Internet Security Recommendations for 2018
Global cyber-crime is big business, with damages costing over $3 billion in 2016. The danger comes in all forms and impacts both individuals and businesses alike. Tax return fraud has ballooned in recent years, where best practices now require obtaining a special code to file your tax return. Protecting yourself from identity theft is an on-going process, and one that requires diligence and focus to remain protected. The best defense against identity theft is being aware.
Easy Steps to Protect yourself:
- Privatize your online life. Most forms of identity theft start from information that is left vulnerable by the individual. Hackers scan the internet for tidbits of information such as birthdays, schooling, and connections on social media websites. Best practices for protection include keeping your online accounts private and using passwords that do not contain characteristics such as your birthday or a familial connection. Your e-mail accounts and social media sites such as Facebook, LinkedIn, Instagram, Tumblr- should all be made private. You can change your setting as follows:
- Avoid Phishing. Phishing is accomplished when a person unknowingly offers personal information to someone pretending to be a company, bank, or relative. Phishing happens through phone calls, emails and texts. A hacker who is phishing may contact you to “fix an error,” pretend they are a charity, or fix a problem with your bank/credit card account. They ask for a few bits of information such as a credit card number, social security number, or account number. The following are some ways to handle this situation:
- Hang up
- Ask for the name of the employee and calling back the company’s main line to ask if this issue is legitimate
- Do not open emails asking for private information
- Do not provide personal information in an email
- Report the scam to the company in question
- Report the scam to the FTC (FTC.gov/complaint), Anti-phishing Working Group (reportphishing@apwg), or the IRS (firstname.lastname@example.org)
- Keep up with important software updates. Updates on computers are your friend. Most people operate on either an Apple OS or Windows system and receive periodic official updates. These minor updates are usually labeled “bug fixes” and often include security improvements and aim to close security gaps.
- Cell Phone Security. Just like computers, your cell phone can be hacked by a phishing e-mail or link. You should only download apps from secure sources such as the Apple or Google store. When introducing new apps to your phone, direct downloads may be dangerous.
- Use a safe password. Ideal passwords are ones that include a variety of numbers, characters (one uppercase and one lowercase) and symbols. Letters are more ideal than actual words or anything found in the dictionary. The longer the better, a password that’s 12 characters is better than one that’s 8 characters. Consider using longer phrases with character changes.
- Change your passwords. Do not use the same password for every account and app. Having multiple passwords on different accounts is safer, but hard to remember. We recommend that you consider using a Password Manager Program. There are apps that allow you to access multiple passwords with one main password. These apps come with a multi-layer of security that prevents access from outside parties. Attachment I lists three of the top Password Manager programs for your consideration.
- Be careful what you e-mail. If a hacker gets into your e-mail account, all sorts of personal information becomes available. It is best to use secure e-mail or Dropbox style uploads of confidential information. Personal information should only be included in an email that has been encrypted. Delete emails containing financial information after the need for them has passed. Establish separate email accounts for personal use, “spam mail,” and financial information; and make sure to continuously assess whether certain emails containing personal information need to be saved electronically or in your email account. Change your e-mail password regularly!
- Monitor your online banking and credit cards. It is easy to logon to your bank website or credit card website and review your recent charges. Reviewing a monthly statement is often too late to take any defensive action. Fraudulent or questionable charges should be reported immediately. Ten minutes of weekly review is an important step to maintain control of your finances.
- When shopping online, use only secure websites. Shopping online is safe — when you use secure web pages. Check the top of your browser and look for look for “https” in the address bar. This means you are on a secure web page and your data is encrypted. Without a secure connection, hackers can eavesdrop on your transaction and grab your private data.
- Opt out of new credit card offers. Credit card companies frequently offer “pre-approved” credit cards – these should be avoided. The 1970 Fair Credit Reporting Act (FCRA) gave the three major credit bureaus the right to sell your information to companies offering new credit cards. However, the 1996 amendment to this Act stipulated that credit card companies must provide a way for consumers to be excluded from pre-approval lists. It is important to ensure that your name is on this exclusion list. In order to exclude yourself from “pre-approved” credit cards, and to keep your history private, you may call 1-888-567-8688 or visit https://www.optoutprescreen.com.
- Protect your physical paperwork. In addition to online information, it is important to keep physical copies of your information safe. Recommended ways to do this include keeping documents in a safe deposit box or a fire-proof safety box. Other information that is unnecessary to keep, especially documents including birthdays, account numbers, personal information and social security information, should be shredded.
