If anyone learns just one lesson from the recently disclosed hack of Equifax, the credit-rating service that has the keys to many people’s vital data, here it is: You have to take your data protection into your own hands.
We had a really queasy feeling when we saw the news reports, and a lot of the information didn’t pass our initial smell test. First, why did it take so long for Equifax to notify its customers and authorities? More than a month went by before there was any announcement. Second, when Equifax did respond, it seemed ineffective. You can go to https://www.equifaxsecurity2017.com/, enter some information about your name and Social Security number and see if you have something to worry about. From there, you need to scroll to the bottom of the page to find the Potential Impact button, which will take you to https://www.equifaxsecurity2017.com/potential-impact/. Most people will learn that their data has possibly been compromised.
If you don’t want to fuss around with the internet, you can call a dedicated call center, 866-447-7559, from 7 a.m. to 1 a.m. ET every day to discuss your account.
You can go back online and enroll in a credit monitoring with program with Equifax – or with Experian or TransUnion, the other two credit reporting agencies in the US. Equifax will give you the program free for a year without requiring you waive the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms-of-use for this cybersecurity incident.
We strongly recommend you take these additional steps:
- Place an initial fraud alert on your credit records. Again, it doesn’t matter which reporting agency you use. They all “talk” to each other. When lenders see the fraud alert when checking your credit, they must take additional steps to verify that it is actually you who wants to open the account. Initial fraud alerts are good for 90 days, and you can renew them or cancel them as it suits your needs. Equifax is offering an “automatic fraud alert” feature, which automatically renews itself every 90 days.
- Freeze your credit. This makes it virtually impossible to open an account in your name because it blocks access to your credit report. Nobody can complete a credit check, so someone else won’t be able to open an account. A credit freeze won’t expire until you choose to remove it, and you can cancel and reinstate them as needed. However, you must place a credit freeze with each bureau individually, and that can come with a fee, usually $10 or less, depending on what state you live in or if you’re already a victim of identity theft.
- Sign up with a credit monitoring service. We have a service that does this, but there are others.
- Check your bank and charge accounts and your credit score regularly. If you see something that raises a red flag, contact your financial institutions or credit reporting agencies immediately.
We spoke to a number of people involved in the storage of highly sensitive personal information, and they all reminded us that you need to protect more than your financial information. Any organization that stores your medical and insurance records is vulnerable to a hack, and that can lead to additional problems. For example, someone who has your medical records can file a fraudulent medical insurance claim using your records.
That, of course, gets us back to advice you’ve often heard from us:
- Install all updates for operating systems and application software as soon as they are available for computers and devices. The updates almost always include security patches and bug fixes.
- Manage your passwords. Keep them long and complex and change them frequently.
- Keep your networks secure by installing updates, managing passwords effectively, making sure your firewall and anti-virus protection is active, and limiting access to administrative functions.
- Use common sense. Don’t click on links within an email from someone you don’t know or on something that looks out of the ordinary from an address you recognize. Email addresses are easily hijacked – and not necessarily because the owner of the address did something wrong. Don’t click on pop-up ads or ads with offers that are too good to be true.
Are we safe on the internet anymore? No, but you can be safer if you take ownership of your security. We can check security settings and run deep scans to help keep you as safe on the internet as possible. Call us – 973-433-6676 – or email us to set up a security audit or answer any questions you have about managing your security.