Digital transactions and online interactions are part of everyday life and with them comes the reality of data breaches. When you get an email from a company you use that says your personal or sensitive data has been comprised, what are you supposed to do?
Here are some essential steps to guide you through the aftermath of a data breach, and suggestions about how to better secure your personal information going forward.
Assess the situation. Identify what type of information was compromised and the extent of the breach. Watch your bank or other financial account activity closely, including your account at the company that suffered the breach.
Enhance your passwords. Change passwords for affected accounts promptly and add an additional layer of security. Consider using a passphrase rather than a password because it’s more difficult to crack. A passphrase is a combination of words and symbols strung together, usually at least 14 characters in length, with spaces between words, and it does not have to be grammatically correct. An example of a passphrase can be “flew cat, bo0k through there!” If you choose to use a password, ensure that it is a minimum of 12 characters using numbers, upper- and lower-case letters, and symbols. In either case, the FBI recommends making passwords or passphrases as long as a system will allow for optimal security.
Use an encrypted password manager. A password manager program allows you to generate, store and retrieve complex and unique passwords in a centralized, encrypted storage system for easy access across multiple devices. Users only need to remember a single master password to access their password vault. Popular password manager programs include 1Password, Bitwarden, Keeper and NordPass.
Turn on multi-factor authentication. More online accounts are asking users if they want to enable multi-factor authentication, which uses a password and security code (most often sent to your phone) to log in to online accounts. Turn this feature on when possible.
Consider identity theft protection services. Often the company who suffered the breach offers to pay for credit monitoring services for a period of time. In addition, monitor your financial statements and credit reports regularly for unusual transactions or new accounts opened in your name.
Freeze your credit. A freeze restricts access to your credit reports and should prevent new account activity in your name. Once credit reports are frozen, you’ll need to lift the freeze before you can get new credit. Credit must also be unfrozen before any vendors you are doing business with can check your credit file such as insurers, cell phone carrier, etc. Freezing is highly recommended and is a proven way to protect against new account fraud. Below are direct links to freeze all four of your credit reports online.
- Experian www.experian.com/freeze
- Equifax www.equifax.com/personal/credit-report-services
- Innovis www.innovis.com/personal/securityfreeze
- Trans Union www.transunion.com/credit-feeze
Protect your Social Security number. Create an online Social Security account if you haven’t yet done so. This free and secure tool provides personalized tools, including managing your current benefits or estimating future ones. Sign up at www.ssa.gov/myaccount. Opening your account takes away the risk of someone else trying to create one in your name, even if they obtain your Social Security number.
If you know your Social Security has been comprised, lock access to your number to prevent further leakage by calling the Social Security Administration directly at 1-800-772-1213, or by logging onto your My Social Security account. This blocks all electronic access. However, you won’t be able to see or change your SSN information either. Should you need to access it later, you can request the SSA to unblock your SSN after they confirm your identity.
You can self-lock your Social Security number through E-Verify, a service provided by the Department of Homeland Security that allows employers to check an applicant’s eligibility your Social Security number was exposed, contact the Social Security Administration to secure your account.
Learn from experience. Keep a calm but curious mind when it comes to data breaches. Learn from the incident by evaluating how the breach occurred and take steps to enhance your online security by enabling multi-factor authentication, using an encrypted password manager, and staying informed about cybersecurity best practices. New features and security enhancements are being rolled out all the time. For example, Apple’s newest iOS update 17.3 includes a new feature called Stolen Device Protection which requires additional authentication for the phone’s user to access your phone’s information if it detects your device isn’t at a trusted location such as your house or workplace. If you’re an Apple user, turn on this security feature by going to the Settings app, tap Face ID & Passcode, then make sure the Stolen Device Protection toggle is on.
A data breach can be a daunting experience, but taking proactive steps is one of the best ways to safeguard your personal information and financial well-being. If you have concerns or questions about the security of your financial information in the wake of a data breach, please call our client services team to make them aware. They will work with your financial planner to monitor your investment accounts and take necessary steps as needed.