June 2026
Cybercrime is now a $10.5 trillion industry, and AI has made it easier than ever to target everyday people online. Most people know they need stronger protection online but aren't sure where to begin. The good news is that a handful of straightforward steps can make you a significantly harder target.
In this video, Chief Investment Officer Meghan Pinchuk sits down with Mark Hurley, CEO of Digital Privacy and Protection (DPP), to walk through exactly what those steps are.
From building stronger passwords to locking down the settings on your devices and apps, they cover the practical fundamentals of staying safe online. They also cover the common attack methods people are falling for right now, why services like LifeLock may not be the safety net you think they are, and what your real options look like for protecting yourself and your family.
0:00 Introduction & About Digital Privacy and Protection
1:43 Why is cybersecurity a bigger issue today?
3:06 If we're all going to get breached, why bother?
5:26 The three pillars of basic cyber hygiene
7:51 Passwords: what's actually required in the AI era
10:40 Device & app settings: security and privacy
14:08 How criminals use your personal information against you
16:10 Phishing attacks: how to spot them and what to do
18:01 Viruses, RATs, and how to tell if you've been breached
20:50 Juice jacking: the danger of public charging stations
23:30 Protective technology: password managers and VPNs
27:00 Are identity protection services like LifeLock worth it?
30:13 Settings need ongoing maintenance — this isn't a one-time fix
31:16 What DPP's service includes and what it costs
36:49 Closing: you have to do something
As part of our commitment to your overall financial wellbeing, we are pleased to make DPP’s cybersecurity services available to our clients. Please note that DPP's services are not available to the general public- they are offered exclusively through wealth management firms like Morton.
Here is a summary of what DPP's bundled service includes:
Initial Setup & Technology: DPP remotely installs and configures a password manager, a virtual private network (VPN), and a private email account across your devices. They also engage hundreds of privacy and security settings on your devices, browsers, apps, and online accounts.
Password & Account Management: Passwords across your online accounts are reset to unique, sophisticated credentials and stored securely. Dual-factor authentication is enabled where applicable.
Ongoing Monitoring: DPP continuously monitors the dark web for your personal information, tracks your credit reports, and receives notifications of any filings against your real property titles.
Annual Reviews & Updates: Each year, DPP conducts a full digital privacy and security review, prepares an update plan, and implements necessary changes- including wiping data from lost or retired devices.
Breach Response: In the event of a breach, DPP provides full remediation support, including police reports, credit bureau actions, and password resets.
Education: Clients and their families receive ongoing cybersecurity education, including training for children and updates on emerging threats.
Pricing
Pricing for DPP’s service is $35/month*, which covers software setup and training for up to 3 devices. Setup and training are conducted via Zoom and are designed to be as streamlined and efficient as possible. Additional devices and software licenses can be added for an additional fee.
* Initial subscription for one year, quarterly thereafter. All devices share one password manager and private email account. See DPP Sublicensing and Services Agreement for all terms.
Learn More
If you are interested in learning more, DPP has created a dedicated intake page exclusively for Morton Wealth clients:
Simply fill out the form, and DPP will reach out to schedule a complimentary 20–30-minute introductory call to walk you through the service and answer any questions.
The questions below are organized by topic and correspond directly to the conversation in this episode. Use this guide as a reference as you watch or listen, or share it with someone who could benefit from these protections.
Why should I care about cybersecurity now more than ever?
Cybercrime has become a $10.5 trillion global industry — larger than the illegal drug trade. Criminals were among the first to adopt artificial intelligence, using it to automate attacks at massive scale. It's now statistically near-certain that you or someone close to you will be targeted. The question isn't whether an attack will happen, but whether you'll be a worthwhile target when it does.
If even the FBI gets breached, is there any point in trying?
Yes — and this is a critical mindset shift. Think of it like the 'bear in the woods' story: you don't have to outrun the bear, just the person next to you. Criminals run automated attacks. If they hit your defenses a few times and make no progress, it becomes economically unviable to keep targeting you. The goal is to make yourself a harder target than the average person — not to achieve perfect, zero-risk security.
How do criminals use my personal information against me?
They study your habits, relationships, and routines — drawn from unprotected social media, apps, and devices — to craft personalized, highly convincing scams. This is rooted in behavioral psychology: criminals identify your mental reference points and design attacks around them. For example, burglars have used unprotected social media location data to determine when homeowners are away. This tactic was linked to 80% of the 900,000 home burglaries reported last year.
What makes a password secure in today's world?
The bar has changed dramatically because of AI. Security research shows that any 8-character alphanumeric password can now be cracked in under one second. A 15-digit number-only password takes less than two seconds. Every critical account — financial, email, cell phone, social media, and major shopping accounts like Amazon — needs a unique, randomly generated password of 20–25 characters. With quantum computing on the horizon, that requirement will likely increase to 50 characters within five years. Never reuse a password across accounts.
TIP
Use a password manager (see Technology section below) — there is no realistic way to memorize dozens of 20+ character passwords.
What settings do I need to turn on, and why aren't they on by default?
Devices, browsers, search engines, and apps come with most security and privacy settings turned OFF by default. This is intentional: tech companies profit enormously from collecting and selling your data. (Meta earns $60 billion per year this way; Amazon makes more from selling user data than from product sales.) There are approximately 900 settings across a typical family's devices and accounts. Two categories matter most:
Security settings prevent your passwords and login data from being stored in accessible locations on your device. If your phone is stolen or compromised, these settings keep your credentials out of a criminal's hands.
Privacy settings stop your device from broadcasting your location, behavior, and personal data to third parties in real time.
