You can’t protect what you don’t have immediate control over.
Over and over again this principle plays out when we see yet another ‘Breaking News’ banner flash across our TV and mobile device screens. The latest blockbuster breach of private data was consumer credit giant Equifax. Their CEO, Richard Smith, said in a press release1 that the company was made aware of the breach in July and has been investigating ever since.
The presser states in part:
“…approximately 143 million customers…includ(ing) names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents”
Basically everything someone needs to become you was stolen from an information warehouse that was, at one time, widely considered to be secure.
As I mentioned in my previous article, Breached, there are innumerable avenues by which your personally identifiable information (PII) can be compromised. In today’s day and age it is a near certainty that some part of your electronic identity will be stolen due to lax adherence to industry standard information security protocols.
So what can you can reduce your target profile and limit one account breach from pivoting into two or three or even more?
- Change your passwords and don’t use the same password on more than one account or website.
- Use strong passwords that are at least 12 characters long; ensure they include numbers, upper and lower case letters, and special characters2.
- Use a password manager such as Lastpass, Dashlane, or 1Password.
- Enable two-factor authentication with every account and app that supports it. A good list of accounts and resources can be found here.
- Disable password hints. These answers can generally be obtained through basic open-source intelligence (OSI) gathering such as Facebook, Instagram, LinkedIn, etc. If a service or website requires you to use password hints, use information that wouldn’t be easily obtained. Lie if you have to – remember, it’s there to make things easy to reset and that can be easily turned into ‘easy to compromise’.
- If you feel you may be the victim of identity theft, consider contacting the credit bureaus to initiate a credit freeze.
And, while you’re at it, consider placing a freeze on your minor kids’ credit; their data is a potential gold mine for fraudsters as someone who is 13 likely won’t be pulling their credit reports for the foreseeable future. Imagine your son or daughter’s surprise when he or she apply for an auto loan after graduating from college only to learn their credit score is 302 and they have missed all their payments on that Fingerhut credit card they never signed up for.
I’m now going to shamelessly borrow from Brian Krebs’s Rules for Staying Safe Online:
Rule 1: “If you didn’t go looking for it, don’t install it.” Simply put, never click an attachment from an unknown source or download something unsolicited. If you intend to install a program, go to the publisher’s website and download it directly from them.
Rule 2: “If you installed it, update it.” Attackers are constantly searching for ways into your computer and software that hasn’t been updated is a great way in. Ensure that your programs are up to date and have the latest patches and versions running.
Rule 3: “If you no longer need it, remove it.” Do you have unused software on your computer or apps on your phone or tablet? If you do, get rid of them. They tend to place a burden on your system by using memory, taking up space, and providing avenues of attack into your system that – since you aren’t using the app or program any more – are 100% unnecessary.
The Equifax breach is simply the latest in a long string of huge attacks on your privacy. Target3, Sony4, Sally Beauty Supply5 and countless others have been compromised along the way resulting in hundreds of millions of pieces of information in the hands of nefarious criminals. Limit their ability to hurt you by taking a few minutes to secure yourself the same way you lock your house doors and buckle your seat.
Meanwhile, go forth and internet on.