I used to have a buddy who drove motorcycles. This particular guy had a prosthetic leg from an accident he had gotten into some years back. He patiently explained to me how he was really always careful, did all the right things, obeyed all the laws, etc., but “It’s not really about what you do… it’s about what everyone else does. And ultimately, it’s not about if you are going to lay the bike down… it’s about when and how bad it will be when it happens.”
I think the landscape of security these days is pretty much summed up right there. No matter how much you do, someone like Equifax is going to come along and leave all your private information out dangling in the breeze, and then it’s just a matter of how bad the impact will be to you, and your loved ones.
Assume you’re going to be hacked or your information is going to be compromised. Just assume it now and start doing whatever you can to manage the impact for when it does happen. Certainly, do whatever you can to prevent it, but just know that what you’re doing is reducing the likelihood that the next person who gets hit is you… but the one after that?
Some things you can do to be prepared…
- Get credit monitoring in place. (probably not from Equifax, since… well… yeah)
- Freeze your credit files at the three major credit bureaus. This can cause all kinds of challenges when you want to get loans and such, but convenience directly opposed to security. Unfortunately, this is necessary.
- Monitor bank and credit cards statements on a monthly basis to ensure all transactions are correct. Pursue any inaccuracies with haste.
- Check your credit reports free at annualcreditreport.com. (Note I didn’t hotlink that for a reason- you shouldn’t be clicking links)
And some things you can do to reduce (REDUCE) your chances of being the next one hit… (Admittedly this is a long list of some fairly complex things that are described at a very high level. Over time I’ll make an effort to create a blog entry for each, but this is a starting point). This is also NOT a complete list, but… again… it’s a start.
- Don’t provide confidential information to any third party before double and triple checking to ensure that they are who they say they are and that they absolutely need your information to proceed.
- Get and utilize a DIAMOND CUT SHREDDER. Do not ever throw out anything with any form of personally identifiable information without running through a shredder like this. The FBI is more than capable of rebuilding your documents from normal shredders in short order, so don’t think the criminals are any less so.
- Enable two factor authentication on any critical accounts and wherever possible. Try very hard to not use “text message” style methods and instead use something like Google Authenticator or Authie.
- For “security questions”, treat these like custom password fields. Do not ACTUALLY provide your mother’s maiden name- make up some crazy answer that has nothing to do with anything and record that there.
- For all security questions and passwords, store these in a password safe. A local file based one is safer, obviously, but understandably so inconvenient that many people won’t use it. In this rare case, an online centrally stored one may be an acceptable choice- particularly if you also enable two factor authentication on it.
- Try to create passwords that are more phrases than traditional passwords. Mind you, some places will not allow this, but “ZOMBIE durango warthog embroidme cowdog” is better than “LKDF2349113ffFF#@@$” any day of the week, and easier to remember by far.
- Don’t click links online. Not ever. NOT EVER. (Ok, I admit that’s REALLY tough advice to follow… heck, you probably got here from a link you clicked, right? So I would suggest starting at the cautious point of never clicking, then realizing you need to occasionally and take a step back to “think very hard before you click”)
- Don’t open attachments sent to you in email. Not ever. NOT EVER.
- Change your drivers license and other identification devices to NOT use social security numbers.
- If you feel you may be the victim of identity theft, act immediately. Call your local police station first and file a report, and then seek advice from professionals at the FTC.
Good luck out there, folks. It’s a daunting world.