Practical Cybersecurity

Effectively managing your wealth requires that you protect your identity and faithfully guard against cyber threats. No longer can you afford to sit idly by and hope that you aren’t compromised in some fashion. Fortunately, a solid defense against cyber criminals is simple to build and easy to maintain.

For starters, understand what identity thieves are after: enough information about you that they can piece together to exploit your identity. Typically, cyber criminals need a combination of your first and last name and some other personally identifiable information (PII), such as your Social Security Number, driver’s license, passport number or credit card with security code. In the context of this conversation, we distinguish between the theft of your identity and fraud. While both are criminal activities designed to rob you, we differentiate between them in this manner:

  • Cyber theft of your identity is covert, done without your assistance.

  • Fraud, however, requires your unwitting cooperation. You are, in fact, a participant in the act of perpetrating the fraud against you. We are limiting the scope of this paper to cyber theft, deliberately leaving fraud for a future discussion.

With this in mind, carefully and deliberately limit the information you make available in the ether. Appreciate the daily all-out assault on your identify and recognize your need to vigorously discriminate to whom you provide your personal information. Build your defense against cyber criminals in depth, focusing on your behavior and a variety of easy to use tools.

To help you practice effective cyber identity hygiene, here are some actions we encourage.

  1. Be careful of disseminating your personal information. Personal information should be treated as a “need to know” basis; be very cautious of who needs to know. Guard against posting identifying information about yourself in social media.
  2. Protect your Social Security Number. Be stingy in providing it, always asking why it is needed. Keep your Social Security card securely stored; don’t carry it on you. Review your Social Security Earnings and Benefits statement annually for accuracy. Use this link to access your SS statement online.
  3. Use strong passwords and change them every ninety days. Do not save them to the browser. Strong passwords include:
    • 8 or more digits; upper and lower case letters; special characters and numbers.
    • Password padding-intentionally lengthening your password-is helpful. The idea of password padding is simply to add characters to the end of a password. For example, add eight # signs to your eight character password making it 16 characters long. Length in passwords is better than complexity.
    • Don’t share your passwords with other people. If you write your passwords down, be careful of where you store that piece of paper!
    • Consider using a password manager. It is not good to use the same password for multiple locations. Password managers, such as LastPass, LogMeOnce and 1U Password, eliminate your need to create and remember all of the passwords required to function in the modern world. PC Magazine is one source that ranks password managers; find it on Google.
    • Whenever possible, use dual-factor authentication. For example, you enter your password and the site sends you a text message with an authentication code that must be entered before log-in is complete.
  4. Keep your computer applications such as antivirus software up to date. Also keep your home router up-to-date.
  5. For online services, such as bank accounts and credit cards, select the appropriate security settings. This is also true for the security settings on your computer.
  6. Destroy documents with personally identifying information with a cross-cut shredder.
  7. Periodically review your credit card accounts for:
    • Unauthorized transactions or activities.
    • Recurring charges that are no longer legitimate or inaccurate (i.e. annual renewal of computer software).
    • The interest rate: is it consistent with your credit score. Periodically call and ask for a better rate.
    • Availability of FICO scores.
  8. The Free Credit Reporting Act (FCRA) stipulates that the three major credit agencies provide you with a free copy of your credit report once a year. Reviewing your credit report routinely assists you in insuring the accuracy of your report as well as protecting against identify theft. We recommend that every four months you request a copy of your report from a different agency. In this manner, you can monitor what each agency has on file about you and you stay more closely attuned to what’s happening in your file. Under the law, only annualcreditreport.com is required to fulfill the requests for free credit reports. To get started, go here. Simply follow the instructions on this website. You should not be asked to pay for these reports. IF you are asked to provide a form of payment such as a credit card—STOP—you are not making your request properly!
  9. Establish credit freezes with the credit reporting agencies. A Credit Freeze locks your credit file and only with approval and a pin can the freeze be © 2017 Johnson & White Wealth Management, LL C lifted. The credit agency may charge a fee to establish and remove or temporarily suspend a credit freeze, so verify the details with each agency before initiating.
  10. Always use password protected WiFi at home. Do not use unsecure public Wi-Fi when away from home.

Another line in your defense in depth against cyber bad guys are the opt-out services. FCRA, the same law that provides us with free credit reports, also allow us the right to opt-out of free-credit checks. You may do so by going to the following website. Or, call 888-5-OPTOUT. Choices for opting out include five years or permanently.

Don’t forget to periodically clean out your sent folder as well. Be wary of clicking on links in emails. Rather, go directly to the website of the vendor that sent you the email.

In the Blog section of our website (www.johnsonandwhite.com), we have added a section entitled, “Resource Links.” By clicking on the link in which you are interested, you will automatically go to that website.

A Note About Credit Monitoring Services

Identity theft and credit monitoring services don’t prevent the compromise of your identity or credit. They can act as an early warning or alert system to unwanted activity and will facilitate a restoration of your identity if compromised. As part of their monitoring activities, they may look at court records and the National Change of Address database. Perhaps, most importantly, they may troll the black market on the internet where cyber thieves sell identifying information.

These services can be helpful but may also be costly. Many of the precautions listed herein go a long way in deterring the efforts of would-be cyber assailants.

An internet search of “identify theft monitoring service reviews” produces an abundance of research on this subject.