In this podcast we are going to talk about how you can keep your data secure in an environment that is very obviously insecure. You need to be proactive and not wait around for the organizations you do business with to make changes and secure your data. This is one of those things that you will just have to do yourself.
Earlier this week Microsoft came out with the long awaited Windows 10. We are going to dedicate our entire next episode to Windows 10. How it is different from past Windows Operating Systems, can you climb onboard the free Windows bandwagon and get your free copy, and we are going to throw in some tips to help you adapt to this new Operating System.
So before we get started let me just make a simple one line observation here about Microsoft and Windows: “Oh, how far we have fallen.” Did anybody even notice the July 29th introduction of Windows 10??
Keeping Your Personal Information Secure Offline
Lock your financial documents and records in a safe place at home, and lock your wallet or purse in a safe place at work. Keep your information secure from roommates or workers who come into your home.
Limit what you carry. When you go out, take only the identification, credit, and debit cards you need. Leave your Social Security card at home. Make a copy of your Medicare card and black out all but the last four digits on the copy. Carry the copy with you — unless you are going to use your card at the doctor’s office.
Before you share information at your workplace, a business, your child’s school, or a doctor’s office, ask why they need it, how they will safeguard it, and the consequences of not sharing.
Shred receipts, credit offers, credit applications, insurance forms, physician statements, checks, bank statements, expired charge cards, and similar documents when you don’t need them any longer.
Destroy the labels on prescription bottles before you throw them out. Don’t share your health plan information with anyone who offers free health services or products.
Take outgoing mail to post office collection boxes or the post office. Promptly remove mail that arrives in your mailbox. If you won’t be home for several days, request a vacation hold on your mail.
When you order new checks, don’t have them mailed to your home, unless you have a secure mailbox with a lock.
According to the 3 nationwide credit reporting companies that run the phone number and website. You should consider opting out of prescreened offers of credit and insurance by mail. You can opt out for 5 years or permanently. In order to opt out, all you have to do is call this number: 1-888-567-8688 or go to optoutprescreen.com. According to the FTC’s website that I found this information on, prescreened offers can provide many benefits. If you opt out, you may miss out on some offers of credit.
But I think you have to balance out the good and the bad here. I frankly do not know of anybody that needs more offers of credit. Do you really need Premier or Capital One running your credit report every time they want to send you a pre-approved credit card offer? Really—–you CAN apply independently and be safe. Besides that you probably get three or four per year from the bank that holds your checking and savings accounts. How do you know that offer of credit isn’t some phishing campaign?
Keeping Your Personal Information Secure Online
Know who you share your information with. Store and dispose of your personal information securely.
Be Alert to Impersonators and phishing emails
This section goes hand in hand with avoiding phishing emails. Never, never, never open files, click on links, or download programs sent by anybody. The FTC says don’t do that if the email is from somebody you don’t know. I want a little bit stronger action here: Don’t ever respond in any way to ANYTHING in your email unless it is to delete the email. Don’t stop there…..delete the email completely from your computer. Opening a file from someone you don’t know will expose your system to a computer virus or spyware that could wreak havoc on your computer.
When you do share your private information make sure you know who is getting it. Don’t give out personal information on the phone, through the mail or over the Internet unless you’ve initiated the contact or know who you’re dealing with. If a company that claims to have an account with you sends an email asking for personal information, just assume they are crooks and delete. Don’t ever click on links in any email.
Instead, contact the company on your own. Type the company name into your web browser, go to their site, and contact them through customer service. Or, call the customer service number listed on your account statement. Ask whether the company really sent a request.
The solution to all of this is simple in concept: “when in doubt, kick it out!!”. Because crooks are better at what they do than you are, the execution of the solution can be a little sticky. Concentrate and be consistent.
Safely Dispose of Personal Information
Before you dispose of a computer, get rid of all the personal information it stores. Use a wipe utility program to overwrite the entire hard drive.
