2025 Q4 Market Review – Cyber Hygiene and Your Data

By Schultz Collins Investment Counsel on January 31, 2026

This fourth quarter was a mixed bag of sentiments and outcomes. Despite a spike in job cuts, the longest U.S. government shutdown to date, tariff impacts, and a myriad of negative headlines, the fourth quarter ended somewhat positive for both equity and fixed income markets.

The MSCI All Country World Index, a benchmark for global equity markets, rose 3.37% during the quarter and is up 22.87% during the last twelve months. In domestic equity markets, the S&P 500 Index of large U.S. companies returned 2.66% in the last three months and 17.88% in the last twelve months. Small U.S. companies, as measured by the Russell 2000 Index, was up 2.19% in the fourth quarter and up 12.81% in the trailing twelve-month period. The Dow Jones U.S. Select REIT Index of U.S. real estate markets lost 0.79% from September to December but is up 3.67% over the trailing 1-year period. International equity markets were also up for the fourth quarter.

The MSCI EAFE Index of large company stocks in foreign developed countries returned 4.91% over the quarter and returned 31.89% in the trailing 12-month period. The MSCI Emerging Markets Index, a benchmark for international equities in emerging markets, gained 4.78% during the quarter, and 34.36% in the last twelve months.

In general, bond markets experienced gains during the fourth quarter. The Bloomberg U.S. Aggregate Bond Index rose 1.10% during the quarter and 7.30% during the last twelve months. Intermediate-term corporate bonds, as measured by the Intercontinental Exchange Bank of America (ICE B. of A.) U.S. Corporate 5-10 Year Bond Index, returned 1.20% in the last quarter and 9.50% in the last twelve months. Global bonds, as proxied by the Financial Times Stock Exchange World Government Bond Index, ended the quarter up 0.11% and ended the trailing twelve-month period up 7.55%.

Falling yields on fixed income securities coincided with higher expectations of the Federal Reserve, cutting interest rates, which occurred three times during the year. The Fed cut interest rates this year from 4.5% to 3.75%. The 10-year yield rose slightly during the quarter from 4.10% to 4.16%. The 10-year yield is a common benchmark for long-term borrowing cost. Lower interest rates makes it easier for individuals and businesses to borrow money, all else.

Cyber Hygiene and Your Data

What are our Best Practices?

Cyber Hygiene – Best Practices

Here are some key habits to adopt and reinforce that can help keep you safe in today’s digital world:

• Use Strong, Unique Passwords
  • Avoid reusing passwords across accounts. Use a password manager to generate and store complex passwords securely.
• Enable Mult-Factor Authentication (MFA)
  • MFA adds an extra layer of protection by requiring a second form of verification. Enable it whenever possible.
• Keep Software & Devices Updated
  • Updates often include security patches. Set your devices to update automatically or check regularly for updates.
• Reboot Weekly
  • Make it a weekly habit to reboot your devices. Restarting your devices helps apply updates, clear memory and improve performance.
• Practice Daily Digital Hygiene
  • Lock your devices when stepping away, even for a moment.
  • Avoid public Wi-Fi for sensitive tasks or when accessing personal/financial data. If public Wi-Fi is all that is available, it is recommend to connect to a VPN.
  • Update passwords regularly, especially if they’re weak or may have been compromised.

Cyber Hygiene – Spotting Phishing Emails

Here’s how you can recognize and report phishing attempts effectively:

• Scrutinize the Sender
  • Malicious actors often use email address that look legitimate at first glance. Always double-check the sender’s address and, if unsure, verify through a trusted channel (i.e., calling the user on their direct or work line).
• Watch for Urgency or Threats
  • Messages that pressure you to act quickly are red flags. Pause and very before responding.
• Look for Typos & Odd Language
  • Poor grammar, strange phrasing, or misspelled words are common in phishing emails.
• Hover Before You Click
  • Before clicking any link, hover over it to preview the actual URL. If it looks suspicious our unfamiliar, don’t click.
• Skip the Unsubscribe Link
  • Phishing emails often include fake unsubscribe links. Instead, block the sender and delete the email.
• Avoid Unknown Attachments
  • Never open attachments from unfamiliar or unexpected sources
• Beware of Pop-Ups
  • Pop-ups can redirect you to malicious sites or trigger downloads of malware like ransomware or spyware.
• Go Direct
  • Avoid clicking links in emails or pop-ups. It is always safer to navigate to websites by typing the URL directly.

Cyber Hygiene – Emerging Threats

Key threats to be aware of:

AI-Driven Scams

Cybercriminals are now using AI to create deepfakes, clone voices and deploy chatbot scams that convincingly mimic real people. These tools make social engineering attacks more difficult to detect and more effective and deceiving victims.

What You Can Do

• Be skeptical of unexpected emails or calls, even if they appear to come from someone familiar
• Always verify requests involving sensitive information or financial transactions using a trusted secondary method, such as a phone call or in-person confirmation
• Work with your financial advisor or institution to confirm any unusual or high-value requests before acting.

Ransomware Attacks

Ransome continues to disrupt operations across industries, including financial services. These attacks typically involve malicious software that encrypts data and demands payment for its release.

Ransomware can enter through phishing emails, compromised websites, or vulnerable systems. Once inside, it can spread quickly across networks, locking access to critical files and systems.

What You Can Do

• Keep your devices and software updated to close known security gaps
• Avoid clicking on suspicious links or downloading unexpected attachments
• Be cautious of emails that create urgency or ask for sensitive information.

Business Email Compromise (BEC)

BEC attacks involve impersonating executives or vendors to trick employees into transferring funds or sharing confidential data. These scams often bypass traditional security tools because they appear legitimated.

What You Can Do

• Be cautious with email requests involving money, wire transfer or sensitive data
• Double-check send email addresses for subtle misspellings or unusual domains
• Never feel pressured to act quickly. Attackers often use urgency to manipulate responses

Cyber Hygiene – Protecting Personal Data

What Information Do Attackers Want?

• Social Security Number (SSN)
  • Used to open fraudulent accounts, file false tax returns or commit identity theft.
• Bank Account Numbers
  • Can be used to drain funds or setup unauthorized transfers
• Date of Birth (DOB) and Other Personal Information
  • Often used to verify identity and access sensitive accounts

How to Safeguard Your Personal Information

• Never share sensitive data over email, text, or unsecured websites.
• Use strong, unique passwords and enable multi-factor authentication.
• Shred documents containing personal information before discarding.
• Monitor your bank accounts credit reports regularly.
• Be cautions of phishing emails, fake websites, and unsolicited calls.

What to Do If You Suspect Identity Theft

1. Contact your bank and credit card companies immediately.
2. Place a fraud alert with one of the major credit bureaus (Equifax, Experian, TransUnion).
3. Change your username and passwords (social media, email, banks, custodians, etc.).
   1. Remember to also setup two-factor identification, if applicable.
4. Inform your financial advisor to help make sure no fraudulent requests are made on your behalf.
5. Report the incident to the FTC at IdentityTheft.Gov.
6. File a police report with your local law enforcement.
7. Keep detailed records of all communications and actions taken.

Download a copy of the article here.