By: Richard Ollis
If you have a credit report, there’s a good chance that you’re one of 143 million Americans whose personal information was exposed in a data breach at Equifax. Equifax is one of three major credit reporting agencies in the U.S. and suffered a data breach that allegedly lasted from May through July 2017.
According to Equifax, people’s names, Social Security numbers, birthdates, addresses and driver’s license numbers were compromised. In some instances, credit card numbers were also accessed.
Unfortunately, for all of us it’s not a matter of if, but when you will be personally impacted by a cyber event. Last month, my email was compromised. I received an email from what I thought was my friend and business associate. We had previously been discussing some business opportunities together. The email and attachment was from his email address. Although I was not expecting a specific document, it seemed logical that he would send it to me.
I’ve been through all the training on suspicious emails, links and attachments. I’ve attended and presented numerous workshops and seminars on cyber liability. We are in the business of protecting people and businesses from cyber-attacks. Even after all the training and daily exposure to the risks, I was “tricked” by what’s known as social engineering to get me to open a suspicious document.
Here’s my point: if Equifax, one of the largest credit reporting agencies who have highly sophisticated firewalls, training and cybersecurity systems, can be attacked and a firm in Springfield, Missouri with a highly trained staff can be duped, it’s likely just a matter of time before you and/or your company is impacted.
First things first, if you are likely one of the 143 million impacted by the Equifax breach, log onto consumer.ftc.gov for suggested steps to protect your information. This includes checking your credit report, placing a freeze or fraud alert on your files and signing up for Equifax’s free credit file monitoring service, Trusted ID. More specific information can be accessed at equifaxsecurity2017.com. Be sure to log on directly to these sites and don’t click on links or enter information on any emails sent to you without you requesting specific information.
Here are some additional tips to reduce the likelihood of being impacted by a cyber event:
- Educate yourself and staff. Understanding the latest fraudulent strategies and tactics that will help you identify suspicious emails, links, and attachments. Be vigilant and suspicious of anything out of the ordinary. The bad guys are very good at tricking you — it’s called social engineering.
- Invest in firewalls, spam filters and other technology to protect you and your IT systems. A good technology company can be invaluable to provide advice and guidance.
- Use effective passwords and store them securely. Be very careful with any personal information such as Social Security numbers, credit card numbers, bank information, driver’s license information, date of birth and passwords. Never enter this information on emails, links and attachments you didn’t request or verify.
- Limit online activity. Although it’s likely not possible to go completely off the grid, experts that deal with this issue rarely use social media and limit how they interact online in areas where bad guys access information.
- Check your credit report regularly and consider a credit monitoring service. You can obtain free annual reports from each of the three major credit bureaus at annualcreditreport.com. There are many monitoring services — Life Lock, Experian, Transunion and Identity Guard, to name a few.
- Check credit card statements, bank accounts and all online activities for suspicious use or transactions.
- Be sure to remember to protect your children’s information too. Their information can also be used to open accounts, obtain credit cards and other transactions by thieves.
- Consider purchasing cyber insurance. It not only provides financial protection, but you’ll gain access to expert advice, legal, forensic and repair services.
If you are potentially impacted by a breach, consider a “freeze” on your file. You can contact any or all of the credit reporting companies (Equifax, TransUnion, or Experian). You’re essentially telling them not to provide any information to a potential lender if you open an account, apply for a loan or credit card. If you apply for a loan or credit card, you can lift the freeze. A freeze can cost approximately $3 to $10.
On Sept. 12, Equifax temporarily waived the fees. You’ll need to enter your Social Security number and be assigned a PIN for each of the three agencies. Fraud alerts may also be used to warn lenders for the next 90 days if a freeze seems too drastic. Many recommend freezes as the best solution.
Richard Ollis is CEO of Ollis/Akers/Arney, an employee-owned business consulting and insurance advisory firm. He also serves on City Council of Springfield, MO.
This article appeared in the September 26, 2017 edition of the News-Leader and can be accessed online here.