It’s that time of year! Online shopping will spike through the holidays and identity thieves and scammers will be on the prowl to take advantage. Thinking about all the ways our identities are at risk in today’s digital world is certainly stomach-churning. When it comes to how much the digital world is part of our every day lives, securing your personal and family information is right up there with securing your home and wearing your seatbelt.
I have the good fortune to have as partners and friends two leading industry experts in the Information Security space – Mark Egan. During a call with our communications manager, Jules Andres, I asked them all what they did to protect their personal information. As Mark was going over his checklist, I heard Jules say, “I think I’m going to throw up.” Hence the title of this post. While Jules is diligent about her online activity, she was realizing some of the simple security steps she had missed.
To guard your online information and identity like a CISO, here are some key actions the experts do to lock down their personal data and guard against identity theft.
Long passwords. Use long passwords with a minimum of 15 characters for any online financial transactions or websites with sensitive information. The length of a password is crucial because there are tools that can crunch passwords of up to 14 characters and crack just about anything. But (for now), their limit is 15 characters. You don’t need to go crazy with hard-to-remember symbols. Simple phrases are fine, as long as they are at least 15 characters long. “Uselongpasswords” is a good example.
Two-factor authentication. Use two-factor authentication for online financial transactions, as most organizations offer this service and this includes using password (first factor), in addition to unique code that is sent to you (second factor).
Password managers. Encryption is the key, so use a password manager that stores passwords in an encrypted file. Many people also change their passwords regularly. There is some debate on the benefit vs the cost and time of this, so if this is not comfortable for you, you can still manage your risks by using long passwords, different for each site, and focus on locking down the sites where the consequences of identity theft are higher.
Lock down your credit. Recent changes in federal law following the Equifax breach have made freezing your credit easier than you might think, and it’s free. Request a credit freeze with the three credit agencies (links listed below). They will give you a PIN that will let you unlock your credit file when you are expecting a credit check, and relock the file after the lender has confirmed your credit. Most of the time it’s locked and the credit agencies won’t provide reports to anyone, and you minimize the risk of being victimized.
- Equifax: www.equifax.com/personal/credit-report-services/
- Experian: www.experian.com/freeze
- TransUnion: www.transunion.com/credit-freeze
Don’t use debit cards online. EVER. However you choose pay for online transactions, be sure to use a credit card for the final settlement. Do not ever link your bank account or debit card to an online transaction. Federal regulations are different for credit cards compared to debit cards, and if someone makes unauthorized purchases on your credit card, you won’t be on the hook. The rules are very different for debit cards and direct charges to your bank account.
Think before you click (or answer an unknown phone number). Phishing and phone scams are on the rise. Why? Because they work. Scammers are getting better at their nefarious craft, so be cautious. Phishing emails can sometimes have an email or website link that is just one letter off, so be diligent about clicking links. If get a call from the IRS, a utility provider, or the Social Security administration about an account being either locked or past due, just hang up or call them back directly with any questions. Remember, if there is an issue those legitimate entities will not ask you to provide personal information over the phone since they already have it, or don’t need it.
Being the victim of identity theft myself several years ago when a fraudulent tax return was filed with the IRS, I recommend signing up for a credit protection service. The credit protection services monitor your personal information, provide alerts for questionable activity and know how to clean up the messes if an identity thief uses your information. The value of these services is realized after you have been victimized, much like traditional insurance.
A few simple changes to your online security strategies can make a big difference, and help you keep your lunch down.
Author:
Reed Kingston 2019