On September 7, 2017, credit bureau Equifax publicly announced that its servers had been hacked. Personal information of 143 million Americans had been leaked. The hacks took place from May to July and included names, addresses, Social Security numbers and more for over 40% of Americans.
Information security is serious business. Identity theft happens regularly. And it is likely to increase with the recent Equifax breach. But you can protect yourself. Follow these basic steps to keep your financial information secure.
Note: If you're already a victim of identity theft, jump ahead to Step 8 before going through all of the other steps.
In this Guide:
Step 1: Regularly Check Your Credit Report
The first step to protecting your identity is to ensure your credit report has not been tampered with.
The United States government requires the three major credit bureaus, Equifax, Experian and TransUnion, to provide a copy of your credit report at no charge once per year. The official government-approved website for your free credit reports is annualcreditreport.com.
Be aware that you don't have to get the three credit reports all at once. The best option is to check one every four months so you never go a full year without reviewing your credit report. For example, you could check Experian in January, Equifax in May and TransUnion in September each year. I follow a schedule like this myself and have since 2007. If you find any suspicious activity or errors, file a dispute with the credit-reporting bureau right away.
Step 2: Sign Up for Free Credit Monitoring
Your credit report is a place to find problems after the fact. If you want to track credit report issues in real time, you need credit monitoring. While there are plenty of companies you can pay for this service, you can get credit monitoring absolutely free.
Credit Karma will monitor your credit report free. It is one of the most popular companies that do this. It also gives you free access to your credit report and credit score. Other options include Credit Sesame and free credit monitoring alerts from password management company LastPass. We will discuss this last one further in a moment.
In addition, personal finance software Mint.com has begun offering a free credit monitoring service.
Free credit monitoring sends you an alert each time activity takes place on your credit report. You will get an alert each time you apply for a credit account, open a credit account or pay off a credit account. If you get an alert for something you didn't do yourself, you know it is time to react to a potential problem.
If you lose your password for an online bank or credit account, how do you get access to your account? In many cases, you need to answer just a few questions about your birthday, mother's maiden name, Social Security number, phone number or address. What a coincidence that this is the very information leaked by Equifax!
You can't undo major breaches and hacks. But you can take steps to make it harder for bad guys to steal your information and assets. Keeping this type of sensitive information off of social networks like Facebook, Twitter and LinkedIn may help you keep a bad guy at bay. Or at least the lazy bad guys.
Step 4: Use Two-Factor Authentication
For high-value business bank accounts, online users are required to enter a username, password, and randomly generated code that changes about every 30 seconds. And a lot of online financial services such as Betterment and Wealthfront are wising up and requiring this two-factor authentication too.
Lucky for us, this technology is not limited to business financial accounts. You can use it for personal accounts too.
Each time I log into Google, where I keep my Gmail account, I have to enter a six-digit code from the Google Authenticator app. This app is available for both Android and iOS. This is completely free and one of the best tools to prevent bad guys from getting into your data. When you use an app like this, a bad guy would need physical access to your phone to log into your online accounts. Google Authenticator can also secure other apps, such as Dropbox, LastPass, Amazon Web Services and Stripe.
There are other authentication apps as well, but few have the support and adoption of Google's app. If your email account does not support two-factor authentication, you should change to one that does. Google offers this free for all Gmail accounts, which is the most popular email service in the world.
Step 5: Use a Secure Password Manager
To start, understand this key concept in keeping your digital information safe: You should use a unique, random password at every website. You should never use the same password twice. If you do this, even if one site you use is hacked, the hackers do not have access to your other accounts. If you repeat passwords, they might be able to get into everything!
This sounds like a tough task. How on Earth could you remember dozens of unique and random passwords? The good news is you don't have to. In fact, you just need to remember one, ultra-secure password. This is where LastPass comes in. We've mentioned it twice so far, so let's dive in and look at what it does and how it works. We'll also discuss some of the alternatives that take a different approach to password security.
Password managers save your passwords and automatically enter them for all the websites you use. And you can use such apps to generate random, secure passwords that are saved for you in the app. My default setting for such passwords is 20 characters long, including numbers, letters and symbols.
When you log into your browser, you enter your master password, then the password manager takes over from there. This master password is the only password you need to memorize. It may be the last password you'll ever need. That is how LastPass got its name.
If you forget your master password, you may be able to recover it via email, or you may be locked out for good. This is actually a good thing, because it means hackers can't get into your passwords either.
Some security experts don't like LastPass, because your passwords are stored in the cloud. And LastPass servers have been attacked in the past, which gives some users the heebie-jeebies.
Another great option is KeePass, which stores your passwords locally rather than in the cloud. Compare top password managers to get a better understanding of what each offers and how they work.
Step 6: Use a Virtual Private Network (VPN)
A VPN uses a private network to encrypt data over a public network, such as the internet. When you're paying bills or buying stocks online, we recommend using a VPN like ExpressVPN to make sure your transactions are secured.
While most banks and brokers have encrypted websites, a VPN adds an extra layer of protection by encrypting your data and making your identity and location anonymous. This is especially true if you use public Wifi. With cyberattacks becoming more common, a VPN like NordVPN will help keep your financial accounts secure.
Step 7: Be on Alert for Phishing and Other Nasty Tricks
You may chuckle at emails from a “Nigerian prince” who has millions of dollars for you if you send a Western Union money transfer for only $1,000. However, many people do fall victim to email and other online schemes every day. Your finances could be devastated if you hand over the keys to your bank account.
Always be on alert for schemes and tricks. Never give out passwords or other personal information online, on the phone or otherwise. Unless you dialed the number or personally know the person on the other end of the line, never give out information that could be used to access accounts. If someone calls and says they are from your credit card company and just need to verify something with you, hang up and call the number on the back of your credit card. Don't just give out your “verification” information.
Step 8: Put Your Credit on Lockdown
The final option is to completely lock down your credit. You can pay for a service to lock your credit report. Equifax is temporarily offering this service free as an apology for its dreadful security practices. With such a service, you have to call in and unlock your credit before any new credit account can be opened.
This can cause hassles for you when applying for loans and other credit, but if you are an identity theft victim or fear you may become one, it is the last line of defense to protect your credit. It does not protect bank and investment accounts but is nonetheless a very secure option to protect your financial data.
Conclusion: Be Proactive, Not Reactive, With Your Sensitive Data
In the 2010s and beyond, data security is a widely discussed topic. And for very good reason. You don't need to live in constant fear of hackers and identity theft, but you should take reasonable precautions to protect yourself.
Monitor your credit regularly and use strong passwords and two-factor authentication. This is the best way to keep your information safe. You can always take it a step further, but do at least the minimum to keep your financial information secure.