In the second part of our series, A Guide to Protecting and Monitoring Your Personal Cyber Security, we look at ways you can monitor your personal cyber security to protect your online identity and your dollars.
Let’s assume you’re doing the common proactive things to protect your personal cyber security. You use a password manager, you know how to avoid typical phishing scams, you’re careful with the sites you visit and the information you share when on public wi-fi, and you use multi-factor authentication where possible. Beyond these proactive measures, here are some steps you can take to actively listen for breaches to your data, signs of identity theft, and compromises of accounts.
Has My Data Been Breached?
Troy Hunt provides an incredible free resource, Have I been pwned?, that lets you quickly find out if you may be at risk due to one of your online accounts being compromised or ‘pwned’ in a data breach. You can enter your email or username to check if you have an account that has been compromised and, even better, you can sign up to be notified if an account is compromised.
How Can I Watch for Signs of Identity Theft/Assumption?
First, it pays to know the signs that indicate someone may have stolen your information: the identifytheft.gov website lists some clues.
Here are some tactics you can employ to listen for signs of identity theft:
- Claim your Social Security account and check it regularly. The Social Security Administration has an online portal that allows you to claim your account and reduce the risk of someone else attempting to create one in your name. If you haven’t already claimed your account, make this a priority – regardless of your age or claiming status. However, don’t stop there. Sadly, it may still be possible for identity thieves to register accounts in others’ names and siphon funds. Regularly log into the portal to make sure your information, like date of birth and mailing address, are correct.
- Monitor your credit report. If someone opens a line of credit in your name, it will be reflected in your credit report. You’re entitled to a free yearly review of your credit report. The Consumer Financial Protection Bureau agency provides details on getting access to your report.
- Consider signing up for credit report alerts. If you want to take further precautions, you can sign up for alerts notifying you when a change is detected on your credit report.
- Evaluate credit monitoring and identity monitoring solutions. Many vendors provide monitoring services. While there is debate about the value of these services – vs doing the monitoring yourself – you many want to weigh the merits of LifeLock, ID Shield, and similar vendors. Newer services such as Rubica claim to go further in terms of protecting your privacy.
- Consider freezing or locking your credit. These options protect credit reports from being used by criminals to open new accounts. Evaluate these options, and note that it’s easier to unlock a credit lock than it is to “thaw” a credit freeze.
How Can I Protect Against Monetary Theft?
After a data breach or identity theft, you are at greater risk of monetary theft. This means you need to pay attention to account statements.
Review your bank account statements monthly to ensure there’s no suspicious activity. Better yet, contact your bank to set up alerts to notify you of large withdrawals from checking or savings accounts.
Review your credit card statement. Yes, this may take some time, but it will pay dividends if you need to dispute a charge. Don’t rely only on your card issuer to alert you of suspicious activity.
A Final Word on Being Proactive
We mentioned the basic steps you should be taking to proactively protect your identify, your data, and your money. Here are some lesser-known proactive steps you should take:
- Be alert to attempts at social engineering. Someone grilling you about where you went to school, pet names, or your favorite colors and sports teams may be looking to discover the answers to your security questions.
- Check your social media privacy settings to limit access. And think before you share.
- Remove apps you no longer use. Unused apps can still access and use your sensitive information, opening your devices up to exploit through vulnerabilities in the apps, especially those that are no longer maintained by the developer.
Missed our first post in the series? Check out: 2FA and Passwords: What You Need to Know.
Additional Resources
The FTC’s Identifytheft.gov website provides a list of steps to take for various types of data loss, including driver’s license, social security number, and online login.
FTC Privacy, Identity & Online Security Resources