Topics:Internet Security Identity Theft 101 Data Breach News Business Security Tax Identity Theft Medical Identity Theft Scams
Guest Post by Kayla Matthews Now that biometric technology has found a place in many people’s lives through their phones and devices, could it help solve the issue of identity theft? If so, how would we get it done? If it’s implemented well, biometric technology is superior to previous security standards. It may not be enough on its own, however, and it introduces several new headaches. Let’s look at some of the potential benefits and some of the problems that could arise out of our using this technology. Why biometrics? The U.S. Federal Trade Commission finds that identity theft victims pay a total of $5 billion out of their own pockets each year to resolve identity theft incidents. The FTC puts the cost for the business community at around $50 billion every year. One of the reasons why this problem is so stubborn is because our technology hasn’t caught up yet. Pew Research polling finds that as many as 39 percent of adults in the United States use similar or identical passwords across accounts and 25 percent knowingly use less-secure passwords than they should. Overall, our password hygiene is poor. Plus, two-factor authentication via email isn’t that safe because email itself isn’t that safe. Biometrics leverage features that are unique to each of us. This includes fingerprints, scans of our retinas, irises or faces, recordings of our voices, prints of our hand geometry and even behavioral characteristics. Many of us are already accustomed to pressing our finger to our phones or holding still for a quick scan with the front-facing camera, but this is a broader category than that. However, each type of biometrics technology generally relies on three components to work: a sensor to collect data, software to interpret the results, and a device to interact with and house the other components. Biometrics are fundamentally safer than passwords and other types of security for several specific reasons. That’s not to say they’re without potential pitfalls, though. Why biometrics work against identity theft Biometrics may soon become an even more common bulwark against identity theft and other types of digital fraud. They are already helping to phase out encryption keys, one-time codes, and traditional passwords in some places. Here are some of the reasons: Biometrics make people the password. Ordinary passwords can be stolen or forgotten. Passwords are more secure with a secondary PIN number, but this doubles the amount of information a user must retain, or that they can misplace or have stolen. Biometrics are more difficult to fake compared to other types of security. For example, two-factor authentication relies on secondary devices which may, themselves, be compromised. Biometrics are becoming more ubiquitous. This is thanks in large part to consumer technology. Research says around a billion fingerprint-reader-equipped phones are sold per year. As a result, 93 percent of top banks in the United States have added biometrics to their mobile apps. For those who’ve experienced identity theft, it is every bit as unpleasant as the name makes it sound. Somebody has compromised and leveraged your very identity to satisfy their own ends. To protect something so personal to you, it just makes good sense to use a type of security that’s equally personal. So far, nothing beats biometrics. The points above cover three things that are vital to the successful rollout of any new security paradigm: it’s more secure than what came before, it’s more convenient, and it has the means to achieve quick adoption. But what is it about identity theft, specifically, that makes biometrics a good fit here?Identity crimes most frequently take the form of social engineering (coercion or deception over the phone or online), mail theft, and credit or debit card theft. The addition of biometrics into the equation would seem to raise the security bar significantly: It’s not enough that a dumpster-diver can spoof your phone number and your address to apply for a personal loan. Your bank can tell it’s not them based on the sound of their voice. It’s not enough that a cyber-criminal has your Social Security number and the login credentials for your health insurance app. In order to order a prescription refill, the app needs a fingerprint scan. It isn’t enough that somebody bought your credit card information on the black market. You’ve locked down your card controls using your fingerprint or face scan. The card is useless to them. Biometrics represent an important addition to the existing cyber-security and identity crime tapestry. At the end of the day, however, even face and fingerprint data is zeroes and ones. Storing our zeroes and ones anyplace still requires a certain leap of faith. What are the problems with biometrics? There may come a day when we use this tech to secure each of our internet accounts, pick up our train tickets and boarding passes, pay for morning coffees, and navigate every interaction with every public institution, from the local library to the IRS. Nevertheless, there are already some stumbling blocks when it comes to using biometrics as the new de-facto security standard: Biometrics aren’t foolproof. Many people became familiar with biometrics technology thanks to smartphones from Apple and Samsung. Neither of these technologies has a perfect track record, meaning dedicated criminals may still find a way in if they want to. High-resolution photos and photorealistic masks can unravel a digital identity built on facial identification. Biometrics have inconsistent appeal. Facial recognition had a 34 percent approval rating among adults in the United States in a recent Morning Consult poll. A similar poll in the U.K. said 54 percent of adults found facial recognition technology creepy. Biometrics are politically divisive. In 2019, San Francisco became the first U.S. city whose board of supervisors voted to ban the use of facial recognition technology within city limits. Police departments already claim to depend on the technology, but civil liberties groups have long opposed its use. Lawmaking on the subject will be inconsistent for many years, and possibly longer. Biometrics require expensive infrastructure. Social Security numbers and other identifiers require infrastructure to use, but not as much as facial recognition cameras or retina scanners. Biometrics may not be cost-effective everywhere. Biometrics cannot be changed. This may be the most critical potential downside to the widespread use of biometrics technology. A password is something the user can change. They can even get a new phone number, email address, PIN or other identifier. But fingerprints, iris scans, and face scans are unique to you and cannot be changed once they’ve become compromised. Like any other packet of data, the digital “key” that is your iris or face scan must be stored securely on a device or transmitted elsewhere for storage and/or processing. Whether in transit or at rest, this intimate data is only as secure as the companies entrusted with it. It’s smart to stay aware of biometrics and other developments in digital security. But like everything that came before, it’s wise not to put all of our faith in any one protective measure, and to take every vendor, developer, and manufacturer’s security claims with a grain of salt. Kayla Matthews, a tech and security journalist, has written articles for sites including WIRED, Information Age, Security Boulevard, and the National Cyber Security Alliance. To see more of her work, follow her on Twitter @KaylaEMatthews or check out her tech blog, Productivity Bytes.
Guest Post by Kayla Matthews The Internal Revenue Service (IRS) is the group responsible for investigating tax fraud instances allegedly committed by U.S. businesses or the country's citizens. Here's what you should know about that process: How do you report tax fraud to the IRS? The IRS maintains a dedicated page that walks people through how to report suspected tax fraud. The basic process is to mail the appropriate form, which prompts the IRS to look into the matter. When you believe an individual or business is not following tax laws, the associated document is typically called 3949-A Information Referral. You can print the form off of the tax fraud reporting section of the IRS website or call a recorded hotline number listed there to request that a copy of the form be mailed to you. Bear in mind that you cannot make a tax fraud report through that number; the IRS only accepts written documents.Instead of sending that form, you can send a letter that includes as much information as possible to help the organization assess the case. Include the following things: The name of the individual or business in question The respective Social Security Number or Employer Identification Number A brief description of the alleged violations committed, including how you became aware of them The estimated dollar amount of the applicable income The years during which the violations occurred Your name, address, and phone number The IRS allows submitting anonymous reports. However, it says that it's more helpful to them if you provide your identifying information. The IRS keeps the details confidential. How does the IRS examine tax fraud reports? Based on the information contained in a report about alleged tax fraud, the IRS has internal teams that look into things further to determine the most appropriate actions to take. More specifically, the IRS has a division called Criminal Investigation (CI) that pursues cases of possible tax fraud and other financial-related crimes. The IRS started screening for fraudulent tax returns in 1977. When the IRS has evidence suggesting fraudulent tax returns, the CI department of the IRS has eight Scheme Development Centers (SDCs) tasked with screening for tax refund fraud. The staff at the SDCs also work with all other IRS departments during their checks. When people at the SDCs find problematic information, they refer cases to CI field offices and the investigators there. When the IRS contacts taxpayers for any reason, they always do so through the mail and never by phone. A case of what appears to be tax fraud may not always come about because of intentional wrongdoing. For example, an accountant could make an honest mistake when preparing someone's tax returns, triggering an IRS audit. For tax professionals, it is beneficial to stay abreast of tax law changes and participate in industry certification programs to avoid mistakes that cause fraud. In addition, it’s also helpful for taxpayers to know the red flags associated with illegal tax activity to avoid audits or serious cases of fraud. What happens when the IRS cracks down on tax fraud? The IRS has between 3–6 years to investigate tax fraud depending on the amount of underpaid tax. According to the CI's 2018 annual report, it identified $9.69 billion worth of tax fraud, issued 1,399 warrants and had a 91.7 percent conviction rate. Moreover, it initiated 1,714 tax crime investigations and recommended 1,050 prosecutions. On a related note, 1,052 parties received tax crime-related sentences. However, many instances of tax fraud result in civil penalties rather than criminal prosecutions. Data collected in 2018 indicates that the IRS assessed nearly $29.3 billion in civil penalties. Almost $12 billion of that amount originated from individual tax returns or those related to estates and trusts. Is tax fraud a big problem? Tax fraud cases often capture the headlines, but some people understandably wonder whether the overall problem of tax fraud is truly substantial or just overblown. Firstly, keep in mind that the IRS tracks something called the tax gap — the difference between taxes owed and taxes paid. The IRS recently released its tax gap estimates and said that taxes get paid voluntarily and on time in 83.6 percent of cases, which is virtually unchanged from its last tax gap estimate. The most current data is not as up to date as you may think, though. It covers 2011–2013, and the one before that dealt with 2008–2010. And, the percentage of taxes paid rose to 85.8 percent during both periods after the IRS proceeded with enforcements. However, the same report said that the tax gap grew by 11 percent compared to the last estimate, totaling $381 billion. Additionally, a watchdog insists that the IRS is not efficiently combatting fraud associated with corporate mergers and acquisitions. A report released in September 2019 says the IRS spent 27,874 workdays looking into such matters from fiscal years 2015–2018 and did not make changes to the associated filings after completing their investigations. Another study showed that the Criminal Investigation Unit pursued near 25 percent fewer cases than in 2010. Analysts cited budget cuts as a primary reason for the reduced enforcement. Other variations exist that determine the prevalence of tax fraud. For example, evasion rates differ according to the type of taxes paid and the associated income bracket of a taxpayer. The information you need Whether you file taxes, prepare them or are merely interested in tax fraud, the information here should prove useful. You also now know what to do if you need to report possible fraudulent incidents. Kayla Matthews, a tech and security journalist, has written articles for sites including WIRED, Information Age, Security Boulevard, and the National Cyber Security Alliance. To see more of her work, follow her on Twitter @KaylaEMatthews or check out her tech blog, Productivity Bytes.
Guest Post by Will Ellis What would you do if someone broke into your house and stole your Social Security card? You'd probably be freaked out, and you'd probably get a new home security system. Well, it might already have happened. Not the break-in, but the theft. Social Security numbers are among the most valuable pieces of information available for sale on the Dark Web, and they are also — worryingly — frequently released as part of data breaches. Take the hack, back in September, of Equifax, one of the three major credit bureaus. This breach of SSNs and other personal information of millions of Americans resulted in a staggering number of records that were compromised and possibly used by identity thieves. The breach has been useful in one way, though: it's given people cause to stop and think about the SSN system itself. Shortly after the breach, a White House cybersecurity coordinator said that the federal government was looking into more secure replacements for Social Security numbers. Others, like the website have claimed that “the Social Security number has outlived its usefulness." I agree. Here's why: SSNs are easy to hack The primary problem with SSNs is that the system has been made completely insecure by advances in information technology. It’s worth remembering that the system was first designed in 1936 as a way of identifying people, but has not evolved since then. Back in the days of paper records, finding someone’s SSN was pretty hard, short of breaking into their house or the Social Security office. That’s changed.SSNs can be found in two ways. The first is that, believe it or not, there is computer software that can correctly guess SSNs in a significant majority of cases. An algorithm created by researchers in 2009 could predict an SSN correctly 44 percent of the time in the U.S. overall and up to 90 percent of the time in smaller, individual states.It gets worse. Whenever you enter your SSN into a website, you are potentially revealing this information to the website owner, hackers, or anyone else, because the average website is under attack due to a variety of common vulnerabilities. This is especially true if you are traveling when you need to be extra careful to keep your data safe. Then there are more direct attacks. One of the big trends in cybersecurity over the past few years has been the rise of advanced phishing attacks which specifically target individuals and encourage them to share their SSN with hackers. These attacks are growing ever more sophisticated and increasingly hard to spot. You can’t (easily) get a new SSN These problems would be less of an issue if the government was agile and responsive when it came to responding to data leaks, and with working with the victims of them to solve the issue.Unfortunately, the government is useless when it comes to giving people new SSNs, even when they’ve been the victim of a hack. The agency says a different number can be assigned if a “victim of identity theft continues to be disadvantaged by using the original number.” So even if your SSN is leaked, you have to prove that someone else is using it to steal your identity before you can get a new one.All of these problems lead to a simple conclusion: the SSN system is not fit for purpose and should be replaced. But what are the alternatives? Well, there are plenty. The alternatives There are a number of feasible alternatives to using the SSN system. In fact, in many ways, the technological advances that have made the system obsolete are exactly those that could be used to replace it.Let’s look at two of them: Blockchain Blockchain has something of a bad reputation outside tech circles, where people associate it with crime. But the basic building blocks of the system are simple enough. Rather than storing information in a central repository (where it is vulnerable) blockchains store personal information in a distributed network.Storing SSNs (or, likely, a new number) in this kind of system could make them much more secure. And some countries are already doing this. Estonia, for instance, uses blockchain to give each citizen a secure digital identity card to access public, financial, medical, and emergency services, as well as to drive, pay taxes online, e-vote, provide digital signatures, and travel within the European Union without a passport.The problem, at the moment, is that blockchain systems are still quite slow when processing information. But that should improve pretty rapidly. Biometrics Another solution would be a biometric database. Biometric information such as fingerprints or iris scans are already used by the United States, albeit to track visitors to the country rather than citizens, a system known as Biometric Exit.Using biometrics instead of SSNs would have one huge advantage: they are essentially impossible to fake or to steal. Your iris identifies you uniquely, and no-one can replicate it. On the other hand, using biometrics raises other concerns. Apple’s use of face-recognition technology in the latest iPhones has caused a lot of controversy, because people don’t want tech giants having access to personal information like this. This would likely be of even greater concern if the government tried to build a similar database. The bottom line Each of these solutions has problems of its own, of course. But at least they would be built with security in mind. They would also be designed, from the ground up, to do the job they are supposed to do.Because that’s the biggest problem with SSNs. The numbers were originally designed to identify people to Social Security offices. Now they are used as an informal, poorly designed, national identity database. Given what we expect the SSN system to do nowadays, it’s no surprise that it is looking more and more obsolete. Will Ellis is an IT Security Consultant and the founder of Privacy Australia. He develops the guts beneath beautiful websites and can't wait to see what the blockchain world will look like once the technology fully emerges. He invests in cryptocurrencies and studies history.
Capital One announced on Monday, July 30, 2019, that it experienced a major data breach which compromised the personal information of more than 100 million customers in the United States and 6 million customers in Canada. This data breach was discovered by the bank on July 19, 2019; however, the data breach appeared to take place in March 2019. What you need to know According to an updated CNBC article, the Capital One data breach that occurred in March 2019 “involved the theft of more than 100 million customer records,140,000 social security numbers, and 80,000 linked bank details of Capital One customers.” Capital One provided a news release which stated that “no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised.” Authorities have arrested a 33-year-old Seattle woman suspected of being the individual responsible for the Capital One breach. According to a USA Today article, the woman is Paige A. Thompson, “a former software engineer.” Thompson is also a former employee of “an unidentified cloud computing company that provided data services to Capital One,” according to The Washington Post. Capital One CEO and Chairman, Richard D. Fairbank provided an apology to the public via the bank’s news release. He is quoted in the news release saying “while I am grateful the perpetrator has been caught, I am deeply sorry for what has happened.” He continues by saying “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.” The bank has announced in its news release that it will be notifying affected consumers “through a variety of channels.” In regards to providing further protection, Capital One will provide free identity protection and credit monitoring services to all affected consumers. How you can protect yourself Although there is no guaranteed way to prevent a massive data breach like this Capital One breach or the 2017 Equifax breach from affecting you, here are a few protective steps you can take to increase your chances of staying secure: Freeze your credit Freezing your credit is often a solid first response to a security breach. A credit freeze, otherwise known as a security freeze, will restrict all access to your credit reports which can help protect your credit from those who may have enough information to try to open a line of credit in your name. To freeze your credit, you can either call the phone numbers for each of the three major credit bureaus (Equifax, Experian, TransUnion) or you can visit their individual websites and apply for a freeze online. Obtain credit monitoring services If you find that you have been affected by the Capital One data breach, you will be able to receive free credit monitoring services from the bank. It’s important that you use these services to keep a close eye on your credit reports. By monitoring your credit, you’ll hopefully be able to see if and when someone tries to do anything with your compromised credit information. If you do not receive free credit monitoring services from Capital One, you should still consider obtaining credit monitoring services on your own accord. Click here to see our list of top credit monitoring companies. Change your passwords It’s important that you regularly change your passwords, especially if you suspect that you have fallen victim to a large data breach. You should consider changing your passwords for all financial accounts, shopping websites/accounts, social media accounts, etc. Although changing your passwords is not guaranteed to prevent thieves from obtaining sensitive information and personal data, it can help make it more difficult for thieves to access your information. View this article to learn more about strong password creation. Get identity protection services Identity protection services can help you in more ways than one, especially as massive data breaches continue to occur. Many identity protection services offer up to $1 million in identity theft insurance, recovery services, several around-the-clock monitoring services, and more. Those who have identity protection services may have a better chance of catching suspicious or fraudulent activity before any major damage takes place. If you do not receive free identity protection services from Capital One, you should consider looking into getting identity protection services yourself. Click here to see our list of top identity theft protection companies. The bottom line Millions of people have been affected by data breaches over the past few years. As technology continues to advance, the threat of cybercrime also advances. Data thieves are starting to find new ways of stealing sensitive, data and information like social security numbers, credit information, passwords, address and email information, and much more. By following the protective steps mentioned above, researching ways to keep your information and personal data secure, and keeping up with data breach news, you will be able to lower your chances of being the next victim of a cybercrime or security breach.
Guest Post by Kayla MatthewsIdentity theft is a concept we're all familiar with. Commercials on every channel advertise services that can protect you from this type of theft and help you recover if someone steals your identity. What these services don't focus on is medical identity theft, which is becoming more common because it's easier and more lucrative than stealing social security numbers or credit cards. Why is medical identity theft so popular? First, it has to do with the information itself. You can't just cancel your medical history like you can with a stolen credit card. Even if you detect theft, the thief can continue to utilize the data for a longer period. The switch to digital medical data storage has actually made it easier for hackers to steal privileged information, especially if the source isn't familiar with the kind of security measures that could help to keep that data safe. Finally, it's all about the numbers. Not everyone has a credit card or the kind of credit that's worthwhile for identity thieves. Everyone, from the youngest infant to the oldest retiree, has a medical history, which means the potential theft pool is much wider. With this in mind, what are the most common kinds of medical ID theft? 1. Free treatment scams Thieves might use your medical information to receive treatment because they don't have or can't afford their own insurance policies. While this may seem innocent enough, it's still a type of insurance fraud and could cause you to lose your health coverage, increase your premiums, or even ruin your credit history. Warning signs of free treatment scams may include the following: Inaccuracies in your medical records Denied coverage because of preexisting conditions you don't have Sudden changes or increases in insurance premiums False records that could become dangerous if doctors are basing your treatments on them Negative impacts on your credit history as the thieves run up huge hospital bills on your credit Loss of healthcare coverage You might also encounter individuals attempting to steal your medical information by offering you free treatment opportunities. Do not provide your personal information over the phone to anyone, especially things like your social security number or other identifying data that could help the criminal steal your medical records. 2. Prescription drug theft Medical ID thieves might not need medical treatment, but that won't stop them from making off with your protected information. Sometimes, they'll use your medical history to obtain prescription drugs they'll either take themselves or sell on the black market to make even more money. Many of the warning signs for this specific type of theft are similar to the free treatment scams. One thing that is different is that you may find it harder to obtain any controlled substances you take if your medical records indicate that you've already received them — especially with new laws restricting opioid use in the face of the epidemic that's gripping the country. 3. Fraudulent treatment invoicing The third most common medical identity theft is becoming more common every year, so it's important to recognize the warning signs of each type of theft and know how to protect yourself. This type of medical ID theft is invoicing for fraudulent treatments. This one is even more nefarious than other methods because medical professionals may be involved in the theft in exchange for a portion of the profits. This type of medical ID theft is often difficult to detect until it comes back to bite you. You may find yourself paying for treatments you never received, or maxing out your healthcare coverage for the year when you need it most. How can you avoid medical ID theft? What steps can you take to avoid a threat like medical ID theft? To start, pay close attention to the Explanation of Benefits that you receive from your insurance company. Don't just glance over it — examine it closely to make sure that everything on your EoB is something you've received. If you see something that looks wrong, call your insurance provider immediately. At the end of the year, you can request a list of benefits paid throughout the previous calendar year from your insurer. Go over this, as well as your credit report to ensure that there isn't anything amiss. Medical bills will show up on your annual credit report, even if you're not the one who received the treatment. The bottom line If you suspect that someone has stolen your medical information, the first thing you should do is contact a healthcare lawyer to find out what your options are. They'll have the experience and the knowledge to walk you through every step of the process, from putting a freeze on your credit to reclaiming your medical history. If you are a victim of medical identity theft, file a report with both the police and the Federal Trade Commission. Kayla Matthews, a tech and security journalist, has written articles for sites including WIRED, Information Age, Security Boulevard, and the National Cyber Security Alliance. To see more of her work, follow her on Twitter @KaylaEMatthews or check out her tech blog, Productivity Bytes.
Guest Post by Jessica Walker With increasing cybersecurity threats, security measures to protect your computer from viruses, hackers, and spies are essential. Here are some important tips that will help you secure your computer system: Turn on a firewall A firewall is essential built-in security feature that comes with all Windows versions. It protects your system from malicious content coming through the internet. It builds a secure wall between your PC and open internet. While this feature comes built-in on all Windows version, it doesn’t come enabled on all systems. Check and enable Firewall on your Windows 10 PC immediately. To turn Windows Firewall on, go to the Start button and right-click on it to select Settings. Once you are on Settings window, select Update & Security > Windows Security > Firewall & Network Protection. Here, you will find multiple options to enable the firewall including domain network, private network, and public network. To enable the firewall for any of these, select it and turn the toggle on under Windows Defender Firewall option. This simple step will instantly help you protect your computer from viruses and other online threats. Use complex and secure passwords The next simple yet effective tip is to use complex and secure passwords for all your account. You create multiple accounts over time on numerous platforms. These accounts may include social media accounts, email accounts, apps access, online banking accounts, and more. Create strong passwords for all these accounts by using alphanumeric passwords: a combination of letters, numbers, and special characters. Furthermore, you can use password manager tools to create new passwords and protect your passwords and other information in secured encrypted vault. Here, you can secure numerous passwords in secured vault and you only need to remember one master password to unlock this password manager app. This smart tool makes work easy for you. Use two-factor authentication Two-factor authentication offers advanced security for all your accounts. While this security feature is available with almost all your accounts, you should enable this to protect your computer from viruses, hackers, and spies. Under two-factor authentication, you need to enter your password to access your account. You get an additional one-time code on your mobile device that you need to enter to access your account. This powerful feature saves you from unknown sign-ins even if someone manages to access your password. Check your browser’s security settings While you perform numerous tasks on browsers every day, it becomes important to keep them safe and threat free. Here, each browser comes with built-in security features that help you monitor your activities online. While various security features come built-in on these browsers, you can also review its settings to set privacy & security features as per your needs. You can even use the incognito mode where browser clears your search and browsing history when you quit the app or close all private browsing tabs and windows. Avoid suspicious and unknown links You get tons of emails every day from unknown senders asking you to open an attachment or to click on certain links. While this is long practiced step followed by cybercriminals to attack user worldwide, it is still in practice and they dupe people with their nefarious tricks. Thus, you should simply avoid these emails asking you for great bonuses and offers while suggesting you open an attachment or clicking on links. Once you open these attachments or click on any of these links your system will be under malware threat, thus it is best practice to avoid links & attachments that are unknown to you. You can also scan every email before you open them for better security. Following this simple yet effective tip, you can easily protect your computer from viruses and multiple other threats effortlessly. And having a anti-malware in your PC is also positive point. Avoid open network The lucrative offer of free Wi-Fi at the coffee store may land you in trouble as open networks are extremely easy to breach. Cybercriminals could use a small piece of malicious software to breach your system security on an open network. Using online net banking apps or doing shopping online on open network would be a nightmare for you if you end up being the victim of malware attack. Thus, you should always avoid using open networks like free Wi-Fi to avoid unnecessary threat. Here, you should opt password protected encrypted network for better security. For better network security, you can ask your network provider and protect your Wi-Fi with strong password. Jessica Walker is a technical content writer. Her writing forte is cyber security, virus and identity protection, and she is keenly interested in writing other technical blogs.
Guest Post by Kerry HarrisonIt seems that a day does not go by without news of a data breach. From small local businesses to the big players, like Yahoo and Home Depot, no one is immune to the threat. To understand just how damaging a data breach could be, it is important to look at how much this could cost your company. And, of course, the costs aren’t just monetary. In this article, we are going to take a look at some of the statistics that have been gathered regarding the true cost of a data breach, as well as assessing the impact such a scenario could have on the future of your company. The true cost of a data breach There have been a number of studies regarding the cost of a data breach. However, most would agree that one reliable resource is the “Cost of a Data Breach” study, which is conducted by the Ponemon Institute and IBM. The 2018 survey is the 13th addition of this annual report. It revealed the average worldwide cost of a data breach is $3.86 million, representing a 6.4 percent increase on the year before. In the United States specifically, the average data breach is much higher than the worldwide average, coming in at around $7.9 million. The survey also revealed that there has been an increase in the average cost per each stolen or lost record that contained confidential and sensitive information. This has increased to $148 per record, which is a 4.8 percent increase when compared with 2017.The fact that the average data breach cost in the world is found in the United States is a reason to be concerned. The U.S. took this title by a very wide margin. The second most expensive country in terms of data breaches is Canada, with an average of $4.74 million per incident. This was followed by Germany ($4.67 million), France ($4.227 million), and the United Kingdom ($3.68 million). There has also been an interesting study conducted by Kaspersky, which delved into how these data breach expenses are made up. The survey, which involved interviewing over 6,000 employees working across the globe for various businesses, concluded that the biggest expense in the event of a data breach is spending money on the emergency improvement of software and infrastructure. The average cost of this is $193,000, which represents a one-and-a-half times increase on the year before.The second biggest expense for businesses is reputational damage. The average spent on this is $180,000, and this money can be attributed to increased insurance premiums and damaged credit ratings. Of course, this merely scratches the surface of the different costs. You then have to factor in the fines that are often imposed on firms that have been deemed irresponsible for failing to protect their customers’ data. Aside from this, large sums of money are also spent on security-awareness training. The impact a data breach will have As mentioned in the introduction, while the monetary impact of a data breach is huge, you will also suffer in terms of reputational damage too.Trust is incredibly difficult to build in any relationship, especially that of client and business. If you break your trust through giving away your client’s private data, this is going to be incredibly difficult to repair. It is going to take significant time and money, and many businesses are never able to come back from this. When you search your company’s name online, the news of the breach will flood the web. Counteracting this can be almost impossible. Spending money to save money Needless to say, you will want to make sure that these figures do not become a reality by protecting your business and preventing a data breach. This involves spending a bit of money to save your company millions in the future. Here are some essential steps to take to prevent a data breach from happening at your business: Start with all of the basics, such as a secure firewall and VPN. Avast VPN is a recommended choice. This will work to mask your IP address. Enforce restrictive data permissions. Classify your business data. Provide employees with training. Did you know that insider attacks are the most common? Typically, they aren’t malicious, yet occur due to a lack of knowledge regarding safe practices. Update your software whenever prompted. Enforce two-factor authentication. Back up your business’ data with a secure provider. Hopefully, you now have a better understanding regarding the true cost of a data breach. One thing is for sure: sums of money like this aren’t something you can simply turn a blind eye to. Many businesses have had to close their doors for good because of a data security incident. To make sure you don’t fall into this category, use the advice that has been provided above. Kerry Harrison is a full-time freelance content writer, with a First Class Hons degree in Multimedia Journalism BA. She currently writes for VPN Geeks.
Guest Post by Erin Ellis While identity theft can happen to anyone, you can take steps to reduce your risk. Identity theft is the fraudulent use of an individual’s personal information for financial gain. Identity thieves can use a person’s Social Security Number, mother’s maiden name, date of birth, or account number to open fraudulent new credit card accounts, charge existing credit card accounts, or obtain new loans. The following tips will help you protect yourself from identity theft: Avoid sharing your personal information Don’t give out your personal information or leave it exposed for anyone to see. This includes your home address, phone number, driver’s license, and your Social Security Number. Track your monthly statements Set time aside to track your monthly statements provided by your credit union or bank. Review the overall summary of the activity associated with your account. If you recognize something that’s incorrect, whether it’s an account you didn’t open, transactions you didn’t make, or any other suspicious activity, report it immediately. Your credit union or bank can then work quickly to identify the fraudulent activity and cancel your debit or credit card. Monitor your credit reports on a regular basis Frequently monitor your credit by accessing your reports. This will reveal signs of identity theft, and you may be able to catch it early on. You can check your credit reports for free from three major credit bureaus at annualcreditreport.com. Freeze your credit A credit freeze, also known as a security freeze, is a free tool that allows you to restrict access to your credit report. To fully protect your credit by freezing it, you’re required to initiate a freeze with each of the three major credit bureaus: Equifax, Experian, and TransUnion. After they receive your freeze request, each credit bureau will provide you with a unique PIN or password in case you choose to lift the freeze in the future. This feature makes it more difficult for identity thieves to open new accounts in your name, due to the fact that most creditors need to see your credit report before they approve a new account. If they can’t view your report, they may not extend the credit. Opt out of pre-approved credit card offers An additional way that an ID thief can obtain your personal information is by stealing your mail. Typically, many pre-approved credit card applications arrive in your mailbox. Identity thieves can use your address and send it in. By calling 888-5-OPTOUT, you can opt out of receiving these offers for two years. However, for permanent opt-out status, you can submit your request in writing and send it to the three main credit reporting agencies. Learn more from professional resources By visiting MyCreditUnion.gov, which is hosted by the National Credit Union Association and serves as a financial literacy resource library, you can obtain a wide range of informative articles on finance and fraud prevention. Visit your local credit union or bank to learn more about how you can reduce your risk. PFCU also offers resources and additional information to its members and will work with them to quickly identify suspicious activity and resolve any fraudulent charges. It’s important to anticipate potential risks of identity theft before you fall victim. Once you lose your identity, it can be very difficult to restore it before any major damage is done. Reference these tips, and you’ll be prepared for financial success.Erin Ellis is an Accredited Financial Counselor at Philadelphia Federal Credit Union (PFCU) where she develops PFCU’s financial education curriculum, provides one-one-one counseling with members, and presents financial seminars to PFCU members and a wide network of social services organizations throughout the Philadelphia region. Erin is passionate about helping individuals and families better manage their money and achieve their financial goals.
Identity theft may not be your main concern this tax season, but it definitely should be on your radar. What is tax identity theft or tax-related identity theft? The official IRS website states that “tax-related identity theft occurs when someone uses your stolen Social Security number to file a tax return claiming a fraudulent refund.” Although this type of identity theft may sound like a rare occurrence, it actually affects more people than you might think. In fact, according to Fraud.org, “tax identity theft was the single biggest type of identity theft complaints to the Federal Trade Commission in 2014. Conservative estimates put the cost of this fraud to the nation’s taxpayers at $5.2 billion annually.”Clearly, there are reasons why you should be worried about tax identity theft. We asked several identity theft, cybersecurity, and finance experts to explain what they think you need to know about tax identity theft, what you should do if you do fall victim to tax identity theft, and what you can do to reduce your risk of becoming a victim this tax season. Arthur Rosatti, Attorney with Ashley F. Morgan Law, PC What you should know: “It is a big problem that the IRS has been fighting a lot over the past decade. Most people find out they are a victim when they attempt to file their own return and the IRS sends a notice rejecting their return. Not only are taxpayers experiencing ID theft, many scammers are stealing the identity of their children.” What victims should do: “If this happens to an individual, that person will have to submit additional paperwork to the IRS to prove who they are. Specifically, Form 14039 has to be submitted to the IRS. I also include the tax return that was rejected, proof of ID, and proof of residence. If the return is rejected because of a child credit issue, it is often necessary to provide proof of the child and that you are the parent/guardian responsible for the child's care.”What you should do: “File as soon as possible, check your credit report regularly, and get a PIN from the IRS. Also, just guard your social security number as much as possible.” Steve Weiseman, Lawyer, College Professor, Author, and Identity Theft/Scam Expert at Scamicide What you should know: “Income tax identity theft, by which identity thieves file phony income tax returns with counterfeit W-2s using the Social Security number and name of their victims is still a major problem for the IRS and taxpayers, costing us all billions of dollars each year. Although the IRS has gotten a bit better about detecting income tax identity theft, it is still a multi-billion dollar problem each year and if it happens to you, it can create great problems and delays in getting your legitimate income tax refund. You find out that you have been a victim when you are contacted by the IRS informing you that an income tax return has already been filed using your Social Security number, and they cannot process your return and provide your refund until they have finished an investigation.In 2015, a report of the Treasury Inspector General for Tax Administration (TIGTA) disclosed that despite IRS assurances to the contrary, it took the IRS an average of 278 days to resolve individual income tax identity theft cases and return the rightfully owed tax refund to the victimized taxpayer. In a heartening example of some good news, TIGTA now says that the IRS has lowered the time to resolve the income tax identity theft cases of individual taxpayers to 166 days, which, although to my mind, is still too long, is a significant improvement. Recently, however, through the joint efforts of the Federal Trade Commission (FTC) and the IRS, you can now file electronically an IRS Form 14039 which is the form necessary to report if you have become a victim of income tax identity theft to the IRS. Being able to file this form now electronically should speed up the process of the IRS investigation of instances of income tax identity theft and reduce the time before you can get your income tax refund if one is due.”What you should do: “Along with protecting the privacy of your Social Security number as much as possible, the best thing you can do to protect yourself from income tax identity theft is to file your income tax return as soon as possible in order to make sure your return is filed prior to that of an identity thief. Income tax identity theft only works if the identity thief files a tax return before you do.In order to file a Form 14039 electronically, you should go to the FTC's www.Identitytheft.gov website where you will be asked questions necessary to automatically complete the form. Once the form is completed, you will be able to review it and, if it meets with your approval, submit the form directly to the IRS through the www.Identitytheft.gov website. You should also download and print out a copy of the form for your own records as well. You should receive a confirmation from the IRS of receipt of the form within thirty days.”What victims should do: “If you do find yourself a victim of income tax identity theft, you should file a police report immediately and then file a paper tax return with an attached Form 14039 Identity Theft Affidavit along with a copy of the police report to the IRS to hasten the process of recovering your tax refund.” Vincenzo Villamena, CEO of Global Expat Advisors What you should know: “If one tries to e-file their tax return and it is not accepted due to a duplicate copy already being filed, then they are likely subject to tax identity theft. In most cases, the perpetrators file these fraudulent returns early, so they are ahead of the victim in order to get their return accepted by the IRS first and before the IRS begins to catch on to the theft. Generally speaking, the person’s refund will be deposited in a bank account or more often taken in the form of a prepaid debit card which can be used for purchases or resold on the open market.”What victims should do: “They should contact the IRS immediately to inform them of the theft. They will have to paper file with a special pin for a number of years ago. The most important thing is to let the IRS know so the real tax return will be accepted properly and without penalty.”What you should do: “Be careful where you upload tax documents and send documents with your Social Security number. These documents should always be stored on secure servers with 256-bit encryption. Furthermore, do not send tax documents over email unless password-protected; however it would be better if uploaded on a secure server. The IRS will never call you, so do not believe any robo-dialed phone calls. I have seen an increased number of phone scams this year where people are asked to pay off IRS debt or confirm their Social Security number over the phone. They are threatened with large fines or jail time, but this is completely fake as the IRS will never call or email anyone; all correspondence is via snail mail. Please be sure that the IRS has an updated mailing address on file so that valid correspondence will reach you.” Steven Hausman, President of Hausman Technology Presentations What you should know: “One of the best things to do to determine if you have been a victim of identity theft is to check regularly your credit reports at the three major credit reporting bureaus. Since you are allowed one free report each year, you should request one report from one of these bureaus every four months. There are also certain services which state that they are continually trolling the internet for fraudulent uses of your social security number and other personal information.There are also some telltale signs that your personal information has been compromised: You get a copy of your tax return from the Internal Revenue Service when you had not requested it. You have filed your annual federal tax return and find that it has been rejected because someone else had filed it previously. Similarly, you get a tax refund from a return that you have not yet filed. You do not receive bills or mail that you have been used to receiving in the past. This could be an indication that thieves may have used your personal information to change your address. If you should apply for credit and find that you are rejected or when you check your FICO score, and you find that it has gotten much lower. This may be because criminals are trying to open credit card accounts in your name. You note that you are getting bills for purchases you did not make and that your credit card account(s) may have unauthorized transactions on the monthly bill. In accounts where you have implemented two-factor authentication (which you should do), you find that you are getting alerts from the bank. This could mean that someone is attempting to access your account because they may have some of your personal information. You may find a number of very small charges on your credit card. This could be because someone has stolen this information and is checking to make sure the card is still active before making a number of very large purchases. You might be rejected for credit. You might receive mail from the Internal Revenue Service because someone requested documentation online from the IRS but was unable to get it because of their security protocols. In that case, the IRS might send it to your address of record by mail. In addition, it is possible that your electronically-filed tax return is rejected. The latter circumstance might be due to the fact that a criminal has already filed a fraudulent tax return in your name in the hopes of obtaining a refund. When you check your credit card bill at the end of the month (and you must check your bill in detail each month) some charges might show up that you did not make. You do not receive bills that you would ordinarily expect to receive. This might mean that a thief has taken over your billing address. If you have an employer and someone has stolen your Social Security number they may attempt to file for unemployment benefits in your name. In such a case, your current employer may notify you that this has occurred. There may be a number of small charges on your credit card statement for a few dollars each. This may be because criminals are testing to see if the credit card number they have stolen from you is still valid and active.” What victims should do: “There are some very specific things to do. These include the following: File a crime report with your local police department File a report with the Federal Trade Commission Place a fraud alert on all your credit reports (also see where I have indicated applying a credit freeze below) Make sure that your rigorously review your credit card statements every month for erroneous charges Consider opening new credit card accounts and bank accounts Make certain that you utilize strong passwords on all of your online accounts Purchase a micro-cut shredder and use it regularly to destroy all financial records File an identity theft affidavit (Form IRS 14039) with the Internal Revenue Service Do not carry your Social Security card with you Do not place any personal information on social media sites or use inaccurate information (Do you really need to list your birthday for everyone to see?) Should you get a PIN number for your tax returns?Absolutely yes. One of the main concerns with any cyber breach where your social security number may have been obtained is that someone can file a tax return in your stead earlier in the year than you may file. Any return that the crook has filed will be sure to be eligible for a refund (why else would they file?) which they will then cash. If, however, you have the six-digit PIN from the IRS, they would need to know that before filing. If you complete the identity theft affidavit (Form IRS 14039) for the IRS, they can supply this PIN. You can also obtain a PIN online from the IRS.” What you should do: “. . . place a freeze on all of your credit accounts. This means that no one will be able to apply for a credit card or any sort of credit in your name without removing the freeze. I understand that some people might find this inconvenient, but the freeze can be easily removed temporarily for a short period of time if you should have the need to apply for a loan or a new credit card. A small amount of inconvenience, in my opinion, is minor when compared to resolving the consequences of identity theft and having large credit card bills or a fraudulent tax return being submitted in your name.” Bob Harkson, CFP, Chief Financial Planner at Phase 2 Wealth Advisors What you should know: “This occurs when a tax scammer obtains (steals) your personal information. A tax return is then filed in your name, typically claiming a large, but bogus, tax refund. That tax refund is then routed to an address that is not yours. The fraudsters will receive the money whether you were actually owed a refund. A person typically finds out they were a victim of this scam when they go to file a return and it is rejected by the IRS because ‘you have already filed a return’.The IRS doesn't initiate contact with taxpayers by email, text messages, or social media channels to request personal or financial information. You will be initially contacted by mail. Another scam is to receive a call with a caller ID that says IRS, don’t be fooled.”What you should do: “File early — Less time for scammers to get to you, be diligent with passwords — change them frequently and make them complex, (and) guard your personal information. Shred documents with personal information. Save it to secure online storage or be sure your computer is encrypted.” Jamie Cambell, Cybersecurity Expert and Founder of GoBestVPN What you should know: “You should look for tax-related issues that come up when you're not expecting it. (For instance) you have issues when filing a tax return because more than one tax return was filed using your identity (or) you have pending actions or receive notices for a tax return you didn't file.What victims should do: Immediately contact the authorities. File a report with the FTC; they have a dedicated website for this because it happens so frequently: https://www.identitytheft.gov/Assistant Contact your financial institutions (banks) and find out if there are any cards or accounts opened without your permission, and close them immediately. Change all your credentials and make sure to add additional security layers for logging in and opening new cards and accounts. What you should do: Keep your devices clean. Make sure you don't have viruses installed on your devices and don't visit random websites. Don't open emails from strangers. Have a secure password. There are plenty of articles online about generating a secure password and securely managing them. Have 2FA for logging into important services like your financial products. Have additional security layers for opening new cards or accounts. Banks allow this; you can ask them to make sure you say a special phrase or a string of numbers before taking any actions on your account. Justin Lavelle, Chief Communications Director of BeenVerified.com What you should know: “Tax identity theft was the number one type of identity theft according to the Federal Trade Commission in past years.There is no foolproof way of avoiding tax identity fraud. Since Social Security numbers and other personal information are so widely available on cyber black markets, chances are that scammers already have the information they need to commit tax identity fraud against you. It’s your job to stay on top of your financial information to catch anything that looks suspicious.”What you should do: “File your taxes as early as possible during tax season. Scammers depend on the fact that many taxpayers wait until late in tax-filing season to file. Filing early reduces the risk that a tax identity thief will be able to use your personal information to file fraudulently ahead of you. Scammers will also try and file your tax return as early as possible.Thieves don’t need your credit card number or bank account information to steal your identity. A thief just needs one piece of information about you and they can easily gain access to the rest. It’s a common mistake thinking that a thief needs your actual credit card or credit card number to create an identity theft situation, but that’s no longer the case. Make sure to secure birth certificates, Social Security cards, credit cards that aren’t in use and passports in a safe deposit box or in a safe hidden at home.Pay extra attention to snail mail. Snail mail identity theft is still very much a thing. Watch for your monthly billing statements from creditors and banks. Take note and check on statements that have not arrived, as it could be a sign your mail has been intercepted. If you order new checks, choose to pick them up at the bank vs. having them mailed. Also, never put mail in your private post box to be picked up by the mailman. Always put mail in a U.S. Postal Service mailbox.Carefully review any financial statements monthly. Always watch your statements for suspicious activity and charges that appear that aren’t known. This is one of the best ways to catch fraud before it goes very far.”How to know if you are a victim: You do not receive one or more of your monthly bank and financial statements in the mail. You find withdrawals from your bank account that you didn’t make. You find unfamiliar accounts or charges on your credit report. Your medical providers bill you for services you didn’t use or reject claims because you’ve maxed out your benefits. You’ve been notified your information was compromised by a data breach at a company where you do business or have an account. You’ve received notice from the IRS that more than one tax return was filed in your name. What victims should do: Contact the IRS asap. Alert them to what’s going on and how you found out. Place a credit freeze, fraud alert, and/or credit lock on your credit file. Report the identity theft to the FTC and they’ll provide you with a step-by-step recovery plan. Get copies of your credit report from each of the credit bureaus. File a police report. Additional ways you can prevent tax identity theft: Limit the amount of credit cards and personal information (such as passport, social security card, etc.) you carry with you. Take only the cards and information you need. Secure your personal records at home in a lockbox or safe. Keep them hidden in a safe place in your home. Safeguard your personal information online. Don't put personal information such as your birth date on a personal computer profile or social media website. Never provide personal or financial information unless a website site is secure (look for the security padlock in the web browser). Use passwords and change them regularly. Use a combination of letters, numbers, and symbols. Create different passwords for different social media sites, shopping sites, email, etc. Protect your home computer by using a firewall and secure browser, always maintaining current virus protection and avoiding an automatic log-in process. Always sign the back of your credit cards with ‘Ask for photo ID.’ This makes people check your ID before a purchase is made. Use a credit card, not a debit card, when shopping online. Only shop with companies you trust or have done business with in the past. Keep your SSN private. Never give out personal information on the phone to someone claiming to be from the IRS. The IRS will only contact through the mail. Jon Murphy, Cybersecurity Vice President for alliantgroup & Dhaval Jadav, CEO of alliantgroup What you should know: “Tax-related identity theft occurs when someone uses your stolen Social Security number to file a tax return claiming a fraudulent refund. You may be unaware that this has happened until you efile your return and discover that a return already has been filed using your SSN. Here’s how to know if you’ve been a victim of tax identity theft: More than one tax return was filed and your return was rejected. You owe additional tax, have a balance due, refund offset, or have had collection actions taken against them. IRS records indicate you received more wages than you actually earned. If someone uses your SSN to get a job, the employer may report that person’s income to the IRS using your SSN. IRS records will show you failed to report all your income. The agency will send you a notice or letter saying you have wages you didn’t report. State or federal benefits were reduced or canceled because the agency involved received information reporting an income change. An unexpected letter arrives from the IRS or Missouri Department of Revenue which does not appear to apply to you.” What victims should do: File a report with the local police. File a complaint with the Federal Trade Commission atwww.consumer.ftc.gov or the FTC Identity Theft hotline at 877-438-4338 or TTY 866-653-4261. Contact one of the three major credit bureaus to place a “fraud alert’ on your account: Equifax – www.equifax.com, 800-525-6285 Experian – www.experian.com, 888-397-3742 TransUnion – www.transunion.com, 800-680-7289 Close any accounts that have been tampered with or opened fraudulently. If your SSN has been compromised and you know or suspect you may be a victim of tax-related identity theft, take these additional steps: Respond immediately to any IRS notice; call the number provided. Complete IRS Form 14039, Identity Theft Affidavit. Use a fillable form at IRS.gov, print, then mail or fax according to instructions. Continue to pay your taxes and file your tax return, even if you must do so by paper. If you previously contacted the IRS and did not have a resolution, contact the Identity Protection Specialized Unit at 800-908-4490. The IRS has teams available to assist. What you should do: File your tax return as early as possible. Protect your taxpayer PIN. Use unique, complex passwords or a password manager program religiously. Use multi-factor authorization everywhere you can (bank, email, social media, etc.). Beware of phishing by phone, SMS/text, and email. Use a shredder. Collect your mail regularly and use a lock on the box if you can. Don’t carry your Social Security card or any documents that include your Social Security number (SSN) or Individual Taxpayer Identification Number (ITIN). Don’t give a business your SSN or ITIN just because they ask. Give it only when required. Protect your financial information. Check your credit report every 12 months. Review your Social Security Administration earnings statement annually. Secure personal information in your home. Protect your personal computers by using firewalls and anti-spam/virus software, updating security patches. Don’t give personal information over the phone, through the mail or on the Internet unless you have initiated the contact or you are sure you know who you are dealing with. The bottom line As this tax season approaches, it’s important that you keep tax identity theft in mind. As the experts have explained, there are plenty of ways to lessen your risk of becoming a tax identity theft victim. Simply increasing your knowledge of tax identity theft can help. If you can follow the advice in this article, do your own research, and make sure you stay up-to-date on the latest identity theft trends, you will increase your chances of successfully avoiding this type of identity theft.
This is Part 2 of a two-part article. Read Part 1 here. It’s impossible to be 100 percent accurate when it comes to predicting future identity theft, scam, and data breach trends. In our previous article, a variety of experts provided their predictions for 2019 identity theft, scam, and data breach trends. Simply knowing what potential trends may take place in 2019 can help you prepare for what lies ahead. Although you won’t be able to completely protect yourself against these threats, you can at least learn how to lessen your risk of becoming a victim. We asked the experts to provide some helpful preventative steps you can follow if you are unsure of what you can do to avoid the potential 2019 identity theft and scam crimes. Here’s what they said. Be cautious with your email “When checking your email, stay suspicious and on alert. Often times a fraudulent email will try to scare you by saying something was stolen or that you’ve won a prize. Rather than clicking on links from your email, just go directly to the actual website and sign in how you normally would. You should also have some form of internet security installed. Norton AntiVirus or McAfee SiteAdvisor are two helpful tools that can prevent disaster in the event you do open a malicious email.” — Brian Gill, CEO of Gillware Data Recovery“The key defense is to remember my motto: trust me, you can't trust anyone. Never click on any link or download any attachment unless you have independently confirmed that the communication was legitimate.” — Steve Wiseman, Professor at Bentley University, Author and Blog Writer for Scamicide Monitor your bank accounts and use strong passwords “In order to protect your personal information you should consistently monitor your bank/email accounts and financial reports. Make sure to report any suspicious incident to the right authority. Don’t hesitate to call the companies involved and to file an identity theft complaint with the FTC. Also, in order to prevent online identity theft, you should use a secure mailbox, strong and unique passwords, set up two-factor authentication for as many online services as possible, a VPN (there are several free solutions you could use) and don’t forget to connect through https over http, especially when you use an online payment service.” — Mihai Corbuleac, Senior IT Consultant at ComputerSupport“Don’t ever share banking information or passwords online. Most companies won’t require this information from you. If you’re unsure about transmitting your information online, do the transaction over the phone with a real person. Make sure you always have an active virus and malware scanner running.” — Ian McClarty, President and CEO of PhoenixNAP Global IT Services“Be sure to change your passwords every six months and use strong password combos with numbers and symbols when possible and at least 12 characters in length so they are difficult to hack. These are some of the most hackable passwords and password combinations: 123456 Password Letmein Qwerty — or mnbvcx (or any keys in sequence on your keyboard) Your initials followed by your age Telephone numbers Pet or kid names Repeating dictionary words, like appleapple or dogdog Passwords that have remained the same since you established an email account. Also, be sure to enable two-factor authentication, or multi-factor authentication on your accounts and devices when it’s available. MFA makes it extremely difficult for hackers to compromise the security of computer networks, because they must infiltrate multiple layers of defense, instead of just decoding one password. If hackers do succeed in guessing a password, they must still breach additional authentication types before they can reach their target. One of the best benefits of using an MFA process is the long-term security it provides due to ensuring only individual account owners can access their login credentials.Consider using a password manager app. Look for a password manager that is cloud-based and stores passwords in a vault in an encrypted form. That way, even when a breach occurs and data is stolen, criminals must break the encryption to see a user’s passwords. This can be nearly impossible with industry-standard encryption like the Advanced Encryption Standard, or AES.Make sure the password manager offers two-factor authentication. 2FA does a good job of allowing only individual account owners access to their login credentials. If hackers do succeed in guessing a password, they must still breach additional authentication steps before they can reach important data. Use a strong master password, but change it every 60 to 90 days.” — Mark Foust, Chief Product Evangelist for Optimal IdMUse encrypted passwords, change your passwords every few months, remove private information about you from the web (when possible), secure your home network, ask your company how they store your private information, and never send private financial information by email. — Johnny Santiago, Brand Partnerships Manager at Social Catfish“Promptly changing the default password on any new Internet of Things devices is important to help protect yourself and making sure your router is up to date with the latest security and privacy settings.” — Wiseman Secure your cell phone account “Specifically for protecting against SIM hijacking or number porting scams, some of the major U.S. cell phone providers have introduced new security features to harden your account. For example, AT&T allows customers to add a passcode to their accounts. This is separate from the password customers use to log into their accounts online and is required to make significant changes to the account. It doesn't prevent bribery working on individual employees, but it does make it much harder to pull off the scam purely via social engineering. You should enable this if the option is available.Finally, having control of number means that hackers can bypass two-factor authentication. So if possible, you should remove your phone number from any account that could interest hackers and use a different form of 2FA such as Google Authenticator or a U2F device like a Google Titan Security Key. Of course, you can still link a type of phone number to those accounts, but I suggest a VoIP number, like a Google Voice number, that is SIM hijack-proof. You must protect this number as well, using a strong password, two-factor authentication on the account, and making sure it doesn’t expire if it's not in use that often.” — Brandon Ackroyd, Mobile Security Expert and Founder of Tiger Mobiles Be careful with your medical information “Any paperwork with sensitive information should be shredded and disposed of properly. If possible, try to maintain record keeping in a digital format, rather than physical. Be wary of any phishing emails who may try to exploit you to gain access to your accounts. Avoid giving out your medical information over email or on the phone, unless you have already signed an authorization to do so. If available, always sign up for multi-factor authentication for online portals, which sends a pin code to your phone as a secondary security measure anytime you are trying to login to your account.” — Adnan Raja, Vice President of Marketing for Atlantic Net Freeze your credit “The tips for protecting our personal information and identities in 2019 are the same as 2018 and earlier. Don’t open email attachments, use common sense, and if it’s too good to be true, it probably isn’t true. A new personal defense over the past couple years might be to contact the major credit reporting agencies and freeze our credit. With our credit frozen, credit reporting agencies can’t report on our credit histories, so nobody can impersonate us to take out credit in our names.” — Greg Scott, Author and Cybersecurity Professional “We also should put a credit freeze on our credit reports at each of the three major credit reporting agencies. Under recent federal law, this can be done now at no cost and is easy to do. In addition, the new federal law also permits credit freezes for children. All parents should do this because child identity theft is now a huge problem. Credit monitoring is also important to do." — Wiseman Pay with cash and don’t let your guard down “Keep yourself safe from skimming by paying with cash whenever possible. If you prefer to use a card, opt for a credit card rather than a debit card, as they come with reliable fraud-protection measures. Review your transactions routinely to identify fraudulent charges as quickly as possible.Be suspicious of phone calls that involve you handing over personal information. If you’re even a little uncertain, hang up, and then call the official number yourself to determine whether the caller was legitimate. If you believe you’ve already fallen victim to identity theft, be sure to freeze your credit reports. This prevents new credit accounts from being opened in your name without your permission.” — Sean Messier, Credit Industry Analyst at Credit Card Insider Be wary of scam phone calls “There are a number of services that can help protect against robocalls, such as Nomorobo which I use personally. In addition, you should never give personal information including credit card information to anyone over the phone whom you have not called. If a call appears to be an emergency requiring personal information from you, you should hang up and call the real institution, such as your bank at a telephone number that you know is legitimate to confirm that the call is a scam.” — Wiseman Invest in your personal and business security “For people/business who want to protect their identity and data in 2019, they should strengthen their passwords with two-step authentication like security questions or pin numbers, secure their network with a VPN, which will encrypt their data in transfer, start saving to the cloud instead of to removable storage like USB drives (which can be easily lost or stolen), update their software when prompted to install ‘patches’ or fixes to detected issues, (and) invest in cyber liability insurance to cover the costs of a hack.” — Keri Lindenmuth, Marketing Manager at The Kyle David Group, LLC The bottom line Key Takeaways: Take these steps to avoid various identity theft and scam crimes • Be cautious with your email • Monitor your bank accounts and use strong passwords • Secure your cell phone account • Be careful with your medical information • Freeze your credit • Pay with cash and don’t let your guard down • Be wary of scam phone calls • Invest in your personal and business security By following the steps mentioned above and making sure you stay on top of the latest identity theft, scam, and data breach news, you will have a better chance of protecting yourself against these types of crimes in 2019. Additionally, you can look into getting professional identity theft protection services if you want extra help protecting yourself and your loved ones from the many types of identity theft.