Last week, the giant credit reporting firm Equifax announced hackers stole personally identifiable information (PII) from 143 million credit records. This morning, the U.S. Security & Exchange Commission (SEC), the government agency which oversees the stock market exchanges, disclosed a security breach against their EDGAR system which may have allowed hackers to profit from inside, non-public information. (http://www.foxnews.com/us/2017/09/21/sec-says-hack-may-have-led-to-illegal-wall-street-profits.html). Why is this important to you, and what can be done about it?
Why Should You Protect Your Information?
In the information age, information is like gold. It IS wealth. (see blog post I wrote in June: How Wealth Has Changed: Land—-> Industry—-> Information). Just as you would protect your gold or money, you should protect your information.
With your information, a hacker can open credit accounts in your name, affecting your credit rating. When they don’t pay those loans back, debt collectors will be knocking on YOUR door, garnishing YOUR paycheck, and repossessing YOUR car! Hackers can use your information to access your medical records. If you have a disease such as AIDS and you wish to keep that information private, a hacker could utilize that information to extort funds, threatening to post that information on the internet until you pay them. Hackers can use personal information to access private accounts, gaining access to compromising photos, and again use that information to extort a payoff (as happened with actress Jennifer Lawrence). Hackers can use your information to reset your Facebook or email account passwords, taking over your communication accounts, and posting information you don’t want posted.
When you have a car stolen, it can be returned once it’s found. When information is stolen and published, there is no way to return it. It is out on the internet forever! And if your credit is ruined because of hacked information, it is extremely costly and time consuming to repair.
Steps You Can Take To Protect Yourself
You can’t control Equifax. But you can control what you do. Here are a few such ideas:
- Periodically change your passwords, perhaps every 3 to 6 months. Change passwords you use at your bank, your insurance companies, your internet account, your school accounts, your social media accounts, and anywhere else. If that information is hacked and published, this simple act will render the published information unusable.
- Use different passwords for different kinds of sensitive accounts. Access to your bank account should be better protected that access to the high school parent portal used to publish grades. A hacker knows that people often use the same passwords across multiple systems. If the parent portal is less guarded, wouldn’t it be easier to hack into that system and get your bank password from there? Your bank password should NEVER be the same as that for a less sensitive system.
- NEVER share your passwords with your kids, or ANYONE else who you are not 100% certain cannot be trusted to protect that information. Kids, even college age kids, do not understand the importance of protecting information. While meaning no harm, they are often careless with your information, writing it down somewhere, and leaving the paper or their purse/wallet behind. Or, they store it on their phone, and leave their phone behind. Again, once information is published, it can never be returned. Also keep in mind that just because someone can be trusted now, it doesn’t mean they can be trusted later! Couples in romantic relationships tend to behave very differently before a breakup, versus after.
- Regularly check your credit reports. The credit bureaus allow 1 free annual check. If you see something irregular, file a challenge to the information. The credit bureaus are legally obligated to correct or remove inaccurate information.
- Stay away from porn sites on the internet. Hackers know nearly everyone browses pornography from time to time. These are most visited sites on the internet. These sites can incorporate software which captures data from your computer, including things like password lists. When you use the internet, limit your browsing to well known internet sites. Those companies are well aware of internet risks, and often have protections in place. They won’t be scanning your computer looking for private information.
- Limit who you do business with. Relationships by default require an exchange of information. If you limit who you relate to, or do business with, you also limit the frequency with which sensitive information is exposed. Is it really necessary to have 12 social media accounts? Is it necessary to browse 23 different porn sites? Or can you accomplish your goals with just one? Do you need 7 different credit cards? Or will one or two suffice?
- Drive an older car! Newer cars collect VAST amounts of information about you. They track where you have been, when you were there, how fast you were going, and when you hit the brakes. The cars today have built-in Wi-Fi portals which are often not well secured. The cars themselves can be controlled remotely, and your personal information as the owner is likely registered in the electronics of the car. All of this can be hacked.
- Avoid buying internet-connected devices such as refrigerators, front door locks, and thermostats, and garage door openers. These connect to your home Wi-Fi, and through the device, a hacker can gain access to full computers in your home, where you keep sensitive information. Did you know you can hack into a business network through the office printer? That’s right! A printer is a computer, just like any other. They don’t have the same security though as other computers on the network. The same goes for home-based connected devices.
The bottom line is to realize that your information is wealth to a hacker. I just read that a single good credit card number is worth about $12 in the black market. If someone steals just 1000 of these, that’s $12,000 of profit. Protect your information just as you would your money, if not more!
Steps The Government Should Take
The next thing that needs to happen is rules need to be established in society governing information. Right now, it’s the wild west. Companies are generally careless with information because of ignorance, and because it is costly to protect it. If it comes to making an investment to protect information, which offers no profit, or making an investment in new stores which shows an immediate return, the corporation will always opt to leave information at risk.
My thought is that laws should indicate that YOU own the information about you. You own your own picture or image, bank account number, or whatever information is considered to have a reasonable expectation of privacy. There is a difference of your picture being taken on an open street, versus one taken in the privacy of your bedroom. Today, the company that collects the information owns it. If you owned the information, it would provide a capability of holding the company more legally liable for breaches.
I also think a law should be passed which totally bans companies from sharing private information among themselves. Equifax didn’t get your information from you. They got it from your bank! If a doctor shares your information with another doctor, they can be sued. But your medical insurance companies swap such information all the time, similar to the way banks do through the credit bureaus. If you owned your information, they would not be able to do this.
What about credit bureaus? How would you check credit? Credit bureaus are a sham! Just because I fail to pay one bill (perhaps over a dispute), it doesn’t mean I will fail to pay others. A bank can just as easily call your employer to check your employment, as they can by checking the credit bureau. Credit bureaus today collect information on your debts, your driving record, your employment, your home addresses, your criminal background, and your insurance. Insurance companies check your debt repayment practices to decide whether you are a good driver to get insurance! To that I ask why? If I fail to pay a credit card or a mortgage payment, it doesn’t mean I am more likely to have an accident! There is no reason for credit bureaus to even exist!
The best way to protect something like information from being stolen is to not have it. Something you don’t have cannot be stolen. Laws which limit the collection and distribution of information are what is needed, along with stiff penalties for those who are careless with the trust they are given.