What do JPMorgan Chase, Home Depot, Michaels Stores, Target, Dairy Queen, and now Equifax all have in common? They’ve all been hacked and your info could have been compromised.  If you missed the news Equifax released last week that 143 million people were impacted from the recent hack.    What should you do? 4 steps to take today to protect your business data and 5 steps to protect your personal data.

The Equifax breach exposed information, including Social Security, driver’s license, and credit card numbers, that could be very valuable to bad actors and potentially more damaging to consumers.  There is a ton of information that was compromised in this hack that will no likely impact most Americans. Based on probability it is highly likely you could be impacted.

As a small business owner or individual how am I supposed to protect my own data, my company data, and my clients’ data if companies as large as Chase, Equifax, Home Depot, etc.. are unable to prevent an attack?

I outlined 4 simple steps everyone should take today to better protect yourself.  These are above and beyond the basics like not clicking on an e-mail claiming to be your long lost cousin who has been waiting to find you to give you a million dollars!

These steps are critical for anyone especially real estate professionals (mortgage brokers, realtors, title companies, etc…) since they routinely see sensitive borrower and seller information for a transaction

  1.  Use Dual Authentication: Dual authentication requires two passwords to allow a user access. This should be used on all business and personal accounts. For example, to log into one our banks we put in a user name and a text is sent to us with a unique passcode, the passcode is entered from the text and then we are able to enter in our password. The majority of systems now utilize this methodology from banks to service providers.  To setup, it is usually as simple as requesting it from the provider. Having dual authentication almost eliminates the issue of a password being stolen since the hacker would also need your cell phone.
  2. Encrypt: Encryption basically encodes a drive that is unreadable without a “key”.   This is one of the strongest forms of data security.  In layman’s terms it makes the drive unreadable without the proper password. For example, if a laptop was stolen and the drive was encrypted, the data is protected.  Everyone with a laptop should encrypt their drive.  There is a free file encryption in Windows 8 (called Bitlocker) that is easy to use, hardly noticeable and just needs to be activated with a few simple steps.
  3. Do not use public hotspots: Many times when you are out in public (think Starbucks, McDonalds, hotels) you need to get online and these locations offer free internet connections.  What a bargain, right? Unfortunately, as a user on a free open network, your data is susceptible.  Last weekend I was at a conference, I went to get online and there were three “guest” networks available.  One could easily be a person next door that setup a network labeled guest.  If I connect to that network they can skim any data I am sending. So what do you do?  Turn on the hotspot on your phone and give it a unique name.  This way you know you are connecting to a trusted network
  4. Protect your cell phone with a password:  This seems like a no brainer, but amazing how frequently people don’t take this basic step.  As professionals, I’m assuming most people have email on their phones, and emails often include sensitive information.  Along with protecting your laptop, ensure you use the passcode on your phone.  There is also a setting on iPhones to erase the phone data after 10 failed attempts.

5 additional steps to take for your personal protection

  1. Make sure you actually look at all your accounts every month. A few years ago I found a fraudulent charge made in another state that I have not traveled to.  I had to cancel the CC and get a new number.
  2. Setup alerts: I have alerts on my bank and credit cards to e-mail me if there is any transaction over 100 dollars.  This will give me a heads up if something has been compromised.
  3. Get a credit card that offers a free credit score every month: Discover, Bank of America, etc.. are just a few that I have used.  Every month look at your credit score and see if there are any changes, if your info has been compromised you should see a pretty immediate impact on your score
  4. Get an insurance policy that provides identity theft protection. Fortunately, I haven’t had to use the policy once
  5. The FTC setup a website to help people who have been compromised: There is additional information/help on their sitehttps://www.consumer.ftc.gov/articles/0279-extended-fraud-alerts-and-credit-freezes .  I put this as the last item since I’m not sure how good putting a fraud alert is on your credit.  In the Equifax hack, people had disputed their account were more likely to have their information compromised.

 

It is imperative that everyone take basic steps to protect their data and their client’s data.   Hopefully you can prevent data loss on the front end.  But you or your business might still get compromised due to 3rd party providers (like Equifax).  By taking these simple steps, you can hopefully mitigate the loss from having your information stolen.

 

Sources:

  1. https://www.consumer.ftc.gov/articles/0279-extended-fraud-alerts-and-credit-freezes
  2. https://www.bloomberg.com/news/articles/2017-09-07/equifax-says-cyber-intrusion-affected-143-million-customers
  3. http://www.cnn.com/2017/09/11/opinions/dont-complain-to-equifax-demand-government-act-opinion-schneier/index.html