.jpg)
Over the past few years we have all become accustomed to the news of major data hacking events. From Target to the Federal Government, it seems like almost a constant stream of privacy violations originating with the very companies we trust with our most important facts and figures. And still, there was a collective gasp when Equifax, one of the three major credit reporting agencies, announced last week that they had been the victim of a hack which compromised the security of more than 143 million Americans (almost 50% of the country).
First, a point of reference: Equifax (along with its competitors Experian and TransUnion) keep track of the detailed financial affairs of all Americans for the purpose of understanding their risk when borrowing money. That means that they are basically a storage house for the most personal and sensitive information for the entire adult population of this country. So whether or not you have ever directly done business with Equifax, it is certainly safe to assume that you were part of this hack.
While Equifax has laid out steps you can take to see if you were personally affected (visit www.equifaxsecurity2017.com) and is working to remedy the breach for those they can identify as having been impacted, this event leaves many questions in its wake—specifically around how you can do a better job protecting yourself, when others cannot.
Let's be clear. If you are the victim of identity theft, it is important that you find out as early as possible. The more time that passes, the more damage that can be done. And the resolution process can take years.
The first, and most important, step you can take is to better control your credit. Many people choose to use a service like LifeLock, an identity theft protection service that notifies you if there is activity with your personal information. Subscriptions cost between $120 and $360 per year, and certainly cause some additional hassle and inconvenience when you ARE applying for credit or a loan, but I promise you that this hassle and inconvenience is a drop in the bucket compared to the trauma of being a victim of identity theft.
If you are not in a position or are not inclined to spend that kind of money, there is another option. You can freeze your credit with all three credit reporting agencies, which will prevent anyone from accessing your credit without your explicit permission. The fee for each agency will range from $5–$10, and will cause similar inconvenience to something like LifeLock or another credit monitoring service, but will provide some additional protection. For more information, visit https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs.
There are other steps you can take in your everyday life to help prevent criminals from accessing your information. The best place to start is with your email address. Your email address is your information hub and the gateway to your personal data. Where possible, enable two-factor authentication such as text notification or mobile device authenticator apps. Remember that these physical two-factor authentication techniques are significantly more effective than knowledge-based ones (mother's maiden name, best friend when you were young). In today's world, we need to assume our data is out there, rendering these types of techniques useless on their own.
Next, stay away from opening your email or other password-protected websites (credit cards, bank portals, etc.) on an unsecured, open-wifi network. These types of networks are hotbeds for criminal hackers. Use them to surf the internet, check movie listings, even to change your fantasy football lineup. But not for email or any other activities for which you wouldn't want a total stranger looking over your shoulder.
Finally, distrust and verify. Criminals thrive on human behavior. I cannot tell you how many calls I have gotten from panicked clients who gave their personal information to someone because they were told they could forgive their student loans; or that the IRS was coming after them; or because their computer had been hacked and they needed to fix it ASAP. All bogus urgency designed to get you to simply hand over the keys to your kingdom. The government doesn't call you to tell you your student loans don't need to be paid. The IRS does not operate out of a P.O. Box in Des Moines, Iowa. And Apple tech support doesn't need your social security number to fix your computer. If it seems a little fishy, it probably is.
The unfortunate truth about this Equifax hack is that it really didn't make any of us less safe. The overwhelming likelihood is that each of us could already have found our information swimming around the dark web and criminal underground, and this hack is just a reminder of the frustrating times we live in when it comes to information security. That said, we cannot be naïve. While the raw material can be stolen by algorithms or other software, it needs a human on the other side to turn that data into real, stolen assets.
And where humans are the problem, humans are the answer. No one cares about your personal information more than you do. So YOU need to be your biggest advocate and first line of defense by taking actionable steps to reduce your risk.