Are You Protecting Your Personal Financial Information?
6 Steps to Better Security
A number of data breaches in major companies have hit the news in recent months. It's alarming to hear that criminal hackers stole the usernames and passwords of 450,000 Yahoo email accounts, for example, or that millions of Sony PlayStation accounts were compromised. Such events alarm us because they seem beyond our control. However, most identity theft and theft of financial information occur because victims didn't take simple steps to protect their personal and financial information. In this report, I give you six simple steps that can help you achieve better security.
The Foundation for All These Steps—Install Security Software on All Devices.
Most consumers use computers and mobile devices to conduct the business of daily life. This goes well beyond managing family finances to include purchasing items and services. We also use them for finding information and having fun. Appropriate security software can protect against viruses and malware designed to steal information. For mobile devices, the best security programs also help you protect data even if the device is lost or stolen. Freebies exist, but in general more protections and updates are offered by programs you purchase. A web search of "computer security software reviews" or "security software reviews for mobile devices" will lead you to recent evaluations.
- Use Strong Passwords and Protect Them
Do you use the same password for multiple online accounts or services? Has it been more than a year since you changed passwords? Do you use personal information like date of birth, mother's maiden name or a pet's name as a password? Do you write down passwords and leave them in obvious places such as your address book or on a handy sticky note or stored in an online file? Answering yes to any or all of these questions increases your vulnerability to hackers and hacking programs.
For more secure passwords, use at least 8 characters, use a combination of letters and numbers, use both upper and lower case (if allowed by the site) and never use personal information, dictionary words or in-order number sequences. 10 Rules for Creating a Hacker-Resistant Password from the Privacy Rights Clearinghouse provides excellent tips to help you develop a system to create effective and easy-to-remember passwords. If you have too many passwords to remember, consider an encryption program. You may also wish to keep a written list in a secure place at home.
- Never Give Out Any Personal Information in Response to Unsolicited Request
Every day brings scam "phishing" emails to my inbox and fraudulent "smishing" texts to my phone. You probably get them, too. The bait may be something "free" like a sweepstake "win" or appear to be a message from a financial institution or company that you do business with. Scammers use the mail, email, websites, and phones to reach you. How do you tell what's real and what's not?
The answer is simple: if any unsolicited communication in any form—email, mail, phone, social media—asks for personal information such as Social Security number, birth date, credit card numbers, and so on, do not respond. Even if the caller or email says something such as "your account has been locked" or implies that you face penalty of law if you don't respond, don't respond to the email or click on any links; don't answer the caller. (Both these examples are currently popular ploys.) If you think the concern may be genuine, contact the business independently using a verified means.
- Manage Your Accounts Online Where Appropriate
Studies show that managing financial and other business accounts on line is safer than using snail mail and checks—if you have up-to-date security software on your computer and mobile devices. You can receive statements by email, pay by online bill pay, and use direct deposit for paychecks and pension or investment income. You can also check your accounts regularly between statements. Some documents with your personal financial information will continue to arrive by mail; so always shred documents with any account or personal information before throwing them out. Don't store documents with personal information on your computer unless you have it password protected. Don't store personal information online unless it is properly secured and encrypted.
- Monitor Your Accounts Regularly
Monitoring your financial accounts such as checking/debit card accounts and credit card accounts at least weekly allows you to spot potential fraud quickly. The largest category of identity theft results from stolen credit card numbers and their fraudulent use. Personally, I like to check my major accounts almost daily. Before I finish my first cup of coffee, I'm done.
Also check your credit report at least annually. Criminals often use stolen personal information to open new credit card accounts or to apply for other loans, even mortgages. So take advantage of your right to one free credit report each year to spot fraudulent or inaccurate information. You can obtain one report each from Equifax, Experian, and TransUnion (the big three credit reporting agencies). Use www.annualcreditreport.com (the only official site) or call (877) 322-8228. If you spot trouble, you can request a free fraud alert or, in many states, a credit freeze (fees usually apply). I spread my requests out so that I check a report from one of the credit reporting agencies every four months.
- Check Out All Computer Programs and Smartphone Apps Before Downloading
Criminals like to download viruses or other malware to your computer for the purpose of capturing personal and financial information. A popular way to get you to do this unknowingly is to embed the malware into downloadable computer programs or apps for mobile devices. The criminals are also working constantly to design malware to avoid security programs. So what's your best defense? Never download any software or app (even if a friend recommends it) without researching it independently. Most dangerous downloads and ploys are exposed in reputable web reviews or blogs.
- Stay Alert for Security Breaches at Companies or Services You Use
Finally, what can you do about those security breaches that happen outside your control in various businesses and financial institutions that are supposed to keep your data safe? The first thing you can do is stay alert. The Identity Theft Resource Center (ITRC) publishes a report on data breaches at least twice a year. You can check out the ITRC reports for 2012 (through June) and 2011.
For even more timely information, set up an alert for "consumer data security breaches" in your favorite news browser.
The ITRC also found that companies were becoming less transparent when informing consumers of security breaches. So it can be hard to know what is happening. How to Deal with a Security Breach, again from the Privacy Rights Clearinghouse, can help you determine what to do if you suspect a security breach may involve your account.
Taking a Little Time Now for Vigilance Can Save You Big Later
Making sure you are using all the protections I've discussed may sound like a hassle. But how much time do you think it takes to get things straightened out if you are a victim of identity fraud or identity theft? How much does it cost? I've seen estimates ranging from 30 hours and $500 per identity crime to hundreds of hours over a year and thousands of dollars. So it makes sense to take an hour or two now to take these steps for greater security, doesn't it?
For More Information
- Privacy in the Age of the Smartphone from the Privacy Rights Clearinghouse
- Coping with Identity Theft: Reducing the Risk of Fraud from Privacy Rights Clearinghouse for many more tips on how to increase security
- Fighting Back Against Identity Theft, a resource site from the Federal Trade Commission (FTC)