Rarely a week goes by when we don’t hear about a new data breach or a friend or acquaintance having their identity stolen. While it may seem like a new problem, it’s not. Identity theft has been around for decades. However, today, our increasingly digital lives leave us more vulnerable to this issue than ever before. As cybercriminals become more and more sophisticated, the way to defend yourself and your valuable data assets is to get smart about Internet security and identity theft.
Toward that goal, we welcomed a great group of clients to a wonderful Lunch & Learn session at Paul Martin’s Grill last week. Joining us was my friend Dan Skiles, who is currently the president of Shareholders Service Group. Dan generously shared his insights into why protecting your identity matters, as well as some important steps to help reduce your online risk.
My concern about identity theft comes both from my role as every client’s financial gatekeeper and from my first-hand experience with the issue more than a decade ago.
I remember it all too vividly: I had just walked in the door from work when my phone rang. On the other end of the line was a Nordstrom rep inquiring about my unpaid bill. The first words out of my mouth were, “Of course I’ve paid my bill. I always pay my bill!” While my head was still spinning wondering what had gone wrong, the rep was already going the extra mile by checking my credit report. (You gotta love Nordstrom service!) The news wasn’t good: In recent weeks, “I” had opened multiple new lines of credit, including two new credit cards and a loan application. I was shocked that it had been so easy for someone to access my identity, my credit and, in essence, my money.
Immediately, I began the process of reporting the fraud and trying to reclaim my credit identity, but even more damage had been done. That was made crystal clear when a process server showed up at my office and handed me an eviction notice for my house in Del Mar. The issue: I didn’t own a house in Del Mar—then or ever.
In those days, long before nearly every aspect of our lives had become digital, it was most common that victims of identity theft had close contact with the thief. A relative or someone else who had been in the victim’s home was able to gain access to private information and use it to their advantage. Today, that information is no longer stored in private files or a safe deposit box. Now our most private information is stored online with banks, credit card companies, and mortgage lenders. It’s even for sale! There is actually a black market for personal data where criminals can buy all the information they need to steal your identity—just $1,200 for your full identity, $30 for your social security number, and $11 for your date of birth. Even worse, many people unwittingly give away their information for free by clicking on spam emails, logging in to crossword puzzles and games, or accepting ‘free’ online offers.
The best things in life may be free, but not one of them is offered for free online! Knowing that fact is just a first step in making your information hard to get—which should be your first goal when it comes to protecting yourself from the threat of identity theft. Here are a few of the other steps that Dan recommended during our Lunch & Learn:
- Create secure passwords. Don’t use the same passwords for different accounts, and don’t be honest about your security questions! (How many people know where you went to high school or what kind of car you drive?) Have a system that makes sense to you (and only you) and create unique passwords that are illogical and hard to guess. Even better, use an app like LastPass that generates complex passwords, stores them for you, and simplifies access from every device.
- Use Multi-factor Authentication (MFA). If an online app (Facebook, Twitter) or your bank offers MFA, use it! When you log in, the app will take another step to verify your identity. Answer a security question (that you’ve deliberately made tricky). Receive a text with a confirmation code. Do whatever it takes to help online services confirm that you are, in fact, you.
- Stop clicking on phishing emails! Phishing emails have one goal: to gain fraudulent access to your personal information directly from you. They may include offers (yes, lots of ‘free’ stuff), ‘urgent’ messages from the IRS or your bank, or even a vague note from a friend telling you to watch their new favorite video. Don’t do it. The IRS will never contact you via email (or phone for that matter), and the only thing you risk missing out on is, perhaps, the cutest cat photo ever. Instead, resist temptation, and keep your passwords, your Apple ID, and your credit card information to yourself. If you're concerned that your bank or credit card company really does need to reach you, call them and ask. And, of course, install reputable anti-virus software on your computer and keep it up to date at all times.
- Remove your personal data from the web. Start by stopping companies like Facebook, Google, and online stores from tracking you to collect personal data. Review each company’s privacy statement and follow the guidelines to keep your data private. If you need help, consider using a service like Abine’s Delete Me that combs the web to delete data and minimize your online footprint.
The sooner you take control of your digital identity, the better. Cybercriminals are already able to hack into servers that we expect to be secure. Equifax, Yahoo, and Target are just a few of the biggest hacks in recent years. New technologies like 5G, advanced biometrics, artificial intelligence, and quantum encryption and communication should all help keep your information more secure in the future. But until then, rather than getting paranoid and living off the grid, get smart. Start with Dan’s simple steps, stay informed about changes in identity protection, and stop clicking on things. Just stop. Cybercriminals are smart, but by getting smart about identity theft, you can be sure your data—and your assets—are safe for decades to come.