It’s October, the leaves are starting to change colors here in the Northeast, and it’s National Cyber Security Awareness Month. The STOP, THINK, CONNECT initiative is in its fifth year and www.staysafeonline.org has a wealth of resources for businesses and individuals. We ALL need to become more cybersecurity aware.
If you have been watching the news the first four days of this month, you know that the bad guys are still winning. On the first, Experian North America,disclosed that a breach of its computer systems exposed approximately 15 million Social Security numbers and other data on people who applied for financing from wireless provider T-Mobile USA Inc. On the second, Scottrade Inc., disclosed a breach involving contact information and possibly Social Security numbers on 4.6 million customers. If we estimate the population of the USA to be approximately 320 million, and assume a conservative number of 25% are under the age of 18, we have approximately 240 million adults in the USA. In the first two days of October, 8% of the USA population may have had its Social Security number and other personally identifiable information stolen. If you were one of the unlucky 8%, free credit monitoring will be offered. I can tell you from experience that I am on the second year of free credit monitoring services, provided the first year by a larger retailer, and this past year from my healthcare insurance provider.
What is credit monitoring? Credit monitoring is not designed to prevent ID theft, but to provide notification if ID theft does happen, and then assist you with the credit bureaus and creditors to remove the fraudulent activity and to fix your credit score. I would recommend that everyone read Brian Krebs, How I Learned to Stop Worrying and Embrace the Security Freeze blog.
Let’s start with some simple things we can all do to stay safer online. Passwords should be long and strong, and not guessable. Most people have an Internet presence. We post on social media our kids names, wish each other happy birthday, disclose our maiden names, where we went to school, our pets’ names, along with our favorite color, and other personal information. A professional ID thief has the processes and tools in place to gather our publicly available information and to use it to guess our password, or security questions that we use to protect those passwords. If you are a parent or a young millennial, think about what has been posted on the Internet. If I were an ID thief, I would be collecting personal information on the population that was about 18 or had just reached that age. Another part of the population that you may want to also help protect are the older generations which have embraced the digital life. You may have setup an email account, social media account or showed them how to use the Internet. While we all may fall victim to clicking on a link we should not have at some point during our lives, senior adults today tend to be more trusting, and as such may click on a link that we would look at, suspect it is coming from an ID thief and either ignore or delete it.
You should have unique passwords for each account. Do not re-use passwords, and do not share passwords between work and personal accounts. If your email account was compromised, and you used that password only with email, you only have one password to change. If you used the same password everywhere, then the threat is much greater and you will be racing to make changes to all your accounts.
Come back next week when I will post information about staying ahead of threats using real-time traffic-based analytics. Also check out Sam Curry’s post Creating a culture of (cyber) security from Arbor Networks.