (aka software updates) often address security vulnerabilities, and sometimes have an option to update automatically. It’s a good idea to enable these automatic updates if available (one less thing to have to remember, right?). 

Today’s hackers can automatically scan thousands of computers at a time looking for vulnerabilities and security holes. That makes individuals easy targets for hackers – not just big companies with fancy IP (intellectual property) to steal like you see in the movies. 

It’s also worth mentioning that if you don’t already utilize anti-virus software, that can be a helpful layer of protection as well. Anti-virus software works to prevent and remove malware on your computer. However, anti-virus software isn’t a Band-Aid for all cybersecurity risks and should be viewed as an additional step to protect your information rather than a cure-all.

Content to keep you on the path to financial well-being.

6. Install a firewall

This might be another thing you’re already utilizing, but it’s worth mentioning because one of the biggest threats to cybersecurity and your personal info is malware (think computer viruses). And that’s where having a firewall installed can help. There are two types of firewalls: hardware and software. 

  • Firewall software is typically included with most operating systems, so you just need to be sure to enable it. It’s also available from software vendors and internet service providers, but if you download it yourself, be sure you’re getting it from a reputable source on a secure site.

Pros: you may be able to control the internet websites that your computer is allowed to send and receive information from (so basically, you can get specific about where information can and can’t be accessed).

Cons: typically located on the same system that is being protected, so if the system does get hacked it’s possible for the software to be disabled as well. 

  • Hardware-based firewalls are a physical device positioned between your computer and the internet. Some internet service providers may include a hardware-based firewall with your router.

Pros: provide additional line of defense against attacks on desktop-computing systems. 

Cons: a separate device that requires a trained professional to support it (in terms of the initial installation and any maintenance).

You can use both hardware-based firewalls and firewall software. And if you only use one, that’s great too! It’s more important that you use a firewall at all than what type you use.

7. Stay protected when using public Wi-Fi networks

As convenient as it is to use free Wi-Fi at coffee shops, hotels, airports and so on, they’re not always the most secure connections. There’s a chance that when you connect to a public Wi-Fi network and send information through a website or app, that info could be accessed by someone else who’s also connected to the network.


One way to help keep your info protected while using a public network is to only send information to sites that are fully encrypted


You might be thinking “how am I supposed to know if a site is encrypted or not?”

Pro tip: look for “https” at the start of the URL of any site you’re visiting. The “s” at the end stands for “secure.” However, sometimes sites can be sneaky: the homepage might be secure but not necessarily the entire site (so if you’re jumping around page-to-page, be sure that “https” is there the whole time).

Unfortunately, mobile apps don’t have the “https” like you’d see when you’re on desktop or laptop. If you’re using a public network, it might be a good idea to avoid using any apps that require your personal or financial information. Stick to visiting those when you’re at home or using a private network you know is secure. 

8. Keep your own Wi-Fi network secure

There’s more to protecting your home Wi-Fi network than just keeping your neighbors or strangers on the street from getting free internet. Just like using a public network can put your information at risk of being accessible, people who have access to your home network also potentially have access to your information, too. Not only could they dig up your passwords and other sensitive information, if someone gains access and uses your network to commit a crime , it can be traced back to your network and address.

To protect your home network, change your router name from the default to something only you know. Also be sure to change your router’s pre-set password and use long, complex passwords with a mix of upper and lower case letters as well as numbers and symbols. 

Final tips to keep in mind

It can certainly feel overwhelming to have to think about all of these different ways to protect yourself against cyber-attacks. Not to mention, the thought of having your personal information stolen is frightening! But for some parting thoughts, here are some key points to keep in mind: 

  • Never share any personal information with a person, website, email address, or app that you are not familiar with and that you have not sought out yourself. 
  • If you ever receive a text or email from the IRS asking for your information, it could be a cyber-attack. According to the IRS website, the IRS does not initiate contact by email, text messages, or social media channels requesting personal or financial information. If you receive a message from the IRS requesting personal or financial information, do not respond to it. Immediately delete the email or close out the window (whatever the case may be). If you receive any correspondence you find suspicious, the IRS advises to not open it or click any links. Ideally, forward the email or link to [email protected]
  • Certain correspondence claiming to be from the FDIC can be fraudulent as well. The FDIC does not send unsolicited correspondence of any kind requesting personal information or asking for money. If you receive any correspondence claiming to be the FDIC requesting information like your bank account info, credit card or debit card numbers, your Social Security number, or any passwords, do not respond.

This article is for informational purposes only and is not a substitute for individualized professional advice. Individuals should consult their own tax advisor for matters specific to their own taxes and nothing communicated to you herein should be considered tax advice. This article was prepared by and approved by Marcus by Goldman Sachs, but does not reflect the institutional opinions of Goldman Sachs Bank USA, Goldman Sachs Group, Inc. or any of their affiliates, subsidiaries or division. Goldman Sachs Bank USA does not provide any financial, economic, legal, accounting, tax or other recommendation in this article. Information and opinions expressed in this article are as of the date of this material only and subject to change without notice.  Information contained in this article does not constitute the provision of investment advice by Goldman Sachs Bank USA or any its affiliates. Neither Goldman Sachs Bank USA nor any of its affiliates makes any representations or warranties, express or implied, as to the accuracy or completeness of the statements or any information contained in this document and any liability therefore is expressly disclaimed.