Identity Wars: How to Protect Yourself – Tips from a Professional IT Consultant.
By Daniel Covell, Founder, The Covell Group Market Update – December 2017

break

Daniel Covell, founder of The Covell Group, has been our IT and Data Security consultant for 7 years. During that time, he has partnered with us to implement significant improvements to our technology and data security systems keeping us ahead of the curve. It is important for an IT professional to have the technical skills and competency necessary to design and maintain a secure system. Mr. Covell has those qualities in spades. His humanity and understanding of the human cost when data gets in to the hands of the wrong people, however, is why we continue to place our trust in him.

Stay Secure, Reason Financial

break

 

Security breaches continue to happen, almost on a daily basis. The most recent breach with Equifax is a bad one and affects almost half the US population. First, you must understand this is not your fault. Unfortunately, it does not matter that you did nothing wrong; you still must take some action to protect your credit and identity from criminals. The good news is there are a few simple steps to greatly reduce the chance your credit and identity will be used without your permission.

My background of 26 years is in Information Technology, and a part of my job is system security. I work with scam emails, viruses, data security, and system security everyday. I am just as vulnerable to fraud as anyone else but I have taken some steps to reduce my risks and I want to share them with you now.

Step 1: Freeze your Credit

There are 3 credit bureaus and to freeze your credit you must contact each one individually. Pricing is typically $10 unless you are over 65 years old. Currently Equifax is not charging, likely because of the recent breech.

When you freeze your credit, new applications for credit will not have access to your credit information. If you need a new loan, credit, mortgage, insurance, government services or payments, rental housing, employment, investment, license, cellular phone, utilities, digital signature, Internet credit card transaction, or other services, including an extension of credit at point of sale1 then you will need to unfreeze your credit temporarily. The same fees apply to unfreezing your credit.

Based on my personal experience, here is how to freeze your credit. You must contact all 3 bureaus individually.

Transunion
Easiest to do on the phone.
$10 in California. Free over the age of 65.
888-909-8872 You will pick a 6 digit PIN, DO NOT LOSE THIS!
Or online at https://freeze.transunion.com/sf/securityFreeze/landingPage.jsp

Experian
Easiest to do on the phone.
$10 in California. Free over the age of 65.
888-397-3742
Will receive PIN by mail, do not lose this!

Helpful link: http://www.experian.com/blogs/ask-experian/credit-education/preventing-fraud/security-freeze/california/

Equifax
Easiest to do online.
Currently free.
https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp
Fill in form online, a PIN will be generated for you
Phone number if there is an issue 1-800-685-1111

Step 2: Check your Credit

This one is easy and free. There are a lot of sites that will check your credit and then want to sell you your credit score. This is the “official” site sponsored by the 3 major credit bureaus.

https://www.annualcreditreport.com

This process takes about 10-15 minutes for all 3 bureaus and you will be asked some credit history questions which may ask about residency or loans you had 20 years ago or even more. So, put on your long term memory thinking cap! Make sure to save to a PDF or print all the reports generated as you can only do this once a year for free.

Credit Score: The annual credit report site will offer to provide you with your credit score but this is not a free service. Your credit score may be provided for free by your bank or credit card company. Login to your online bank and or credit card company site to see if they have your credit score available.

Step 3: Tips to Protect Your Data

If you don’t already have one, get a shredder! Any pieces of paper that have personal information on them should be destroyed. (Reason Financial will shred your information for you if you drop it off at their office)

Don’t give out your Social Security Number to just anyone. Financial institutions, checking your credit, Government Agencies, and your employer legitimately need your SSN but most others do not.

Careful what you email. Email is not secure so any information you send in an email could potentially be intercepted. More likely, the recipients email could be hacked. If you have a document that is confidential and need to send it to someone in an email, then put a password on it. You can ZIP it and put on a password or if you have the full version of Adobe Acrobat you can password protect that too. Then send the password to the recipient separately like a text message or phone call.

Do not store all your passwords on a piece of paper out in the open or in a file on your computer with no password. Many people do this and a smart thief who gets into your house knows this. If you keep your accounts and passwords on paper keep them in a safe or lock box. If you keep them in a spreadsheet or document put a strong password on the file of at least 12 characters.

Protect your Online Accounts

Password strength is important. If you are really bad at remembering passwords, you can either use a password manager like LastPass or create a pattern you can easily remember. Password strength is based on the length of the password and complexity. NEVER use words found in the dictionary, your birthday, pet names or kids names. Here are some examples of strong passwords that are easy to remember based on famous movie quotes.

Utalk1ng2me!
E.T.ph0neh0m#
fr@nkly my d#@r (yes you can have spaces in a password; just not at the beginning or end)

You can see where letters have been replaced by numbers and special characters. Easy to remember for you but very difficult to crack for a computer.

To make it even stronger, just add a few numbers on the end that you can remember, not birthdates or addresses!

Utalk1ng2me!4312
E.T.ph0neh0m#4312
fr@nkly my d#@r4312

Usernames are just as important as passwords. Most people don’t consider this, but if your username is hard to guess then the hacker can’t even get started on the password. If you always use johnsmith as your username, then try something like john-smith instead or johnsmith4312.

Change your passwords when you think someone may know yours, you feel there may have been a compromise or at least once a year.

Setup Two Factor Authentication if available. Many online accounts can add a second check beyond your password. This can be sending a text message to your phone or using an app like Google Authenticator and the number changes each time you login. If someone was able to get your username and password they still would not be able to login.

Protect your Devices

Lock your phone! If you lose your phone and a thief goes through your data it is very likely you will be compromised. Use a thumbprint, PIN, facial recognition or pattern. If you can set a password on startup for your phone then do that and choose a hard password since you only have to type it when your phone boots up.

Put a password on your home computer. Remember a password does not protect your files. Any good computer person can get around a password for accessing data. BUT, it will protect things like saved passwords in your web browser that are encrypted. There are ways to encrypt your entire computer drive as well as particular files. These are things you can look up how to do on the Internet.

Step 4: Be Vigilant

Every day I get 3-4 phone calls trying to convince me that there is a lawsuit against me or the IRS is going to send me to prison if I don’t pay a lot of money. These are bogus calls and you should hang up on them immediately. Scammers can fake the phone number so don’t waste your time trying to report it. It is common for a scammer to make the number look like it is local or even coming from an official government office as an example.

Same thing goes for emails. The best way to protect yourself on email scams is to never click on a link in an email. Instead go to that site directly then login.

The IRS or State will not contact you via email or the phone. They will send official correspondence through the US Mail.

Finally, remember if it sounds too good to be true, it is!