When it comes to cybersecurity, we are all in a state of emergency, but the real question is – is anybody listening?
A recent poll commissioned by Intercede, a digital security company, asked more than 1,000 men and women between the ages of 16-35 (aka millennials) in the U.S. and over 1,000 in the UK if they believed current safeguards are effectively protecting their digital identities and personal identifying information from exposure. The resounding answer from some 95% was “NO.”
This is yet another Paul Revere moment, in a string of recurring wake-up calls, and a very sad commentary on the state of cybersecurity efforts by public and private sector organizations.
The Intercede press release refers to a growing “millennial malaise” toward existing safeguards – among them “easily-hackable, widely used password-based authentication methods.” While this may change during the next few years as many organizations work to harden their defenses (at risk of raising regulators’ hackles and class-action attorneys’ level of excitement) and experiment with various new ways to authenticate from fingerprints to blinking “selfies,” this doesn’t change the current state of data insecurity and the perception that privacy is on life support.
So—in the absence of instant security gratification at a time when breaches have become the third certainty in life and consumers are the product – how do we better protect ourselves?
As I talk about in my new book Swiped, it’s time to think out of the box and develop a new paradigm for personal protection. I call it “The 3Ms.”
Minimize Your Risk of Exposure
- Don’t carry your Social Security card or those of your children in your purse or wallet – also don’t store any Social Security numbers (including those of your elderly parents, if you are handling their affairs) in your computer or any mobile device for easier access.
- Limit the vast array of credit and debit cards that you carry because you can’t conceive of leaving home without them.
- Never provide your personal information online, on the phone or in person to anyone who claims to represent a business or governmental agency regardless of how official or threatening they sound. Hang up and dial the official number (not the one displayed on your Caller ID – which can be spoofed), or go online and type in the correct URL of the organization (not a link in an email or a banner ad), or use an officially sanctioned app.
- Always properly secure your computer and smartphone with the most up-to-date firewalls and security software and save any sensitive information on an encrypted thumb drive.
- Never use free public WiFi — private VPNs are best.
- Use long and strong passwords (alpha-numeric, symbols instead of letters where possible) which you change frequently – or develop a core phrase – and never share them across your universe of email, social networking, retail and financial sites.
- Avoid using your email address as your user ID whenever possible.
- Use a separate email address for your most sensitive activities, as well as one for your social networking interactions.
- You don’t really need to answer security questions with truthful answers (the object is not veracity but consistency). Frankly, while your financial institution needs to confirm that you are neither a terrorist nor a money launderer, they don’t really care what your mother’s actual maiden name is. They also wouldn’t know the difference as to your pet’s real name or your truly favorite color.
- Take the extra few minutes to type your user ID and password as you log on to every site you visit or app you use. Why make it easy for a hacker because you want to save one or both to shave a few seconds off your login time?
- Shred any document that has sensitive personal information like you were Leatherman in Texas Chainsaw Massacre.
- Try to break yourself of the habit of sharing every waking thought; special life moment; the itinerary of your family vacation; the picture of your new credit card and license or selfie with your newest car, diamond ring or piece of art (sorry Kim & Kylie); stream of consciousness (Donald, please pay attention); or, play-by-play of every bar or restaurant you are patronizing on any given night with everyone in your Twitterverse or Facebook community.
- Never click on any link that doesn’t look right.
- Never respond to a text message without further investigation.
Monitor Your Money
- Make sure to get a free copy of your credit report from each of the major credit reporting agencies at least once a year (some states permit more than one) at AnnualCreditReport.com. When you review your report(s), be particularly sensitive to tradelines that don’t look right or collection accounts with businesses that you have never heard of. If you discover any information that is inaccurate or incomplete, immediately notify the credit reporting agencies and ask that it be investigated. If you discover fraudulent activity, contact the fraud department of one of the credit bureaus and ask for a fraud alert to be put on your file. They will electronically notify the others.
- Use sites like Credit.com to access a free overview of your credit and get two free credit scores updated monthly to make sure that there are no significant changes, which might be an indication that you are a victim of identity theft.
- Check your credit and bank accounts on a daily basis to confirm that every transaction is appropriate and correct. If you see a charge you can’t remember or are sure isn’t yours, immediately contact your financial institution.
- Sign up for free transactional monitoring programs that are offered by your credit union, bank or credit card issuer that notify you of any activity in your accounts. Financial institutions don’t always catch fraudulent transactions because (among other things) stolen credit and debit cards are being sold on the Dark Web by ZIP code. To the bank it might seem like a legitimate transaction because it was done in the area where you live or work, but to you it could be a screaming red flag.
- Consider purchasing more sophisticated credit and fraud monitoring programs that will track and notify you of questionable activity — not only in your credit profile but also regarding your personal information. Remember, you need to know when someone is in the process of subtly changing your PII as they must recreate you to convince a third party that they are you. While it is possible for you to do much of this yourself, chances are you have a day job that you also need to attend to. To an identity thief, you are their day job.
Manage the Damage
Identity thieves have become far more sophisticated, breaches have become more plentiful (can you say Target, Home Depot, Neiman Marcus, Anthem, Premera, Carefirst, the Office of Personnel Management and Ashley Madison?) and the direct and collateral damage has become harder to detect and more difficult to unravel. Well over 1 billion files — much containing sensitive or very sensitive personal information — have been improperly accessed in the past few years. Chances your information, despite your best efforts, is now out there and in the possession of someone whose vocation is to exploit your data for their personal gain. The ravages of identity theft go far beyond dollars and cents – criminal, medical, tax-related fraud to name a few.
So, what can you do if you see signs that you’ve become a victim? Notify the authorities, who can create an identity theft incident report you can use to straighten out your credit and identity issues down the road. You may want to consider freezing or placing a fraud alert on your credit as well, depending on what’s been compromised.
Many organizations (insurance companies, banks, credit unions, employers, universities) have programs in place to help their clients, customers, policy holders or members navigate the treacherous waters of an identity incident. You may already be enrolled in such a program but you won’t know unless you either read the fine print or ask. So call your insurance agent, banker, customer service rep or the HR department where you work and ask: if they offer such assistance as a perk of your relationship; are you in it; if it’s free; and, if not, what’s the cost?
Never forget – the ultimate guardian of the consumer is the consumer and no one has a bigger stake in protecting your economic security and well-being than you.
Adam Levin is chairman and founder of CyberScout and Credit.com, where this story originally ran. It is an Op/Ed contribution and does not necessarily represent the views of the company or its partners.