TIP
These settings are reset every 6–8 months by companies. Plan to review and update them every four months to stay protected.
What technology do I need to protect myself?
Three tools form the core of basic protective technology:
Password Manager — stores, generates, and auto-fills your complex passwords. DPP recommends Keeper. Avoid free password managers — many are backed by foreign state actors or sell your data.
VPN (Virtual Private Network) — encrypts your internet traffic when you're on public Wi-Fi, preventing others on the same network from copying your information. DPP recommends Surfshark. Only use it on public networks; keep it off otherwise.
Private Recovery Email — a paid, dedicated email address used solely for account recovery. Criminals use your day-to-day email to reset passwords. A separate recovery email (not a free service) cuts off that attack route.
Can I just do one or two of these things and still be protected?
No. These three pillars work together as a system. Skipping any one of them is like building a fort and leaving out a wall. Criminals continuously probe for weaknesses — if even one layer is missing, they'll find it and exploit it. All three components are required to achieve meaningful protection.
What is a phishing attack and how do I avoid falling for one?
A phishing attack is when a criminal impersonates a legitimate institution — your bank, a custodian, Microsoft, Apple, or even your financial advisor — and contacts you to trick you into granting account access. They typically create urgency: 'We think someone is trying to get into your account — we need to act now.'
The hard rule: Never open or access a financial account because someone called you. Period. Legitimate banks and financial institutions do not call you when they suspect fraud — they simply freeze the account. You will call them to restore access. If you receive an urgent call from anyone claiming to be your bank, hang up and call the institution directly using the number on their official website.
How would I know if my device has a virus?
This is one of the most unsettling aspects of modern cybercrime: most people are breached for two weeks to two months before they notice anything. Criminals prefer to take their time and learn your systems before acting.
Warning signs to watch for:
If you notice anything unusual, don't wait — get help immediately. The longer a criminal has access, the more damage they can do.
TIP
If you are a Morton Wealth client and think you've been breached, call Morton right away. DPP provides breach remediation support on a pro bono basis for Morton clients.
What is 'juice jacking' and should I avoid public charging stations?
Juice jacking is what happens when you plug your device into a public USB charging station and a criminal uses that connection to steal your data or install a virus. A Wall Street Journal investigation found that every public charging station tested at JFK Airport was infected.
The solution is simple and inexpensive: carry a USB data blocker. It plugs between your cable and the charging port, allowing electricity through but blocking any data transfer. They cost about $2 each and are available at Target, Walmart, and Amazon.
TIP
DPP recommends the PortaPow brand — avoid cheap counterfeit versions. Carry a few when traveling. They also work in rental car USB ports and hotel charging stations.
I have a LifeLock or identity protection service — am I covered?
Identity protection services are not a substitute for cyber hygiene, and for most people they are not worth the cost. They are reactive, not preventive — they notify you after something has gone wrong, they don't stop the attack. Identity theft is also not the primary threat to your wealth: by federal law, you are not personally liable for fraudulent credit opened in your name. Direct financial account fraud is the real danger — and identity protection services don't cover that.
The insurance policies are largely uncollectable: most exclude 'simple negligence,' meaning if you clicked a link or made any mistake, the claim is void. These services also collect and sell your data, which can actually worsen your cyber privacy. Prevention — the three pillars above — is the only reliable protection.
Once I get everything set up, am I done?
No — and this is one of the most common misconceptions. Cybersecurity is an ongoing process, not a one-time setup. Tech companies change privacy settings every 6–8 months, effectively resetting your protections. You also get new devices and open new accounts over time, and criminal tactics evolve continuously.
Plan to review and update your settings and software roughly every four months. DPP's service includes quarterly check-in appointments specifically for this purpose.
What does DPP's service include and how much does it cost?
DPP's service is $35/month and covers up to three devices (desktop, laptop, phone, or tablet). Additional devices are $5/month for three more. The service includes complete setup of your password manager and all protective technology; security and privacy settings configured across all your devices, browsers, and apps; quarterly update appointments to keep settings current; dark web monitoring; title fraud alerts; 24/7 support (most calls resolved in under five minutes); and breach remediation assistance if something does go wrong.
Initial setup typically takes two to three 2-hour Zoom appointments, depending on the number of accounts and devices you have.
How do I know my data is safe with DPP?
DPP is structured specifically to minimize the data it holds about you. The company never accesses, stores, or copies your passwords — and records every appointment session for accountability. Any personal data collected (such as partial account numbers for dark web monitoring) is stored in incomplete form, making it useless to criminals even if DPP itself were ever breached. All appointments are conducted via Zoom.
What if I'm not tech-savvy — can I still do this?
Yes. DPP's average client age is 75. The service is designed for anyone, regardless of technical ability. If something stops working, their 24/7 support team can typically resolve issues in under five minutes. You don't need to understand the technology, just be willing to invest the upfront time to get set up.
Can I do all of this myself without hiring a service?
Yes — none of this is beyond the average person. But it is a substantial time commitment. DPP spent 18 months building out the full protocol, and even then their first setup took 75 staff hours. For most families, doing it alone would take many days across multiple sessions, and you'd need to keep up with changing settings every few months on your own.
Think of it like lawn care: you can absolutely mow your own grass, but many people prefer to hire someone. The real question is whether you want to invest the time, or spend that time on other priorities. Either way — you have to do something. Doing nothing is no longer an option.
You don’t have to use this service.
But you do have to do something.
Our clients have worked hard for their wealth. At Morton Wealth, we work hard to protect and grow it through financial planning and true diversification. Cybersecurity is another equally important form of that protection.
