I am participating in Drexel University's Certificate Program for Cyber Security Policy and Law. As part of our conversations this part quarter, we discussed what actions people can take to minimize the risk of identity theft. I thought it might be useful to share the highlights of some of our thoughts.
There are many steps people can take to safeguard their identity; although there is no ironclad guarantee it will be safe. Some of these actions also parallel actions you can take to protect your company's information as well.
1) Use strong passwords, ideally at least 8 characters mixing upper& lower case and numbers in the mix. A standard in the industry is to construct a sentence and use a specific letter of each word substituting with numbers as appropriate. Also remember to change logins and passwords frequently. And don't use the same password for everything. Yes, it is easy. For the bad actors as well!
2) Ensure that you are behind a firewall. Select a provider whom you trust or if you are more technically savvy, also implement your own. Ideally that firewall is robust with IDPS and multi-layered.
3) Implement all patches and upgrades immediately upon release, particularly when they contain security upgrades.
4) Install and keep current anti-virus S/W and anti-malware S/W.
5) Safeguard your Personal Information (PI) such as bank statements, SSN, credit card numbers.
- shred all PI documents before disposing of them. You also might want to consider shredding all snail mail envelops with your name and address on them.
- carefully check your monthly bank statements and credit card statements for anomalies. If one arises deal with instantly even if it is only $1. If statements are skipped or late, check into the reason. Sometimes the $1 charge is a way to see if you are paying attention. And if you do nothing, the false charges escalate. Also sometimes bad actors can change your mailing address without your knowledge.
- check your credit reports periodically to ensure all is in order
- only carry essential information and credit cards with you. Keep all the rest in a safe place.
- don't give PI on the telephone unless you initiate the call and you are sure of the people/ organization on the other end. Be on the alert for phishing scams. If people ask for PI, ask for a phone number to call them back, then check it our first. Frequently they will simply hang up on you. And that's okay too.
- take steps to ensure that others with access to your PI also safeguard it and keep it safe. This applies to all companies small, medium and large.
- when engaging in on-line services a few suggestions: pay with credit cards as there may be greater protection; don't check PI on public Wi-Fi connections. Wait until you get to a secure place; delete all history and don't let web sites keep your login so it's easy for you. Always type in your user name and password yourself; be careful about sharing too much on social networking sites. It's amazing what people can construct about you with the information that we give out about ourselves.
- you can also get RFID protectors for your credits cards and other important cards, so no one can use an RFID scanner in close proximity to you and obtain your info (credit card numbers, passport numbers, bank notes etc.).
6) Consider limiting your on-line footprint. Utilize social media with care.
7) When you dispose of electronic equipment, either burn it, or physically destroy it so the disks can't be accessed and information compromised. Remember that today many or most printers and faxes are actually computers; they store information. When you dispose of them treat them like a computer.
8) If you have a heightened concern there are services out there in the marketplace that will help you protect your identity as well.
9) One last thought if you can find a practical and effective way to encrypt your personal data; that's a good idea as well.
I hope you found this helpful. As always please reach out to us if you would like to discuss in more detail.