I wrote last week about the epidemic of identity theft. This week, again based at least in part on information provided by speakers at the 2nd Annual Government Identity Fraud Conference earlier this month, I’ll share some ways everyone can use to protect themselves from ID Theft.
First, a recap: Remember, experts tell us that with all the breaches that have occurred in the past few years, everyone’s identity has already been stolen. That means even though you have not been a victim, it doesn’t mean you won’t be. One Bulgarian ID thief/fraudster who got caught noted that they have so much data it will be years before they use up all the stolen identities already available.
And after all, the FBI reports it only costs $.35 on the dark web to purchase a real, identity!
So what can we do? Here are some ideas from the experts.
- Passcode protect everything. Don’t use obvious passwords like your dog’s name or your street address number. Instead use a passphrase that is a combination of words, numbers, and symbols at least 11 digits long.
- You say you can’t remember anything that long? Here’s a link to Morgan Wright’s free online course on setting a passphrase you can remember: www.identitysecurity.com/password. Morgan graciously provided this link to us at the conference.
- Change your passwords regularly. No, not every year, every month or so. Remember, even if one of your sites is breached and gives up usernames and passwords, they are only good until you change them. So change them regularly.
- Use a unique passphrase for each website or application. Don’t just clone that one password you can remember and use it for all your sites. Make them all unique, not just variations on a theme.
- OK, you say you can’t possibly remember all those passphrases? Neither can I. So use a password/passphrase management application. I use Dashlane, but there are many out there and they are all pretty good. Most will synch between devices. Pick your favorite.
- Make sure you are running malware protection software on all your devices. Start with your computer and then ensure you have protection on all your mobile devices.
- Make sure the operating systems on your devices are up to date. Set them to auto update. Much of every update includes software patches for known security holes in the operating systems.
- Never, ever, use a public WiFi without using a VPN connection. Public WiFi is one of the easiest pathways to your data. Few of them are secure.
- Don’t fall for spear phishing emails! Spear phishing is a targeted email sent to you that appears to be from someone you know asking a reasonable question. But they almost always want you to send them private information about yourself or others. There’s a pair of rules to live by here. First, if it doesn’t sound right — it probably isn’t. Second, if someone, even someone you know, asks you to send personal information of any kind over the open internet, before responding, contact them directly to confirm it is legitimate (calling them is best). An ounce of protection… Keep in mind that spear phishing is the number one tool for espionage and information theft.
- Finally, although there is more, take the next step in privacy protection and use 2-factor authentication. This method requires not only a password/phrase but a secondary process of answering a question or using a unique PIN. It’s not foolproof, but it is a major step forward in security. Many applications and sites now offer this option.
Remember, the Identity Theft Resource Center reports an identity is used to the detriment of the real owner every 9 seconds in the United States. Here are ten ways you can protect yourself.
Again, thanks to the good folks at the ITRC and LexisNexis Risk Solutions for the conference and to Morgan Wright and Walt Manning for their great presentations — some of their information is included in this article.
And stay tuned — there’s more!