Cyberattacks and What You Can Do to Protect Yourself
Acumen Wealth Advisors is dedicated to serving our relationships with an emphasis on confidentially and data security. In today’s digital environment with so many data breaches and cyberattacks, it is a significant challenge for individuals and businesses to keep confidential information safe. As you may have already heard, Equifax, one of the three U.S. credit reporting agencies, has recently been subjected to a cyberattack. This cyberattack exposed the sensitive information of 143 million American consumers including social security numbers, dates of birth, and driver’s license numbers. You are most likely affected. This data is extremely personal and could be used against people to whom it belongs. Most troubling about this attack is this information was stolen from a company collecting our information without our express consent. Our team has been researching the breach and looking for methods to help clients. We found the following ways you may wish to respond to this attack along with options and reminders to protect yourself.
- Enroll in complementary identity theft protection and credit file monitoring services (offered free for one year from Equifax) at https://www.equifaxsecurity2017.com/enroll/.
- Keep in mind, a year of free monitoring is a good start, but thieves could have your information for years to come. Be vigilant even after the initial year has ended. You can decide if you’d like to pay for the service once the first year has ended or take alternative steps to protect your identity.
- There is confusion regarding the enrollment for Equifax’s credit-monitoring service. You may have heard you cannot join any class action lawsuit against the company by signing up for this service. The terms of service for Equifax’s credit monitoring service, TrustedID Premier, say users give up their right to participate in a class action lawsuit or arbitration. However, those who sign up for TrustedID Premier do not give up their right to participate in a class action lawsuit or arbitration against Equifax over the 2017 data breach. Based on the scope of the attack and the protection from this service, we recommend signing up now. The link again is https://www.equifaxsecurity2017.com/enroll/.
- Several Acumen employees already monitor their credit using free credit services such as Credit Karma or paid services such as LifeLock. The advantage of these types of services is they allow you to check your credit often and proactively alert you of credit changes. One disadvantage is you are sharing information with yet another third party and there is no guarantee your information is not shared with advertisers or won’t also be hacked. We would encourage clients to research and read the fine print before signing on to any credit site. We do feel the sites mentioned are effective ways to help protect and monitor your credit information. More information about identity theft protection services can be found at https://www.consumer.ftc.gov/articles/0235-identity-theft-protection-services.
- Since credit monitoring does not review transactions, we recommend you check your account statements and bank/credit card activity regularly for any suspicious activity. You may also consider setting up notifications or alerts on your bank account and credit cards to help catch any suspicious activity (e.g., overseas purchases, transactions exceeding a certain dollar amount, etc.).
- For those clients who don’t foresee applying for new credit, you may want to place a fraud alert or credit freeze on your credit file with each of the three credit reporting agencies (Experian and Transunion, along with Equifax). Click here for additional information on credit freezes. You may place a free fraud alert on your credit file by calling the three agencies below or visiting them online. Please note that by freezing your credit, additional complexities may arise. Applying for new credit will require you to unfreeze your reports. This procedure may take additional time and a possible nominal expense of $5 to $10 will be incurred each time you freeze or unfreeze your credit depending on the credit agency. Equifax is currently waiving that cost (as they should).
- File your taxes early. If you are eligible and receive an IRS notice CP01A, consider obtaining an IRS Identity Protection (IP) PIN number. This notice means you will receive a letter annually from the IRS with a PIN unique to your individual identity. The PIN is required to file your tax return each year, so keep this in mind if you decide to proceed with this option.
- Strengthen your passwords and update them regularly.
- Don’t use passwords that contain only words. These passwords are too easy to crack.
- Use at least eight characters. Mix special characters such as !@#$%&* in your passwords with letters and numbers. This can make the password very difficult to guess, while also making it difficult to remember, so consider using a mnemonic for your password. For example, iLpi!Wm# could mean “I like pie with milk.” Replace letters with numbers or characters like !=I, @=A, 3=E, 0 (number zero)=O (letter O), etc. A random phrase or a string of words adds complexity to your password, and both are just as easy to remember as single words.
- Use different passwords across various websites. Should a breach occur on one site, the rest of your online accounts may be at risk if you’re using the same passwords.
- Avoid using personal information in a password including your pet’s name, spouse or children’s names, hometown, college, favorite sports team, birthday, or address. Nearly 20% of all passwords involve this basic information which hackers can easily find online through outlets like social media.
- Read more about password security at http://www.techadvisory.org/2014/05/ways-to-improve-password-security/.
- When available, enroll in two-step verification for all online logins.
- Do not send sensitive information such as account numbers or social security numbers via email.
As the Chief Compliance Officer, I am here to answer any questions you may have about this issue and our firm’s efforts to protect against cyber security threats. For more information on the Equifax breach, please visit https://www.equifaxsecurity2017.com/. Our team continues to look for additional ways we can help. I have included the contact information for the three reporting agencies below. We welcome any questions you may have.
Amy R Stone
TransUnion 1-800-680-7289 https://www.transunion.com/
Experian 1-888-397-3742 https://www.experian.com/
Equifax 1-888-766-0008 https://www.equifax.com/