- Know how to Freeze your credit files. Using a “security freeze” on your credit files prevents them from being accessed by a new creditor. If you no longer need to apply for consumer loans or credit cards, freezing your credit files can prevent identity theft and your information being susceptible to being hacked. There are three credit reporting services that allow you to freeze your account through the creation of a secure ID and password. Again, when creating a secure password be sure to make it one you can remember, save it in a protected password keeper, and include upper and lowercase characters as well as numbers and symbols. The three companies can be found at the following websites:
|Credit Bureau||Website||Phone Number|
- National do not call list. Is a free service you can subscribe to that will prohibit sales calls (note: this service means you will still be eligible to receive: political calls, charitable calls, debt collection calls, informational calls and telephone surveys). The best course of action when receiving these calls is to hang up. It is very commonplace these days to receive a call from a ‘robocaller’, who will usually give you the option to either press 1 to speak to a live person or 2 to be placed on the do not call list for their company. Pressing 2 will most likely end the call and do nothing, however pressing 1 will let the company sell and distribute your name as a live prospect. To register for the do not call list call: 1-888-382-1222 using the phone with which you wish to register or visit: https://www.donotcall.gov/
- Is software that seizes control of your computer and locks up any use of it until the software is remedied. Typically downloaded through Trojan horse links (files that look innocent or harmless but contain malware), ransomware bypasses your security programs and freezes your computer. It then ransoms the use of the computer and instructs the user to pay the hacker using iTunes gift cards, Bitcoins other hard-to-trace forms of payment. Tips for ransomware:
- Do not open unknown files!
- Back up your files regularly. Malware may become so embedded that you will have to erase your computer and restart it from scratch; any files, including documents or photos, will be erased.
- Keep current with the latest Microsoft, Apple and major product patches.
- Invest in a security program to protect yourself against bad software. I use Norton Anti-Virus and Malwarebytes.com in tandem.
- Identity Theft Monitoring Services. Attachment II contains a list of four recommended identity theft monitoring services. These services scan the three major credit monitoring services and analyze your web profile, credit exposure and internet footprint. While these services provide some security, you also need to remain proactive in monitoring your credit cards and bank accounts. Please review the four recommended choices.
Attachment I – Recommended Password Manager Programs
1Password– is the most compatible password manager if you are using Apple products, however, it works well with Android and Windows as well. It has a very appealing yet simple interface and is incredibly easy to use. Perhaps the most notable aspect of this password manager is that its capabilities extend beyond simply storing passwords. Included with this app is the ability to store data such as passport, banking and Wi-Fi router information, among other things. This password manager would be ideal for someone who mainly uses Apple products and wants to store more than just passwords in a secure location.
Dashlane- is the most business-orientated of the three password managers mentioned here. It works with the most number of web browsers, has the most forms of customer service, and works in several languages. One nifty feature of the Dashlane service is the ability to change hundreds of passwords in a short amount of time allowing the user to stay a step ahead of anyone who might have picked up one of your passwords along the way. Dashlane is an excellent password manager and would be ideal for someone with an inordinate number of online accounts that require security and upkeep.
LastPass– is a very solid and capable password manager, much like the previous two mentioned. It is the least expensive of the three yet has similar feature and functionality. It has a very appealing interface and is not difficult to use if you are less familiar with computers. It has good sharing capability and works well with most of the web browsers used today. LastPass would be ideal for anyone who wants a simple password manager that performs well and is secure, but nothing more.
|Password strength report||Yes||Yes||Yes|
|Fill Web Forms||Yes||Yes||Yes|
|Automatic Password Capture||Yes||Yes||Yes|
|Tech Support||Social media, email, forums||FAQ, forums, email, twitter, live chat, VIP support||Trouble Tickets, forums|
|Best for||Personal||Personal, Professional/Business||Personal|
Attachment II – Recommended Identity Theft Monitoring Services:
|Identity Theft Monitoring Service (top plans listed)|
|Company||LifeLock||TrustedID||Identity Force||Identity Guard|
|Best For||Keeping your info secure||Good family coverage||People with frequent medical visits||Young Adults just starting out|
|ID Insurance||$1 million||$1 million||$1 million||$1 million|
|Three Bureau Monitoring||Yes||Yes||Yes||Yes|
|Monitor Public Records||Yes||No||Yes||Yes|
|Monitor Criminal Records||Yes||No||Yes||Yes|
|Identity Protection Alerts||Email/ SMS/ Phone||Email/SMS||SMS||Email/ SMS|
|Financial Activity Alerts||Email/ SMS/ Phone||No||Yes||Email/SMS|
|Lost Wallet Protection Plan||Yes||Yes||Yes||Yes|
|SSN and Credit Alerts||Email/ SMS/ Phone||No||Yes||Email/SMS|