The following is a guest post from Mike at Miked Up Blog.
I had an email stop me completely in my tracks last week… I probably receive over 100 emails a day and this is the first one I can remember that made me stop what I was doing, re-read the text twice, and then take a deep breath. The emails reason for being? "After a search of the dark web, we found your email address and [other personal information] listed in multiple locations. Your person data are at risk. You should act quickly…” (that’s paraphrased)
And if this was one of the statements that were usually followed with - “Click here to buy our awesome product and you’ll be protected!!” I wouldn’t have given this email a second thought… But, unfortunately for me, that was not the case. Immediately following the Experian breach, I searched out a credit monitoring service, made a purchase, and started taking the steps to protect my personal information.
If I hadn’t completed the steps in my list below, my personal data could be floating out all over the dark web without me even knowing about it… That’s terrifying… But do you know what’s worse? More of my data could be at risk and even though I’ve paid for a monitoring service - I still may never know.
That’s why I take it upon myself to just assume all of my personal information is exposed… At all times.
So what are we to do - live in fear? Not quite… My personal philosophy is to take all reasonable and necessary precautions available so that we can continue living life as normal - just with a nice kit of body armor around our sensitive personal information.
In order to fight against being blindsided by stolen identity or financial fraud, these are the steps I take to keep my financial life as safe as possible:
Passwords (The Brains)
1- Use a different password for every account, change passwords frequently, and set up a password manager system
This isn’t 2005 anymore and the excuse of, “I can’t remember all of those passwords!!” May sound nice when it leaves your lips - but it doesn’t do you justice when it comes to protecting your accounts.
You know those passwords that certain sites make you create…? The ones with capital letters, symbols, and more than 11 total characters? Yeah - you need to be using a unique one of those for every password that’s protecting one of your accounts.
To take it a step further, you should be changing those passwords up at least quarterly… And, if we’re being honest, probably monthly.
Is that going to get confusing? Hell yes, it will. So that’s why I keep a list of our passwords for every account in a digital place that is secure and at the same time easily accessible to my wife and I. And when I do our regular password updates, it’s a simple edit for each account - then we can move on with our day and not have to worry about remembering a thing (as long as we have the key to the list, that is).
Where you keep that list is entirely up to you. And while I’m not going to divulge all of my secrets here, I will say that there are multiple free options in addition to specific products that are paid for and can address your needs. Either way - this (detailed) Step 1 is a must-do.
2- Use passcodes for your devices
Admittedly, this may be a review for the majority of readers… Regardless - it needs to be stated: Whether your passcode is of the biometric, numerical, or linear variety, every device you use should be protected by something.
What if your phone was stolen? What would they have access to? I could ask the same question for your laptop, tablet, or just about any other device you use on a regular basis. Using a passcode may be a hassle, but it’s sacrificing minimal time from your day and providing a disproportionately high rate of return - in the form of data protection.
3- Use Two-Factor Authentication
This is something that I honestly hated when it was first rolled out by my banking apps, but given a little more time - two-factor authentication (2FA) is an effective way to add an extra layer of protection to your financial data. Rather than just requiring a password or biometric check, 2FA takes your login a step further by sending a separate code to your phone or email (for example) that then needs to be inputted in order for you to successfully log on.
And as I said, the process was clunky and time-consuming in this instant gratification world I’ve become accustomed to, however, by requiring a separate passcode that is sent to a different device or location - you are making it considerably more difficult for evil-doers to gain access to your accounts. This way, if your password is compromised, a hacker would still need to obtain this second (and independent) code to gain access.
I’d rather walk the tightrope while having the safety net in place… And once you get familiar with taking this extra step to login, there isn’t much extra effort required on your part.
Physical Security (The Muscle)
I’m not talking about bodyguards here. Although, if you’re hiring… (I know a guy)
4- Don’t do business on community wi-fi
When you’re at the coffee shop and excited that you used an excellent frugal tip to score free coffee via a coupon, don’t get complacent about keeping your financial information protected. Sure the complimentary wi-fi is convenient - but it’s also incredibly dangerous. Just like it was easy for you to gain access, it is equally easy for someone to see, use, and steal your actions over that public internet connection.
As a best practice, I do not use complimentary wi-fi connections in general. However, if you are more adventurous, you’d be wise to only perform superficial tasks over public wi-fi. Browse the internet, check Twitter, etc. And if you’re in a position where you need to send a few emails or login to an account, it’d be wise to do so using a VPN - which routes your connection through a server and hides your actions. It’s not full-proof, but it’s definitely a step in the right direction.
5- Physically secure your devices
The strategy here is akin to age-old strategies of staying alert and taking good general precautions while traveling… And basically anytime you are on the go with a device or away from the home (where your devices are), there is a good range of options to put into use to physically secure your devices. Because it’s one thing for someone to hack into your computer and access your keystrokes, it’s another for someone to just grab your device and effectively eliminate the need for sophisticated hacking.
There will eventually be a post on this topic but great general precautions are to stay organized, alert, and flexible when on the go. Meaning - don’t carry more than what you can handle with a backpack, keep your hands free, keep the cell phone in your pocket and you’re head up and eyes open, etc… Self-defense starts with a general air of, “I’m not vulnerable and I know what’s going on around me.”
