With news of the massive data breach at J.P. Morgan Chase in which names, addresses, phone numbers and email addresses of 76 million households and 7 million small businesses were stolen by what appears to be Russian hackers who may or may not be affiliated with the Russian government dominating the news, it seems perfectly appropriate to wish you a happy National Cybersecurity Awareness month. As frightening as the spectre of a major American bank being vulnerable to vulnerable to such a massive data breach, you may remember that when the story broke last August of the possible data breach at J.P. Morgan Chase, reports were that there were as many as four other banks that had similarly been hacked. Now, according to a report in the New York Times, that number is actually risen to nine other major financial institutions that may have suffered data breaches at the hands of the same hackers. Therefore even if you are not a customer of J.P. Morgan Chase, you should be extra vigilant in regard to all of your financial accounts.
Now is the time to implement a eight step approach to protecting yourself from identity theft and data breaches. The first step is to change your password regularly, such as every six months. A good password has a mixture of capital letters, small letters, symbols and digits. Don’t use any word in the dictionary because hackers have computer programs that can guess your password. Instead use a phrase, such as IHate2UsePasswords!!. This is a very secure password. You should also have a separate and distinct password for each of your accounts, but you can merely adapt this basic password by adding a couple of distinguishing letters for each account. For example, you could make this your Amazon password by adding the letters “Am” at the end of your basic password so it reads IHate2UsePasswords!!Am. This is easy to remember.
You should also use dual factor authentication on your accounts when available. Dual factor identification provides you with an extra level of security by which more than a password is necessary to gain access to your account. Generally, when you log in through your password to an account a code is then sent to your smartphone which you then must input in order to access your account.
You also should change the answer to your security question to something completely nonsensical. Answering a security question is required if you forget your password or if you want to change your password. Unfortunately the answers to common security questions, such as your mother’s maiden name can be found with a little effort by an identity thief in the many places on the Internet that store personal information. So instead of the answer to your mother’s maiden name being “Jones,” change it to “Grapefruit.” No identity thief will find it or guess it and it is silly enough for you to remember.
Don’t click on links or download attachments in any email, text message or social media posting unless you have absolutely confirmed that it is legitimate. Identity thieves and hackers lure people into clicking on links in such communications that results in the victims downloading keystroke logging malware that can steal all of the information from your computer.
Don’t provide personal information over the phone to anyone whom you have not called. You can never be sure if the person calling you is legitimate regardless of how compelling the reason he or she gives for you to provide personal information. Don’t rely on your Caller ID because through a technique called “spoofing” an identity thief can make it appear that his or her call is from the IRS, your bank or some other legitimate entity. If you think the call may be legitimate, hang up and call the company or agency at a number that you know is real, not the number the caller gives you.
Review all of your accounts regularly and carefully to note the smallest charge that should not be there. Sometimes identity thieves will put regular reoccurring charges on your credit card or phone bill in the hope that you will not bother to look further into it because the charge is so small. The earlier you catch identity theft, the easier it is to deal with.
Check your credit report from each of the three major credit reporting agencies every year for evidence of fraud or even mistakes that need to be corrected. Here is the link to the only official place to get your free credit report https://www.annualcreditreport.com/index.action
Put a credit freeze on your credit report so that even if an identity thief obtains your Social Security number, he or she cannot gain access to your credit report. Yesterday’s Scam of the day contains the links to the credit reporting agencies to use to freeze your credit.