3 Steps to Keep Your Digital Data Safe, Courtesy of a Financial Planner

The growing use of AI and modern technologies has made it easier for criminals to create and automate malware, impersonate employees and exploit weaknesses in systems quicker than before.

Investors need to be alert. Even if you practice great cyber hygiene at home — updating devices, using secure passwords, limiting online exposure — your personal data might still be at risk because it's held by banks, insurers, medical providers and investment platforms.

Explore several key areas to pay attention to and steps you can take to help protect yourself, your friends, and your family.

Maintain good data hygiene

Protecting personal data starts with everyday habits. Review privacy settings on smartphones, computers and apps to limit third-party access.

Social media platforms — including Facebook and LinkedIn — offer privacy controls, but they typically default to sharing more information than necessary; 68% of social media users have changed their privacy settings to be more restrictive.

Adjusting these settings is crucial if your profile includes contact details, birthdays, employment or family. While sharing those details may seem harmless, scammers can use them to impersonate individuals.

The Federal Trade Commission reported that financial fraud reached $12.5 billion in 2024, a 25% increase on the prior year, with imposter schemes accounting for many.

Criminals have been targeting older Americans more aggressively, as they're less likely to recognize fraudulent communication. This makes proactive protection even more critical; maintaining strong privacy can make you less visible and a more challenging target.

Remove your data from the web and close old accounts

Every new account you create online stores your data in a system. While you might stop using the platform, your emails, phone numbers, addresses and other identifiers can remain active.

Even if the company storing this data has strong security practices, its third-party processors may not — which is where breaches often occur.

While some of this is beyond your control, you can hire a company to remove your data from the internet. Providers such as Incogni, DeleteMe or Optery handle this process for you. I used Incogni, and it eliminated hours of manual submissions.

Despite growing concerns about data privacy, only 6% of American adults have ever used a data-removal service, which means most people still have personal information circulating online without realizing it.

These sites don't guarantee full protection, but they do help minimize your personal information's footprint online. Websites should respond to valid requests to delete your data from their systems, which is where such services come in.

You might also want to close accounts you no longer use. The fewer inactive profiles linked to your identity, the fewer places hackers can gather data points. This is increasingly critical, as AI data-scraping systems can now rapidly compile and analyze personal details, making it even more important to limit what is publicly accessible.

Choose institutions carefully

Although evaluating data governance policies might be difficult in practice, choosing institutions with strong security protocols can make a difference.

Companies are governed by different data privacy laws depending on where they are, and those in Europe — or doing business there — are subject to the General Data Protection Regulation (GDPR), one of the strictest frameworks. GDPR requires clear policies for how customer information is collected, stored, used and disposed of, creating higher expectations for data handling.

Some large Fortune 500 companies voluntarily adopt GDPR-level standards and might state that in their compliance policies.

Most institutions publish their customer use and data privacy policies online, outlining what they maintain, such as names, addresses, account numbers and history, and how that information is used. Reviewing these disclosures can be daunting, but for investors, these policies can serve as a differentiator and an informed decision point.

In the financial industry, the updated Regulation S-P is creating more consistent expectations around safeguarding client data. These rules will apply to covered institutions such as broker-dealers, investment companies and SEC-registered investment advisers.

While firm-level compliance efforts might be substantial, striving for higher standards can help ultimately benefit investors. A notable feature of Regulation S-P requires service providers to notify covered institutions within 72 hours of discovering unauthorized access to customer information.

This is expected to push firms to strengthen incident responses and system monitoring so breaches are communicated quickly. This can give investors more time to respond, change access to credentials and help prevent further exposure.

The digital landscape is evolving

Cybersecurity risks will continue to evolve rapidly, especially as criminals automate attacks using AI tools and data scraping. Recently, Anthropic disclosed that criminals attempted to use Claude AI to orchestrate a large-scale automated cyberattack, signaling where the threat environment is headed.

Investors don't need to become cybersecurity experts, but awareness matters. Your financial adviser can help you interpret risks, monitor updates and understand when personal information might be vulnerable.

Protecting your financial life today is no longer just about managing investments — it now includes protecting personal data.

Maintaining good data hygiene, reducing exposure, and working with institutions that take data privacy seriously are increasingly part of responsible financial planning.

Related Content

• Retirement in the Age of Cyber Scams: How to Protect Your Next Chapter
• Seven Things to Do Right Away If You're a Victim of a Data Breach
• Is Identity Theft Protection Worth It?
• Ease of Technology Can Actually Complicate Your Financial Life
• I'm a Wealth Adviser: If You're a DIY Investor, Don't Make These Five Mistakes

This article was written by and presents the views of our contributing adviser, not the Kiplinger editorial staff. You can check adviser records with the SEC or with FINRA.