By: Tim O’Pry | Chief Security Officer
Some may believe that if they restrict their personal use of the Internet they can limit what information about them can be stolen. After all, if we don’t post anything on social media or order anything online, we have nothing to worry about, right? While this might seem logical, unfortunately, it is naïve and inaccurate. While judicious use of the Internet and following our Top 3 ½ Things To Do / Three Things Not Do will limit your potential direct losses (your mistakes), nothing will protect you from the carelessness of others.
The Equifax hack of 2017 remains the largest publicly known loss of U.S. consumer personal information, but there are many others that either do not make national news or more disconcertingly have yet to be discovered. In late April 2019, independent security researchers discovered a treasure trove of personal information on 80 million Americans freely accessible on the Internet. No hacking skills were required, the information was easily available to anyone who wanted to look. (More details here)
There are thousands of entities worldwide that have been gathering our personal data for decades, long before the World Wide Web (the 90s) and the value of this data is in the billions. Information brokers buy, sell, and rent this information, and unfortunately, some do not protect it very well—or in some cases, at all. While governments may pass laws to try and control it, the reality is that the genie has been out of the bottle for so long, there is no legislation that will force it back in.
We as consumers and U.S. citizens need to accept that not only will we never know what type of information may have been collected on us (some of which may be inaccurate) we also have no way to know who has this information nor how it may be used. What, if anything can we do? Sadly, very little other than to take the initiative and proactively and regularly monitor what we can. For the average non-celebrity, the most likely usage of personal information will be to try and steal from you, by either accessing your financial accounts directly or opening new accounts in your name—then sticking you with the bill. Since you cannot stop them from attempting it nor a vendor from mistakenly allowing them to do so, it is up to you to catch and report it quickly to mitigate the possible loss and damage.
Our mobile devices and the apps on them can track not only what we do but where we do it (sometimes without our knowing it). Google maintains a rather detailed history of everywhere we go and how long we are there and until recently kept that data—forever. While you could manually delete this data, most were unaware of this feature or the extent of the tracking. If you have a Google account, I suggest you familiarize yourself with these settings (more details here). Personally, I do like the information and features provided by this service, but I do want to limit how long it is retained. As such, I welcome this new ability to auto-purge my data.
Recommendations:
- Create a FREE Credit Karma account OR sign up for one of the paid plans with any of the three credit bureaus that will help you monitor your credit. If anyone tries to open an account in your name, either of these should give you a heads up. We DO NOT recommend LifeLock.
- Turn on any and all notifications that are offered by the financial services you use (banks, credit cards, stock brokers, etc.). If you see something unusual, follow-up. It’s your money and your responsibility.
- Consider a Credit Freeze or a Credit lock (more information here)
- If you use Google, review the tracking data they have about you. You may be shocked (and a little freaked out). There are some benefits to it, but everyone should at least be aware of what is being tracked and make a personal decision if it is right for them.
We know our information is out there. What we don’t know is who has it now nor who will get in the future nor what they may do with it. Take control and responsibility for your digital data by monitoring your accounts.
If you have a cybersecurity-related issue or questions, we are here to help: cybersecurity@hensslerfinancial.com