Wednesday, June 17, 2015

What You Should Do To Protect Your Identity If You Become Part Of A Large Scale Breach

We have often talked about online security. Taking the appropriate steps to secure your computer, mobile device, passwords, WIFI, home router, etc., will go along way towards securing your identity. Check out the Security Section of our Tech Tips to explore these. Unfortunately, no matter how careful and prepared you are personally, you cannot control the action or inaction of others. Governments (Local, State and Federal), Private Corporations, Hospitals, etc. have access to virtually all of your private information - Financial, Medical, it's there for the taking.

Most of this information is accessible across the Internet. So, you are at the mercy of others to secure it. But, as we have seen, they do a very poor job. Everyday we hear about new "Hacks and Breaches". Big Box stores, Government Agencies, Social Networks and Internet Based Companies have all been targeted by Private and Nation State Hackers. Is it, even, possible to prevent these attacks? One hundred percent mitigation is not possible, but the majority of the recent, large, compromises were due to incompetence. We have the technology to secure this data, but "best practices" were simply ignored.

Cryptographers and Security Experts know that modern encryption methods are highly effective. Records that have been properly encrypted are almost impossible to breach in any reasonable amount of time. Most of the attacks in recent years have employed simple Social Engineering - tricking, poorly trained, employees into releasing private information, in order to gain access to data. In far too many cases this data was being stored in plain text - readable by anyone. In the US, poor practices are most evident in the State and Federal Government agencies. A few years ago the South Carolina Department Of Revenue suffered a breach that exposed information on 4 million taxpayers - including Social Security Numbers. Recently, the Federal Government dropped the ball and handed the hackers 4 million personnel records. The OPM Chief Information Officer, reportedly said Encryption and data obfuscating techniques "are new capabilities that we’re building into our databases." This is an incredible statement. These techniques have been available, and in wide use, for many years. Our government agencies require private information, but are reckless and negligent when it comes to protecting it.

There is one step that everyone can take that will, immediately, give you added protection. It is somewhat inconvenient and not widely known. Freeze your Credit Files. All three of the Credit Bureaus (Equifax, Transunion and Experian) are required by law, to lock your files upon request. In some states there is a fee, but in many it is free. Freezing or Locking your Credit Files prevents anyone, except a government law enforcement agency, from accessing your file. This makes it more difficult for identity thieves to open new accounts in your name. That’s because most creditors need to see your credit report before they approve a new account. If they can’t see your file, they, generally, will not extend the credit. You will have to unlock the file anytime you apply for credit. This can be done via phone or online. It's a little inconvenient, but security and convenience are most always on opposite sides of the spectrum.

So, it's not a matter of "if" your private information will be compromised - it will eventually happen. When it does, what should you do?

The Federal Trade Comission (FTC) recently unveiled a new website, that provides a wealth of information to help, if you have become a victim of one of these breaches. The site provides simple steps designed to assist in your recovery. All of the forms, links and phone numbers that you will need are embedded in the process.

This is an excellent resource, that in spite of all of our best efforts, we may eventually need.