March 3-9 is National Consumer Protection Week and as a result, you may see information shared to help you better understand your rights as a consumer and to help you make more informed decisions about your finances. In this spirit of protection, one topic that has become a fact of life during the past decade is identify theft.
What is Identity Theft?
You may already know what it is, but in case you don’t, identity theft is when someone uses your Social Security number or other personal information to impersonate you. Once identity thieves have your personal information, they can do a number of things, including draining your bank accounts, running up charges on your credit cards, opening new utility accounts, getting medical treatment on your health insurance, or even filing a tax refund in your name and get receiving your refund.
What can I do?
If you are reading this, then it’s quite likely that your information has been compromised in at least one cybersecurity incident. As these types of incidents continue to increase, there is a lot we can all do to help protect ourselves from the risk of identity theft and to make recovery from cybersecurity incidents quicker and less painful.
First, you can have better oversight of your personal credit reports. Federal law requires each of the three nationwide consumer credit reporting companies - Equifax, Experian and TransUnion - to give you a free credit report every 12 months if you ask for it.
- How to Request: You can request your credit reports by going to AnnualCreditReport.com (https://www.annualcreditreport.com/). As a tip, you can better keep an eye on your credit all year by spacing out your credit report requests and requesting a report from a different consumer credit reporting company every four months.
- When reviewing your credit reports, make sure there's nothing inaccurate in those reports, and file for correction if needed.
- After your review, if you don’t anticipate needing your credit checked in the immediate future, you can initiate a credit freeze at each of the consumer credit reporting companies. Instructions can be found at Krebs on Security. Don’t worry, the freezes can be thawed when needed.
Next, you can practice good digital hygiene. Just as you lock your front door when you leave home and your car when you park it, make sure your digital world is secured. This means:
- Keep your operating systems up to date, whether on your personal computer or mobile device. When operating system updates are released, they fix errors and vulnerabilities that could lead to someone getting access to your device.
- Do the same for the software you use. Web browsers, plug-ins, email clients, office software, anti-virus/anti-malware, and every other type of software has flaws. When those flaws are fixed, installing those updates can help protect you before someone uses those flaws against you. The vast majority of compromises leverage vulnerabilities that have a fix already available.
- Think before you click. See the links I have included above? Make sure you hover over links to see if it matches where you expect to go, especially when a website’s address is not spelled out like it is above. If a link seems suspicious to you, avoid clicking on it. You can also type in the web address in a web browser to avoid clicking on the link.
- Question requests for personal information. Before you disclose personal information online or over the phone, make sure you can identify with whom you are speaking. An unexpected call, email, or website requesting your personal information, like credit card or social security numbers, should raise red flags for you.
- Think before you share on social media sites. Some of those fun-to-share-with-your-friends quizzes and games ask questions that have a disturbing similarity to "security questions" that can be used to recover your account. Do you want the answers to your security questions to be published to the world?
- Keep a strong, unique password for every site or service you use and consider using a password manager. That way a compromise on one site won't open you up to fraud at other sites.
- Back. It. Up. What do you do if you are hit with a ransomware attack where someone locks your device in exchange for money? Or a run-of-the-mill hard drive failure? If you have a recent off-line backup, your data becomes safer and you can recover your data without even thinking about paying a ransom.
- Lock your device and full disk encryption is your friend. If your device is left unattended or is stolen, it will be a lot harder for a thief to access your data.
- Check all your accounts statements regularly. Paperless statements are convenient in the digital age, but it is easy to forget to check infrequently used accounts. Make a recurring calendar reminder to check every account for activity that you don't recognize.
- Manage your paper documents. Have bank statements, explanation of benefits, or other types of documents that may have personal or sensitive information on it? Don't just throw them in the trash or the recycle bin. Destroy them securely, such as shredding them with a cross-cut shredder. Data stolen from a dumpster are just as useful as data stolen from a website.
Finally, if you've unfortunately become a victim of identity theft:
- Create an Identity Theft Report by filing a complaint with the Federal Trade Commission (FTC) at ftc.gov or call 877.438.4338.
- Use the Identity Theft Report to file a police report. Make sure you keep a copy of the police report in a safe place.
- Flag your credit reports by contacting the fraud departments of any one of the three major credit bureaus: Equifax (800.685.1111); TransUnion (888.909.8872); or Experian (888.397.3742).
NEOMED takes great pride in its information security through its use of administrative, technical and physical privacy controls. The steps and controls outlined here may help you take more control of how your personal information is used, and ultimately, help reduce your risk of identity theft. Below are some additional resources you can use to learn more about identity theft and if you have any questions regarding identity theft or security incidents as it relates to the University, please contact firstname.lastname@example.org.
For more tips and tools on dealing with identity theft, visit the FTC Identity Theft website.
- Go to identitytheft.gov to report and recover from identity theft; you can also browse the FTC's complete list of possible recovery steps.
- Download the FTC's comprehensive guide for victims: Identity Theft – A Recovery Plan.
- Learn about current scams and how to protect yourself by visiting Fraud.org.
-Submitted by Jonathan Wagner