We require 2-Factor Authorization (2FA) via a 2FA app (Authy or Google Authenticator).
We require password formats that are difficult to hack.
We hash password data using SHA-256 so it’s impossible to decrypt.
We maintain multi-level security protocols on our servers.
We use SSL connections only (the little padlock or HTTPS before our URL).
Nevertheless, these measures alone can’t protect your account against all risks. You are the first line of defence against cybercrime. So what can you do?
First, get to know the most common threats and then learn how to repel them.
Websites store your data on servers. If cybercriminals hack into these servers, they can steal passwords, email addresses, phone numbers, and so on. Some of the biggest names in tech have suffered large data breaches, including Facebook, Twitter, and Capital One.
This is where an attacker poses as a legitimate person or business to trick you into sending sensitive information. They often use similar logos and URLs to deceive you, or play upon your security fears to encourage you to click rogue links or reveal personal data.
This is nasty software that gets under the skin of your device and steals from you – often without you realizing. Some malware will track the sites you visit, such as banks, and record your keystrokes. It’s then easy to figure out your log-in details to steal from you.
Even your browser can be hacked. Cybercriminals can then take advantage of browser-saved passwords and email addresses, or redirect you to fake websites.
When you use an unsecured internet connection, such as a public wifi spot, hackers can steal data sent between your device and the website. This is also common on unsecured websites (without the padlock or “https” before the URL).
This is a specific type of malware that hijacks your computer or hard drive and asks you pay a ransom – usually in cryptocurrency – to release your data. Until you pay the ransom, your computer or devive will have no or limited access or functionality.
This is just a short list. To protect your account, you must use all the measures at your disposal, so let’s take a look at them now...
MyConstant is a sensitive app. Any app that handles your money is sensitive. Enable 2FA wherever it’s available – and think twice about using a website where it isn’t. If you lose your device, contact us immediately so we can help reset your 2FA app.
A strong password is essential. This Avast blog lists some good ideas. Avoid short, common formats and use a minimum of 15 characters. The longer, the better, the more random, the better, the larger the selection of character types, too, the better. Importantly, don’t share it with anyone – if you do, change it. Always change your password when compromised in data breaches, too. Sign up for security alerts such as those Google and Firefox offer.
If you suspect someone is monitoring your internet connection, use a Virtual Private Network (VPN) to browse. This creates a secondary but secure transmission pathway from your browser to the website you want to visit.
A VPN works by masking your IP address and diverting data through its servers. This means only you and the website you visit can see transmitted data. You do need to pay for a VPN, though, and they can slow down your connection, so only use them when you need to be extra safe.
Sounds obvious, but only you should know your password. You multiply your risk every time you share it with someone else. How can you be certain they’ll protect it? So don’t share it with anyone – not even friends and family. If you do, change it immediately afterwards.
A good antivirus and antimalware program will help keep your computer free of viruses and other software that can track, harm, or exploit your data. But only if you use it, of course. They should always be left on, with full-system checks scheduled at regular intervals. Here are a few security packages to choose from.
Cybercriminals often impersonate a legitimate person, company, or institution to trick you into revealing personal data in a practice called phishing. This might be a fake email from your bank – with logos – or a customer service representative calling to ask you to “update your details”.
Be vigilant and only trust official communication channels and senders.Our current official email addresses are:
If you’re unsure what or whom to trust, please email us at hello@myconstant.com and we’ll send you our list of official communication channels. Whatever you do, don’t click links or reveal data to anyone even vaguely suspicious. If the sole aim is to get sensitive information from you, be on your guard.
Public wifi hotspots at airports, coffee shops, malls, and so on rarely offer secure connections. They’re easy pickings for any hacker who wants to steal your data. All they need do is intercept the connection and then wait for you to transmit data. If you must use public wifi, don’t access password-protected sites or share any sensitive information. Even better, use a VPN (Virtual Private Network) that secures your connection.
If the thought of managing your password manually puts you off, consider a password manager. It generates strong passwords for you and enters them with a single click. A popular choice is 1-password. It’s about $3 per month and is considered one of the best password managers on the market.
When visiting a website, look at the URL bar at the top. Fake sites use a similar URL to the real one, but the Top-Level Domain (the bit after the website name) often differs. For example, it might be “myconstant.co” or “myconstant.xyz” instead of our legitimate URL “myconstant.com”.
Also, you should see a padlock or the letters “https” before the URL. Like this:
This means the connection between your browser and our website is encrypted. If you see neither, the data you send is visible to anyone listening in on your connection. You can still use websites without the secured symbols, but don’t give them any sensitive data.
Lastly, sign up to a free cybersecurity newsletter so you’re aware of the latest threats. There are many to choose from such as this from the Mississippi Department of Information Technology Services. Prevention is always better than cure and the more you know, the better protected you’ll be.
I hope these measures help you stay safe online. Remember this isn’t an exhaustive list, but a solid starting point. Please take the time to understand the importance of online security. A “this won’t happen to me” attitude is risky, and as I said at the start, online security is a shared responsibility. We’re doing our part – please also do yours.
Loan Originator is a global product, meaning it allows you to invest in people and businesses around the world. In the US, there are restrictions on what you can invest in and where as certain jurisdictions and products pose a higher risk than others. When you’re an accredited investor, you’re allowed to invest in securities that aren’t registered by the Securities and Exchange Commision (SEC) such as those offered by Loan Originator.
An accredited investor is someone who can legally invest in non-registered investment securities. They usually have to meet certain income or net worth requirements, or have to demonstrate professional investing experience. For example, accredited investors are those with a net worth of $1 million (less the value of their primary residence), an annual salary of at least $200,000 ($300,000 if it’s a joint income), or who are registered as brokers or investment advisors.
If you meet the SEC criteria for being an accredited investor, you already are one. You don’t have any forms to complete or sign. Simply fulfilling the criteria makes you an accredited investor. Before you invest in Loan Originator, we will ask you certain questions to establish whether you meet the criteria of accredited investor. And if approved, you’re free to invest in Loan Originator loans.