They’re coming after you. They’re coming after me. They’re coming after anyone with a heartbeat, a social security number, and money. Cyber criminals wake each day looking for ways to take from you.
There is more computing power in an iPhone 6 than was available to NASA in 1969 as Apollo completed the first lunar landing. The incredible advance in computing and near-universal use of the internet has vastly improved our lives, but it has also created a deep vulnerability as our private information is now stored on servers around the world.
Cyber criminals will use the information they gain about you to raid your bank accounts and steal your identity.
The most publicized data breaches of late were massive. In September of 2017, Equifax gave up the data on 147 MILLION consumers, including driver’s license information, social security numbers, and birthdates. That’s about half of the US population as of 2018. Equifax is the oldest credit bureau and the vast majority of their customers had never signed up for their services or explicitly authorized them to collect their private data.
Capital One was breached this past July, and according to the notice on their website, data from 100 MILLION individuals in The United States were compromised. They are quick to point out, however, that “only” 140,000 social security numbers were compromised.
These breaches are not your fault, but you must do something to protect yourself immediately. Here are 3 steps you can take right now to improve your cyber hygiene and guard your data.
GET A PASSWORD MANAGER NOW
Experts agree that the number one cyber vulnerability is people not machines.
The simplest way to protect yourself is by creating unique passwords for every single one of your log-ins. The days of using the name of a favorite pet, your kids, or some mashup of family birthdays are over. Gone are the days too when even one strong password could be used over multiple websites.
When a criminal obtains your log-in information from a non-financial site, like the MyFitnessPal breach, they go straight to all of the bank websites and attempt to log-in to your accounts with those credentials. If you use the same username and password across all websites, it’s over.
While technology has made us more vulnerable it has also offered solutions to simplify things. A password manager allows you to easily generate and store secure unique passwords for every single site in which you have a log-in. They provide convenient access to these passwords when you need it across all your devices.
Companies such as 1Password, LastPass, and Dashlane offer either a free trial or free version and if you click on any of these links you can see how easy it is to get started. You may want to consider a paid version if you plan to share certain passwords with family members. These companies all have an app that integrates into your phone as well as an extension for your internet browsers such as Chrome or Edge. You must remember just ONE super-strong password so you can unlock your vault. Experts recommend using a multi-word phrase for which you’ll easily remember while being creative to add numbers or symbols such as “thecolorofmyf!rsthomewasGR33N”.
Does it seem daunting to change all your passwords? Forget about that. It’s not, because with a password manager the key is getting started. Once you install the password app extension on your browser, you will be prompted to store your username and password as you log into sites during the normal course of your day. This process can be done over several months as you go about your life paying bills, logging into credit card sites, and making purchases on Amazon. The key here is for every site you sign-in to, you must go into the app and create a new strong password.
The password manager can be used to create unique, secure, and long passwords and then stores the update in your vault automatically. The next time you visit a site you’ve added to your vault, the manager will ask if you’d like the stored username and password to be input for you. That’s it, you’re in.
As your top priority, I would recommend changing your email password(s) first. Criminals who gain access to your email can cause all kinds of problems such as impersonating you at your cell phone carrier, effecting bank transactions, and changing passwords at financial institutions.
Add Two-Factor Authentication
The next action item to prevent unauthorized access to your accounts is through Two-Factor Authentication (sometimes written as “2FA”). You opt into this under the security settings of many websites. The most common method is to provide a cell phone number or email address and whenever you log-in from an unrecognized device or location, a text/email with a unique code will be sent. You then input that code into the website to confirm it is you accessing the site. You can then opt for the site to remember your device and location so the next time you log-in you can skip this step. There’s a side benefit here too. If someone is trying to access your account without your permission, you’ll receive a code you never asked for which will prompt you to change your credentials immediately.
Want even more security with Two-Factor? Authentication apps are gaining in use and popularity. Instead of the website sending a unique code via text or email, the website asks for a code that can only be found on the authentication app on your phone. The app is linked to the website and provides a code that changes every 30 seconds. After logging in, you simply open the app where you’ll find a list of websites you’re using and an access code. Enter the code into the log-in step on the site and you’re in. Many popular sites will let you link Google Authenticator as your form of authentication.
Yes, this often results in one more step, but it’s all about securing your data and your financial assets. Make it harder to steal your data than others and you’ll be less vulnerable.
Freeze ‘em Out
The final step is to place a freeze on your credit at the three major credit bureaus. Most new credit is obtained only after a credit check is completed. When you apply for a new credit card, auto loan, or mortgage, for instance, that institution will run your credit. Imagine that some criminal from the Equifax breach has your private information such as Social Security number and date of birth. They then use this information to apply for a credit card to fund their massive shopping spree. As the credit card company processes the application, they’ll run a credit check and find that the file is frozen. They then notify the applicant to unlock their credit, but of course the creep doesn’t have that ability and thus is never heard from again.
Since most people don’t need to access their credit more than once or twice per year, placing a credit freeze can be a great solution. My credit has been frozen since the Equifax breach. In practice, locking and unlocking your credit file isn’t that difficult. Last year as we were leasing our office space we were told a credit check was required. I simply asked what day and what bureau they’d use to run the credit check and unfroze my credit at that specific bureau and for that specific day. My credit was checked and verified, and my credit automatically refrozen until next time.
A credit freeze does not hurt your credit or prevent you from ordering your free annual credit report. Thanks to a new federal law, as of September 21, 2018 you can freeze and unfreeze your credit for free! When you sign up, you’ll be given a PIN or password to use when you need to unfreeze. Guess where you’re going to store that information? In your new password manager.
Placing a freeze certainly adds one more step to the process when obtaining credit, but the 10 minutes spent unfreezing your credit could save you months of work cleaning your credit file from a scammer.
Here’s additional information and a link to the Federal Trade Commission with details on freezing your credit:
Here, I’ve given you three very important steps you can take to immediately improve the security of your personal and financial information. It’s probably best to assume that your information is out there already, and someone is going to try to use it to defraud you. And while no one is completely safe, by taking these steps you’re making your information more secure than the next person.
Unfortunately, no system is foolproof in this new world where criminals reinvent their tactics daily. But having a plan in place which evolves with the times is paramount.
In case you’re wondering, our firm has documented policies and procedures in place to guard your information and assets. We’re not in the cyber security business but we do take the protection of your data seriously and will gladly spend individual time with each of you to assist in setting up these 3 important security measures. It’s that serious. Call or email us!
Further reading and resources: