A lesson from the Equifax data breach – in the cyber security realm, we look at networks as falling into two categories: those that have been breached, and those that are going to get breached. It is clear for all Americans to see now, that the same is true of personal information, too. Either your personal information has been leaked, or it is going to get leaked.
Whether its Target, OPM (Office of Personnel Management), or Equifax – neither the government or corporations can protect individual privacy — at least not with the existing American system built upon the stone-aged nine digit SSN (Social Security Number). An entirely new system, based on block chain technology, will need to be developed. This will take years, if not decades, to accomplish – think of The Marshall Plan for personal privacy.
Until this far away day, thanks to the Equifax data breach, Americans as individuals are going to be stuck defending themselves against assaults on their PII (Personally Identifiable Information), as well as their credit cards and other financial data thanks to the Equifax data breach. It has been said that the price of freedom is eternal vigilance, and the same is true of privacy. Protecting your personal and financial information requires constantly monitoring your accounts – personally. Until we get a new identity system based on block chain, there are a few things you should be doing to protect yourself.
- Attack surface reduction. Reduce the number of ways in which you can be attacked. Maintain as few online and other accounts as you reasonably, practically can. DELETE accounts that you no longer use. This will help to reduce your potential for being breached. If you leave abandoned accounts everywhere, you will get breached.
- Passwords. If you reuse passwords across accounts or at work, you will get breached. If you use weak passwords, you will get breached. If you do not change your passwords every few months, you will get breached. Do not allow your browser to remember passwords for your most important accounts, such as banking and investing.
- Go paperless. This may seem counter-intuitive, but (properly maintained) online accounts are more secure than snail mail. Be sure to shred or burn your mail.
- Data devices. Use a hammer to physically destroy hard drives and anything which can store data before recycling them. It is a trivial matter to recover data from devices that are not properly secured or wiped.
- Your bank card has either been stolen, or is going to get stolen eventually. Use credit cards (not debit cards) for online and other purchases, and pay the bill every month. Credit cards have regulatory and financial protections that debit cards simply do not. Don’t let an attacker drain your bank account, let them steal from your credit card company instead.
- Freeze your credit. Credit monitoring services don’t really prevent ID theft. Call Equifax (yes, them…), Experian, Innovis, and Trans Union, and tell them you want a credit freeze. If you need to obtain a loan or a line of credit, call them and tell them to unfreeze it temporarily.
As to Equifax data breach – I think this company is now a corpse (remember what happened to Arthur Anderson after Enron). It is hard to imagine how their response to this man-made disaster could have been any worse. Americans are going to be out for blood on this one, and Washington DC will most likely give it to them.