Monitoring, smart storage, and strong passwords will reduce your risk.
Technology is terrific! It gives you convenient 24/7 access to your finances, allows you to research products and investments, and helps you to save time and money on purchases.
At the same time, technology can sometimes leave you vulnerable, as the recent Equifax data breach illustrates. In the unusually far-reaching incident, hackers found a vulnerability on the Equifax web platform, allowing them to slip past the credit monitoring agency’s defenses. They collected sensitive personal information on as many as 143 million Americans – virtually anyone with a credit record.
Consumer data “has been put in the trust of a third party, and that third party should do everything it can to protect it,” says STCU Information Security Manager Mike Towan. “But technology is technology, and people are people. Systems can get breached or might not always get patched properly.”
While individuals can’t do much to prevent a major company from being hacked, each of us can take steps to make sure our own information as secure as possible. That reduces the risk of falling victim and helps with recovery if a breach does occur.
Be on the alert
As ominous as the Equifax breach might sound, just understanding the risks works to your advantage. It means you’re more likely to pay attention when security breaches are announced and to sign up in advance for account activity notifications or large purchase alerts. Those steps allow you to act quickly after a breach and minimize its impact.
“From a post-breach perspective, I think one of the most effective things people can do is to keep an eye on their cards, bank accounts and credit reports,” Towan says.
Generally, you can request that a card issuer set up alerts for activity on your account at no cost. However, if you want to know whenever anyone applies for credit under your name, that alert must be set up through a credit reporting agency or a service, and there’s often a fee.
For some consumers, it may make sense to freeze their credit report, Towan says. The downside: Credit freezes complicate the tasks of applying for loans, renting an apartment, and taking other actions that require a credit check. There may be a fee for temporarily lifting the freeze, and the process can take up to three days.
“Credit freezes are a good solution if you believe that there’s suspicious activity,” Towan says. “But consumers need to be aware that if they freeze their credit, it’s going to make obtaining new credit more time-consuming.”
For your eyes only.
Tips from STCU Information Security Manager Mike Towan for avoiding and mitigating data breaches:
- Monitor your account activity and sign up for transaction alerts.
- Use a unique, hard-to-guess password for each online account.
- If you use cloud storage, make sure your sensitive files aren’t being publicly shared.
- Enable multi-factor authentication, which verifies login attempts with an e-mail or text message.
- Call your card issuer immediately if you see suspicious activity.
Lock down your online accounts
In the old days, you’d keep your sensitive data locked in safe place, and you’d be cautious about who received that information. The same basic advice applies in a digital world.
“Avoid risky behaviors,” Towan says. “Don’t go to websites that might not be on the up-and-up.”
And don’t store your card number, passwords, or other critical information in an online space that’s publicly accessible,
“A lot of people are using Dropbox and similar cloud services, and not securing them properly,” Towan adds. “And there have been instances where security researchers have scanned the internet and found hundreds of things like tax returns and credit card statements. So you have to be careful where you keep your information.”
Limiting that accessibility begins with securing your online accounts with unique, strong passwords and multi-factor authentication whenever possible. A hard-to-guess password and follow-up verification might not always be convenient, but they could thwart a data thief.
“You may be inconveniencing yourself by 30 seconds up front,” Towan says. “But you could be saving yourself hour upon hour of legwork if your account is compromised.”