When you’re away from the home, there are many different alarm or monitoring services that you could use, you could install a safe, keep devices out of plain view from windows or other points of entry, in addition to many other tactics.
You’ve probably heard that “A chain is only as strong as it’s weakest link.” Take time to examine every link of your chain then fortify the weak spots. Many small positive changes can lead to big results.
6- Shred your statements and other sensitive paperwork (that you no longer need)
You may think, “Nobody is desperate enough to go through my garbage…” But my day job in the criminal justice field will show you that there isn’t much that folks aren’t capable of. In essence, you’d be surprised what people will do to get more money.
While one document may not hold the keys to your financial castle when you piece together a bank statement with your water bill and anything from a cable provider… suddenly someone is able to start piecing together a decent picture of your sensitive personal information.
That’s why it’s always best practice to shred your old documents. Or, we’ll gather the kids around the campfire in the spring and fall, and use those old papers as kindling to get the fire started. Protecting yourself and making awesome memories - priceless.
7- Don’t give out your social security number without already having closed the deal
Let’s say you’re shopping around 4 different dealerships for a new car. And while you’re trying to decide whether to lease a new car or buy either way - the dealers are each trying to close the deal. And each time that one of those dealers ‘pulls your credit’ they’re issuing you a little ding on your report - and thereby reducing your credit score. If you’re trying to boost your credit score, that’s not a good idea.
More than just keeping your credit score in good shape, letting various merchants ‘pull your credit’ to see if you’re an attractive borrower is risky. Why? Because by giving each of those businesses your social security number, you’re just giving out the most vital number in your financial profile to more people that don’t necessarily need to see it - and, unfortunately, may not be a reliable steward of your data. Are they ‘probably reputable’? Maybe. But why risk it? I don’t
That’s why, when, “We’ll check your credit” comes up in a financial discussion - I reply with:
“My credit is excellent and you’ll have to take my word for it until we close the deal.” Then rather than spreading my SSN out to 4 different dealerships across town, I decide definitively where I’ll buy that car from and if I need to finance any portion of the vehicle - only then will I divulge my SSN. And even still, I’m pretty reluctant to give my SSN out.
Your Digital Footprint (The Discipline)
8- Consider locking your credit
If you’re someone who isn’t likely to need a new line of credit anytime soon, locking your credit is a great idea. By locking your credit, you are essentially eliminating the opportunity for some unknown individual to open a new line of credit in your name (without your knowledge or blessing).
After the Experian breach, I took to locking my credit for 3 main reasons:
- I was concerned that my data were vulnerable
- Locking my credit wouldn’t allow anyone to open any accounts in my name because my credit was - “locked"
- I would be notified if anyone tried to open a new account or line of credit in my name
It’s a great way to get ahead of a financial sinkhole. While locking your credit alone won’t completely prevent your financial information from being compromised, it’s a great way to prevent you from ending up with a mountain of debt and unknown financial ruin.
9- Save a little for the imagination on the social media profile(s)
You know all those “security questions” that your financial institutions make you answer when setting up accounts these days… Mother’s maiden name - Best friend in high school - Street you grew up on, etc.
Well, if you’re one of the types who don’t mind sharing anything and everything via your social media profiles, the security question piece will be one part of the puzzle your neighborhood friendly hacker won’t have to work too hard for. So leave a little for the imagination and try to dial back the information shared via social.
10- Be cynical about incoming email
It’s not just a rogue link you shouldn’t click or an attachment that is better left unopened - both from some strange and unknown email address. No. These day’s there are emails coming from senders that appear to be familiar or at least someone who may reasonably send you an email once in a while. For those seemingly familiar senders, you may click a link or open an attachment without a second thought.
However, hackers have the ability to impersonate or “spoof” an email address to show the recipient that an email is coming from a fake origin (e.g. your local bank, alma mater, or a buddy you haven’t heard from in a while).
A great way to get around this issue is to either call the person to verify the email is legitimate or, rather than clicking on the link, retyping the link into your web browser. This way, you ensure the link will take you to the location you intend it to.
11- Regularly monitor your accounts and credit report
This practice has become part of my morning ritual for the last few years. I’ll wake up, check our accounts to verify there are no charges I don’t recognize, use the free credit report checker that my lender has, and then go on about my day.
If there is a transaction I don’t recognize or an issue that comes up, I’ll investigate, get it resolved, then head out for my morning workout.
It’s a quick 3 minutes to give our finances a general checkup, and I don’t know about you but I prefer to have the peace of mind rather than to find out something went wrong last month when I finally get the statement in my inbox.
What about you? Are there regular tactics you use to safeguard your financial information that I didn’t list or do you use some of the tactics I’ve mentioned here? Let us know in the comments below and we’ll keep the discussion moving!
Great article! Financial data security is too often overlooked and ignoring it could be the worst possible decision!!! Thanks for spreading awareness with these tips :)
Posted by: Desmond Bucky | November 27, 2018 at 11:25 PM
Why are you answering those "security" questions accurately? Answer them with a secure password, or some other response that only you would know. And each site has a different response. So two sites asking "What is your mother's maiden name?" will have different responses.
Posted by: Michael Clark | November 28, 2018 at 06:06 PM