There’s no security in the digital world, so be smart
The message is clear: No matter who you are or where you work, your personal information is no longer safe. But being a smart digital citizen can protect you from cyber fraud.
You may not be on Facebook or post cute pictures of chipmunks on Instagram and yet hackers can still get hold of your social security number, date of birth, and home address. That's because employers keep all this information online, and they are frequently hacked. Even the U.S. government is vulnerable as evidenced by Office of Personnel Management’s recent high-profile data breach that compromised the data of more than 4 million current and former federal employees. The thefts began as far back as late last year and include extensive personal information used to obtain security clearances.
Once considered impervious to hacks, even Apple users are said to be vulnerable. A security researcher recently uncovered a fundamental flaw in the company's basic computer firmware that could allow mischief makers to infect a system when it wakes up from sleep mode.
The consequences of these hacks and potential attacks can be severe for individuals. I can report from personal experience that it can take 6 months to clear up cases of fraud and identity theft, with affidavits and endless forms to fill out. And even after you have sorted out the fake credit cards and other attempts at digital malfeasance, years later security checks by employers and customs officials can turn up false reports identifying you as a criminal or security risk.
So these digital thefts are no small matter. Consequently, you need to be on your guard- constantly.
The primary aim of stealing personal information, like that in the Office of Personnel Management hack, is to use it in so-called phishing attacks. These are generally emails or text messages that try to trick you into, for example, checking into your bank account or resetting your password for a particular account. Phishing attacks work when they are personalized - a message from a trusted friend or relative or one that uses a legitimate bank account number -- thanks to information gleaned in previous hacks, such as the information stolen about government employees.
Another safeguard - and admittedly a major inconvenience - is to keep your software up to date. That means checking the Web browser you use, as well as programs such as Adobe Acrobat, Flash, and Oracle's Java, for regular downloads and updates. Older versions often contain well-known security holes that are regularly exploited by even amateur hackers.
Finally, you should monitor your personal credit information and don't rely on someone else to do it for you. You can go to the three main agencies - Equifax, Experian and TransUnion - and get a free report. If you stagger your requests among the three throughout the year, you can get a better picture of your credit health.
You can also note that someone has stolen your personal information and have fraud alerts filed at the agencies. In my experience, even though the credit reporting agencies say they will alert the others, this does not always happen. Consequently, you need to call all three yourself. Note also that these alerts will only warn you about suspect activity for 90 days. In some states, you can actually have your account frozen, but you may have to pay for the privilege.
The downside to this last line of defense is that it means you cannot apply for instant credit during that time (because the application will have to be confirmed by you). On the other hand, it's a small price to pay in terms of convenience compared to what it could ultimately cost you in terms of money and inconvenience down the road.
No comments: