8201 Preston Road
Our firm and our industry take information security very seriously, and we hear stories regularly about how data can be breached. I find that people who don’t work in such “data-centric” industries may not be as cautious about their information, as evidenced by the amount of personal information clients tend to send electronically without encryption. While I'm confident that my clients and friends are savvy enough not to fall for telephone scams asking for money and aren't using "password" as their password, I'm also confident that identity thieves are working hard to develop the next great scam. Here are a few tips that many "secure" people often overlook:
Disposing of Old Computers and Phones
Your computer and smart phone contain a wealth of information about you, including passwords, account numbers and personal information, as well as any documents that you've created or acquired online. When you save a file, especially a large one (i.e. a tax return), the data is saved all over your hard drive in bits and pieces. To open the file, your computer assembles the pieces and rebuilds it for use. However, when you delete a file, all that disappears are the links to reconstruct the file- the data bits remain on your computer, and can be reassembled with a data recovery program.
In order to truly delete your information, you need to overwrite the data to clear it from the hard drive. You can find free utility programs online to handle this, and it should be done before you donate or recycle any computer or smart phone. If you're disposing of your computer or phone, you can always remove the hard drive and physically destroy it.
Also, if your device automatically updates to a “cloud”, make a regular practice of checking what you have in the cloud, and what files should be deleted.
Your smart phone is getting smarter and smarter, and you need to educate yourself properly to use it. Retailers are increasingly accepting mobile payments directly from your phone, using a specific app, an electronic check from your bank, or stored credit card information that you can access by merely tapping your phone on an in-store terminal. While this is increasingly easier and more convenient, it's also potentially putting your personal financial information in harm's way. With account numbers and passwords at the ready, you need to make sure that you are utilizing all of the security options available to you to keep your data secure.
First, lock your device. All smart phones have a password or fingerprint option to lock unwanted users out of your phone. While this isn't foolproof, it is your first and most basic line of security. Not surprisingly, this stops most piracy when phones are lost or stolen.
Second, research any app payment systems before using them, and only download secure systems from verified websites. Even reputable payment apps can be modified and made available from unverified websites, which can result in malware being attached to your device. Malware is short for "malicious software" and can send your account numbers and passwords to identity thieves without you being aware.
If you're using your phone to browse and shop online, avoid using public wi-fi networks. As your information is transmitted through the wi-fi, sophisticated software can detect your information and save it for identity thieves. If you still choose to use public wi-fi, disable file sharing and try to shop only through encrypted websites (they'll say ‘https’ in the address bar).
For more layers of protection, visit the store where you purchased your device, and they should be able to teach you how to maximize the existing security, and what they recommend for up-to-date best practices in information protection.
Protect Your Children
Most people are at least somewhat guarded with their personal information, and may notice when irregularities arise. Common sense, vigilance in securing passwords and the monitoring of bills and account statements go a long way to early detection of identity theft. However, for children that don't have accounts or "use" their identity, the theft of their social security numbers is on the rise.
Prevent disclosure from the beginning. Don't carry your child's social security card in your purse or wallet, in case of theft. Be protective of forms and applications that you fill out for your child. Only disclose the information necessary to obtain the service or product you seek - you shouldn't need a social security number to go to summer camp. Treat your child's medical records with the same security you would your own: shred paper copies when disposing, and encrypt any documents with sensitive information that you store online or on your computer. If you are applying for something online, make sure that the destination server is secure before divulging your child's personal information.
As always, watch for warning signs. An increase in "junk mail" to your child, including offers for banking or credit card services may indicate that some activity is ongoing using the social security number. If you receive bills or statements for services (including medical care) that you did not receive, contact the vendor or provider to contest the charge and report the breach. As your child approaches age sixteen, order a credit report to see if there is any activity that needs to be reported as fraudulent. If necessary, file a fraud report with the FTC and/or the local police.
While all of this may seem like a hassle, protecting yourself and your family consistently takes significantly less time and energy than unwinding identity fraud even once. Happy encrypting!