The Equifax breach has helped to foster a “new normal” of cybercrime vulnerability for all of us. This blog post delineates crucial first moves you should be prioritizing to help ensure that your private information and finances remain secure.
It has been over one month since Equifax announced the major cybersecurity attack on their system and the subsequent breach of sensitive personal data of more than 140 million Americans.
It may be tempting to postpone addressing the long-term impact the Equifax hack may have on you.
We will be writing a series of articles designed to help you make sense of the importance of this event on your financial life and the critical steps you need to take to safeguard yourself and your family in the future.
First, given that the Equifax data breach included names, addresses and Social Security numbers for a significant amount of the American population, everyone should recognize that this will make it easier for other hackers and criminals to engage in cybercrime in the future. Since the U.S. government will not re-issue Social Security numbers except in extreme circumstances, this means that your personally identifiable information may be permanently on sale to criminals.
Now that hackers may have sensitive personal information on your identity, their next target could be to contact your bank or other financial institutions to see if they can extract money from your account. By answering the right challenge questions to a call center representative (“Can you verify your Social Security number?” or “What’s your home address?”), a hacker may very well be able to impersonate you and direct money out of your account.
One of your first tasks should be to strengthen your online accounts and financial accounts with as much security as possible. Some institutions offer more security options than others, and determining if your current bank and/or brokerage account offers adequate security should be evaluated. You may have heard the term two-factor, or multi-factor authentication. This refers to a system for online accounts that requires more than one login verification for you to gain access. This provides additional security for your account and should be utilized whenever possible. It can’t guarantee you won’t be hacked, but it will go a long way toward making it much more difficult for a would-be hacker.
Another goal should be to change any account passwords that are easy to guess (i.e., “password,” “12345,” etc.) with ones that are complex and unique with a combination of numbers, symbols, and upper- and lower-case letters (i.e., 13MD!Siyx@$$). HH’s David Koch took a detailed look at this issue in his blog post “Privacy in the Digital Age: The Keys to the Castle.”
This may sound daunting, but there are password manager applications that can help you store these passwords securely. In addition, you should ask the banks and other financial institutions with which you do business whether they can put a verbal password on file for you that will be required for calls to their customer service centers. This can be a critical line of defense against identify-theft attempts.
Since hackers may attempt to hack your email and reset your online passcodes to gain access to your accounts, your effort should extend to securing your personal email accounts as well. We suggest that you strongly consider using only email providers that offer two-factor authentication, such as Gmail or Microsoft’s Outlook.
Yahoo mail offers two-factor authentication, but it’s worth noting that a data breach in 2013 impacted all of its three billion accounts. We strongly recommended that you discontinue using any email services that don’t offer two-factor authentication as soon as possible, given the ease of hacking attempts. Likewise, your social media accounts like Facebook and Twitter should be secured using the same methods.
If you have many online user accounts, this is not going to be a small effort, but we can’t emphasize enough the importance of securing your digital presence.
We recommend starting with these integral first moves to address your most immediate vulnerabilities. We will be writing additional articles detailing next steps to take after tackling your basic account security.
Please reach out to your service team with any questions or comments.
Nothing contained in this publication is intended to constitute legal, tax, securities, or investment advice, nor an opinion regarding the appropriateness of any investment, nor a solicitation of any type. The general information contained in this publication should not be acted upon without obtaining specific legal, tax, and investment advice from a licensed professional.