Before you dispose of a mobile device, check your owner’s manual, the service provider’s website, or the device manufacturer’s website for information on how to delete information permanently, and how to save or transfer information to a new device. Remove the memory or subscriber identity module (SIM) card from a mobile device. Remove the phone book, lists of calls made and received, voicemails, messages sent and received, organizer folders, web search history, and photos.
Encrypt Your Data
Keep your browser secure. To guard your online transactions, use encryption software that scrambles information you send over the internet. A “lock” icon on the status bar of your internet browser means your information will be safe when it’s transmitted. Look for the lock before you send personal or financial information online.
Keep Passwords Private
Use strong passwords with your laptop, credit, bank, and other accounts. I’m sure you have seen the little indicators of strong or weak passwords on your password change page. You’ve seen them, right? They actually have a meter of sorts that will show strong or weak. If you are not going to use a password manager (which we will be discussing in a moment) then be creative: think of a special phrase and use the first letter of each word as your password. Substitute numbers for some words or letters. For example, “I want to see the Pacific Ocean” could become 1W2CtPo.
Protect Your Passwords
Here is where I am going top get some negative feedback. “I am not going to come up with a different password for every online account I have.” Do what you want but if you use unique passwords for different accounts it can help if one of your accounts is compromised. Keeping track of multiple secure passwords can be tricky, so using a password manager such as KeePass or LastPass can help keep you safe and secure.
Both KeePass and LastPass are free, but they store your information in different ways. KeePass keeps an encrypted database file on your computer, while LastPass stores your credentials in the cloud. There are pros and cons to each approach, but both services are completely secure. There are many different services. Some are pay based and some are free. I should probably spend an entire episode on password managers.
If nothing else, use Firefox to encrypt your web passwords that your browser has stored for you. These passwords are sitting right on your computer as open as the zipper on your pants. Do this: go to Edit>Preferences>Security>Use a master password.
Don’t Overshare on Social Networking Sites
If you post too much information about yourself, an identity thief can find information about your life, use it to answer ‘challenge’ questions on your accounts, and get access to your money and personal information. The FTC suggests you follow the following guidelines: (1) Consider limiting access to your networking page to a small group of people. (2) Never post your full name, (3) Social Security number, (4) address, (5) phone number, or (6) account numbers in publicly accessible sites. And please, please (7) never announce to the world through your Facebook account that you will be going on vacation and where and for how long.
Securing Your Social Security Number
Keep a close hold on your Social Security number and ask questions before deciding to share it. Ask if you can use a different kind of identification. If someone asks you to share your SSN or your child’s, ask:
- why they need it
- how it will be used
- how they will protect it
- what happens if you don’t share the number
The decision to share is yours. A business may not provide you with a service or benefit if you don’t provide your number. Sometimes you will have to share your number. Your employer and financial institutions need your SSN for wage and tax reporting purposes. A business may ask for your SSN so they can check your credit when you apply for a loan, rent an apartment, or sign up for utility service.
Just a short aside here: These four questions are the questions we all should be asking everytime we do business with ANY organization that requires our private information. We need to start holding these organizations accountable. We need to start convincing these organizations that if they don’t seriously protect our data with the exact same ferocity they protect their own, we will not do business with them. Especially critical is question number three. How do they intend on protecting our data?
Keeping Your Devices Secure
Be Smart About Wi-Fi
Before you send personal information over your laptop or smartphone on a public wireless network in a coffee shop, library, airport, hotel, or other public place, see if your information will be protected. If you use an encrypted website, it protects only the information you send to and from that site. If you use a secure wireless network, all the information you send on that network is protected.
Be aware that hackers may be able to monitor your communications. If you are using a compromised network, your personal or private information could be at risk. Use of encryption can help mitigate the risks, but you should consider the risks when deciding what online you engage in.
Lock Up Your Laptop
Keep financial information on your laptop only when necessary. Don’t use an automatic login feature that saves your user name and password, and always log off when you’re finished. That way, if your laptop is stolen, it will be harder for a thief to get at your personal information.
Read Privacy Policies
Okay, even I think this suggestion is a tad esoteric. But it just shows how serious you are about the safety of your privacy and data.