Feel like a number?
I do, especially after learning that I am one of the 143 million (about half of all adult Americans) who was digitally violated. Chances are that your digits are in the wrong hands now, too!
Numerically, the Equifax hack ranks 5th in terms of the number of affected "users" (data-speak for "people"). Yet I submit that it is the mother of all hacks, the holy grail, for internet villains. It trumps the others in the sheer utility of the data (it's too early to ascertain the damage from the Deloitte hack, which certainly chagrins one of the globe's largest security consultancies, waiting nearly a year to report it). Equifax, TransUnion, and Experian house the DNA of our digital identities beginning with that which never changes -- date of birth, drivers license number, maiden name, and social security number; and ongoing chronology of our addresses, employers, every credit card account and loan opened, even the make & model of every vehicle financed. To top it off, the Fair Isaac Corporation (FICO) keeps scoring us in the bizarre range of 300 to 850 (I suppose 300 because nobody wants to be a zero; that or to retain a sense of mystery and the associated monopoly on performing a single calculation for millions of users, er, people).
Do you recall opting in to allowing these three to collect, record, report, and sell your developing digital identity? Probably not, but just about every prospective employer, landlord, and of course, lending institution will have you sign a 6-font form that authorizes the reporting of such data. Anymore, it's impossible to avoid. Resistance is futile, all will be assimilated.
Google the Equifax hack and most resulting articles will repeat similar recommendations about checking your credit reports, monitoring your accounts, placing a fraud alert or freeze on your files at the big three, and subscribing to one of the monitoring services that the offending institution provides free to the "affected users." Not bad advice, but inadequate in my view.
Ponder this: Criminals have all that they need to digitally masquerade as you and me! What are we going to do about it? Demand the government to help? If you've ever had a government security clearance, as I once did, you're painfully aware of the June 2015 hack of the Office of Personnel Management. Six months after the hack they mailed me a letter to let me know. Six months! It contained a special code with which I could register for "protection." And on that day the USPS mis-delivered to me the same notice addressed to a different person who lived across town! Yes, I made sure it ended up in the correct hands. You're welcome, Uncle Sam.
Unless you're a particularly juicy target, the cyber villains will attempt to rob you and me as part of a systematic, algorithmic attack. One of the keys to mass success is our email addresses, which are commonly usernames or at least the first question on the Forgot Password page of an account login. Email addresses are simple to find, mainly because of their high degree of usage.
- Establish a new, non-descript (contains no names, birth dates, graduation dates, etc.) email address. Don't use if for anything but your sensitive accounts, especially those listed on your Experian, TransUnion, and Equifax records. Don't send it to anyone including yourself, i.e. your utilitarian email address(es).
- Set up 2-factor identification for logging into that email account. Have the primary option be to your cell phone. You can use an app like DUO or Microsoft Authenticator to make it easier to acknowledge rather than entering a long code.
- Make sure the institution only has that email address on record so it is not sending confirmations, etc. to any other email.
- Secure all points of access beginning with your phone. You can encrypt your entire phone and it really doesn’t slow it down. Set up a decent PW and use thumbprint or pattern to open it up. Learn how to shut down or even wipe your phone should you lose it.
- Encrypt your PCs. If your OS is Windows 10 (which is bloatware & spyware, sigh...) you need Pro to get Bitlocker and costs $100. There are probably free options now – consider open architecture like Veracrypt so Big Brother doesn’t have a back door.
- Once your PC or phone is unlocked the data are vulnerable. Don’t use public WiFi unless you do VPN. Did you know that for $100 anyone can buy a device that can hack into any WiFi? Really!
- Use a PW manager so that all your important logins have robust, unique PWs.
- Put a canary token and honeypot on your PCs.
- Keep your social media posts social without broadcasting personal details that toss keys to villains.
- File your taxes as soon as possible after receiving the necessary information.
Just like it's not possible to keep a determined thief from entering one's home, it's not possible to prevent a determined cyber crook from cracking one's accounts. But we can plug our vulnerabilities to malicious mass attacks because, unfortunately, there will be plenty of susceptible, unsuspecting prey. About 143 million. Will you be one of them?
DISCLAIMER: The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy or position of Global View Capital Advisors, LTD of any of its affiliates.