How much information does someone really need to know in order to impersonate you to a third party? Your name? Birth date? Address? Armed with easily found information such as this, and maybe a couple other key pieces of information such as the high school you went to, your dog’s name or your mother’s maiden name, an individual might be able to access your existing accounts or establish new loans or credit in your name.
In recent years, reports of security breaches in which customer data and personally identifiable information (PII) were somehow compromised have occurred with concerning frequency. Verizon, Weebly, the Democratic National Committee, and many others have reported massive amounts of compromised or ill-gotten customer information just in the past year.
However, most identity theft or compromises of PII, including a couple of the major breaches mentioned above, have nothing to do with the Internet or lax computer or network security. Unpatched operating system vulnerabilities or hacking wizardry are involved in a relatively small number of the total cases. The Verizon breach resulted from poor configuration of AWS resources in the cloud.
Information can be pulled from your trash can. Waiters can swipe or simply write down your credit card number when you make a purchase at a restaurant. There are a variety of laws related to securing customer information including SOX (Sarbanes-Oxley), HIPAA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach-Bliley Act), the GDPR (General Data Protection Regulation), and others. But, social engineering and good, old-fashioned theft still pose a larger threat than network security and it is up to you to monitor and protect your personal information and your credit.
Below are some tips you can follow to help secure and protect your personally identifiable information and ensure that your identity or your credit have not been compromised.
1. Watch for shoulder-surfers. When entering a PIN or a credit card number in an ATM, on a phone, or even on a computer at work, be aware of who is nearby and make sure nobody is peering over your shoulder to make a note of the keys you’re pressing.
2. Require photo ID verification. Rather than signing the backs of your credit cards, you can write “See Photo ID”. In many cases, store clerks don’t even look at the signature block on the credit card, and a thief could just as easily use your credit card to make online or telephone purchases which don’t require signature verification, but for those rare cases where they do actually verify the signature, you may get some added security by directing them to also make sure you match the picture on the photo ID.
3. Shred everything. One of the ways that would-be identity thieves acquire information is through “dumpster-diving”, aka trash-picking.
If you are throwing out bills and credit card statements, old credit card or ATM receipts, medical statements or even junk-mail solicitations for credit cards and mortgages, you may be leaving too much information lying about. Buy a personal shredder and shred all papers with PII on them before disposing of them.
4. Destroy digital data. When you sell, trade or otherwise dispose of a computer system, or a hard drive, or even a recordable CD, DVD or backup tape, you need to take extra steps to ensure the data is completely, utterly and irrevocably destroyed. Simply deleting the data or reformatting the hard drive is nowhere near enough.
Anyone with a little tech skill can undelete files or recover data from a formatted drive. Use a product like Disk Wipe to make sure that data on hard drives is completely destroyed. For CD, DVD or tape media you should physically destroy it by breaking or shattering it before disposing of it. There are shredders designed specifically to shred CD / DVD media.
5. Be diligent about checking statements. This actually has two benefits. First, if you are diligent about checking your bank and credit statements each month, you will be aware if one of them doesn’t arrive and that can alert you that perhaps someone stole it from your mailbox or while it was in transit. Second, you can ensure that the charges, purchases or other entries on the statement are legitimate and match up with your records so that you can quickly identify and address any suspicious activity.
6. Pay your bills at the post office. Never leave your paid bills in your mailbox to be sent out. A thief who raids your mailbox would be able to acquire a slew of critical information in one envelope- your name, address, credit account number, your bank information including the routing number and account number from the bottom of the check, and a copy of your signature from your check for forgery purposes just for starters. Drop your bills at the post office or at least in an official U.S. Postal Service drop box to ensure that doesn’t happen.
7. Limit the information on your checks. It may be convenient to have your driver’s license number or social security number imprinted on your personal checks to save some time when you write one, but if it falls into the wrong hands it reveals too much information. In fact, some recommend that you only include your first initial in the namespace of your check, such as “T. Bradley” rather than writing out “Tony Bradley” so that if someone did get one of your checks they would not know your full name.
8. Analyze your credit report annually. This has always been good advice, but it used to cost money, or you had to first be rejected from receiving credit so that you could get a free copy. Now it is possible to get a free look at your credit report once per year. The big three credit reporting agencies (Equifax, Experian and TransUnion) joined forces to provide free credit reports to consumers. You should review it to make sure the information on it is accurate and also make sure that there aren’t any accounts on there that you aren’t aware of or any other suspicious entries or activity.
9. Protect your Social Security number. I don’t personally believe in Social Security or any attempts to repair or reform it. I have no illusions that it will actually be around to pay me when I retire. But, whether that comes to pass or not, the Social Security Number has become the one thing they had always promised it wouldn’t- a sort of national identification number. It is often suggested that you do not carry your Social Security Card in your wallet with your driver’s license and other identification. For one thing, although they expect it to last your whole life, the Social Security card is issued on very flimsy cardstock that doesn’t hold up well to wear and tear. Aside from that, though, knowing your full name, address and full Social Security Number, or even the last 4 digits in many cases, can let a thief assume your identity. You should never use your Social Security Number as any part of a username or password that you establish and you should never divulge it to telephone solicitors or in response to spam or phishing scam emails either.
10. Caveat Emptor. I will offer my apologies in advance, and I mean no offense to smaller businesses just building themselves up or getting established, but I recommend you not do business online with companies you don’t know anything about. You can feel relatively secure doing business online with Amazon.com or BestBuy.com or any website affiliated with well-known, national or global merchants. But, if you are buying something online you need to have some level of trust that the company you are doing business with is legitimate and that they take the security of your personal information as seriously as you do. When you do make online purchases, read the companies online privacy policy first to ensure you agree with it and make sure you are on a secure or encrypted website (typically symbolized by a small padlock in the address bar of your browser).
- Tackling Swivel Chair Syndrome - November 14, 2024
- Unlocking Proactive Compliance with Adobe’s Common Controls Framework - October 14, 2024
- Unlocking the Power of Continuous Threat Exposure Management - October 8, 2024
Hey Tony,
Thanks for writing and sharing this wonderful post.
Thumps up for informing about eco-friendly way of digital data destruction. I assume that DIY utility mentioned by you is not generated certificate after erasure process. Since the importance of data increased very much over years, wiping with certified data erasure like BitRaser is indeed a must for all.