How to protect your personal information
Six ways to keep hackers, scam artists, and identity thieves at bay
- Information Security & Fraud
With the Equifax breach still making headlines, it can feel like no personal or financial information is completely safe and secure. If big corporations can get hacked, is there any hope for the rest of us in our private lives?
The answer is “yes” says Kimani Dinga, Vice President, Information Security at Boston Private. But you must be vigilant — and avoid situations where you may be vulnerable to people who will take advantage of any information you leave unprotected and available.
If you’re on the Web, you’re at risk
As the techniques used by hackers, cyber thieves, and online con artists continue to evolve and become more sophisticated, you need to be on alert and careful. “There are so many different ways that we’re being attacked now versus 15 years ago when you only connected to the internet either from your laptop or your desktop computer,” says Dinga. “Now, everything connects to the internet and most of these devices are not tested for vulnerabilities or safety concerns prior to being released.” Another way to look at this, he says, is to ask yourself: “How would you feel if cars were manufactured and sold without going through rigorous safety tests?”
In fact, recent research found a 16% increase in identity fraud and theft cases in 2016 from the previous year. In that study, digitally connected consumers who frequently shopped online and shared activity on social networks were 30% more likely to be fraud victims.
So, wherever you are — at home or at work, on the golf course or in the coffee shop — and whatever device you’re using — your TV, cell phone, tablet, thermostat, even your refrigerator — “if you connect to the internet, you’re a target. That’s the bottom line,” he cautions.
Beware of quick actions that make you more vulnerable
What is it about being online that makes us such vulnerable targets? One factor is the speed and ease with which we receive and process information in today’s world.
“Often we’re so busy and we’re consuming information so quickly, that we don’t stop to think about where it might have come from,” says Dinga. “That’s where cyber criminals can take advantage of you because they know you may not be paying close attention and you’re just going to click the link. And all it takes is one click, sometimes, to compromise your information.&rdquo
His suggestion: “Slow down a little bit, stop, and think. The information is not going anywhere.” To avoid the tendency to quickly click on a questionable link if you recognize the sender, he recommends:
- calling the sender to verify that he or she sent the email, or
- copying the link into your browser to see if it takes you to a legitimate site, or
- “hovering” your cursor over the link to view the destination and make sure it’s valid, as shown in the illustration below.
Hovering over a link in an email can help you determine whether the link might be a fraudulent one that could introduce a virus or gain access to personal information on your device.
Adding to our tendency to consume information quickly is the increasing focus by many application and game developers on ways to continuously engage us, getting us so hooked on a new app or game that we can’t bear to put our phones down, and we feel compelled to read every message. “Better to be discriminating about what items you respond to than to put your information in jeopardy,” says Dinga.
How social engineering can prey on your trust
Another behavior that can put your personal information in jeopardy is the natural tendency to trust other people with whom we feel a connection. “This is where social engineering plays a huge role,” says Dinga. He defines social engineering as an opportunity for people to extract information from you to use against you. “They tap into your instincts to be friendly and socialize, then collect information they can use to engineer an attack,” he explains.
According to Dinga, “Social engineering can happen anywhere. You can be at a golf course or at a supermarket. In the past, you might have had innocent conversations. But now, because information is so valuable, people will use social engineering to target you and your data.”
“For example, let’s say you’re in a public place while talking with your colleagues about a new investment. Your adversaries may pick up non-public information that they can use for their own profit. Or you could be chatting with someone and mention that you are taking a vacation in two weeks. If you also mention where you live, they can come back and burglarize your residence.&rdquo
The solution? “Be very careful what you say wherever you are. Not just on social media,” he says.
Whether it’s in a business or a personal setting, be on the lookout for people who may using your good intentions and generosity against you. Trust your gut instincts. “Always remember that information is an extremely valuable asset, but in the wrong hands it can have a devastating impact,” cautions Dinga.
Sadly, once an identity thief or fraudster obtains your personal information, such as your Social Security number, your account numbers, your age, and your address, you may no longer be recognized as the legitimate owner of that information. As a result, you may be unable to gain access to your accounts and property, you could have medical services unexpectedly denied, and you could lose significant amounts of time, money, and opportunities due to damage control. Depending on the sensitivity of the information, you may also leave yourself open to coercion or blackmail.
What you should and should NOT do
Dinga offers six overall cautions—as well as specific steps—to protect your information so only authorized parties have access to it.
1. When interacting with others, be on guard for “social engineering.”
- Don’t provide personal information to unknown/suspicious callers.
- If unsure, never volunteer information even with colleagues you work with.
- Don’t allow anyone to collect sensitive documents you’ve printed.
- Don’t post your location or travel plans on social media forums.
2. Be careful when using “smart” devices.
- Power off when not in use.
- Avoid connecting to public Wi-Fi or unknown Guest networks.
- When possible, password protect all smart devices.
- Use multifactor authentication (password + pin, password + pattern lock, pin + fingerprint scan).
- Cover web cameras and microphones when not in use.
3. Protect data on portable devices and drives.
- Always encrypt sensitive data on portable storage devices.
- Before disposing of or returning any device, ensure all data is fully removed.
- Store and lock devices (laptops, smartphones, etc.) out of plain site when in public.
4. Exercise caution when using Cloud storage.
- Encrypt all personal data before storing in the cloud.
- Verify which devices/people require access to your cloud account.
- Keep a local backup copy of your data even if it has been backed up to the cloud.
5. Handle personal documents with care.
- Fully destroy all personal documents when no longer needed (financial, medical and other records) by burning or shredding.
- Secure all sensitive documents when traveling overseas.
6. Slow down when responding to your email and online messages.
If an email seems suspicious, delete it without opening any attachments or links within it.
Avoid clicking on standalone links even if they appear to be from a friend. (“Most friends and coworkers will not send a bare link without some explanation around it,” says Dinga.)
As for the Equifax breach, Dinga recommends freezing your accounts at the three main credit reporting agencies so no one gets access to your personal or financial information unless you know about it. “Just be sure you don’t a have a major loan in the works where the information may be needed,” says Dinga. Of course, you can always unfreeze your accounts in the future for a particular financial transaction.
For more information, check out the Federal Trade Commission (FTC) FAQ page on initiating a credit freeze.
1 - Source: 2017 Identity Fraud Study, Javelin Strategy & Research. https://www.javelinstrategy.com/sites/default/files/17-1001J-2017-LL-Identity-Fraud-Hits-Record-Highs-Javelin.pdf
The opinions expressed and information contained in this article are given in good faith, may be subject to change without notice, and are as of the date issued. The accuracy and completeness of this information is not guaranteed. Since each client’s situation is unique, please review your specific investment objectives, risk tolerance and liquidity needs with your advisor before a suitable investment strategy can be selected.
- Information Security & Fraud