Previous PGWA newsletters have addressed cyber theft and the importance of securing your personal financial data. Unfortunately, the trend continues.
Breaches at major data reporting centers and merchants have given thieves access to identity and financial information of millions of people. As the Medicare Open Enrollment rolls out this month, the Centers for Medicare and Medicaid Services (CMS) recently announced that the website for agents and brokers was deactivated due to “anomalous” activity. The CMS agent and broker access website is scheduled to return online later in month.
This points to the need for individuals and business owners to implement risk management procedures for their key data. With publication of data breaches as a seemingly weekly occurrence, it’s especially important for everyone to understand the digital risks they face. Are you doing all you can to mitigate the risk of a cyberattack?
The importance of cybersecurity
Reports this year indicate that identity theft hit record levels coming into 2018. Last year over 16 million people were ID theft victims. This came to an estimated $16.8 billion in damages to businesses and individuals. Unfortunately, projections don’t show these numbers declining soon.
The following are tips compiled from information supplied by the Small Business Association, the Federal Trade Commission (FTC), and the Federal Communications Commission (FCC).
What are your vulnerabilities?
As a business owner considering how to protect your organization, you must first understand your vulnerabilities. With some adjustments the same concerns can be analyzed by an individual.
How are your systems protected? Do you collect and store personal information of customers and employees, such as credit-card information, Social Security numbers, and birth dates? If so, how is this information stored and who may access it? Do you store it in multiple locations and formats? Are these files password protected and, if so, are you using multiple complex passwords?
Do you have a Wi-Fi accessible to your household, or at an office location gotten into by employees and customers? How do your merchants, vendors and other third-party service providers protect their information?
Tips for security
When monitoring your security, ensure you have firewall and encryption technology that protects your Internet connections and Wi-Fi networks. Make sure your home and business computers have antivirus and anti-spyware software installed and updated automatically. For a business it’s recommended that employees and others who access your systems to use complex passwords that are changed regularly.
Keep only personal data that you actually need and dispose of it securely as soon as it no longer serves a personal or business purpose. Back up critical information and data on a regular basis, and store the backups securely offsite. Assign individual user accounts to employees and permit access to software and systems only as needed. Be especially cautious with laptops and company-assigned smartphones. Question third-party vendors to ensure that their security practices comply with your standards.
Redundancy is vital
It isn’t always pleasant to hear the same thing repeated over and over. However, redundancy for your digital life is not only recommended, it’s vital. That’s because redundancy means having multiple data backups stored in different locations. Here are some ideas for redundancy when backing up your data:
* If you have digital assets that you don’t want to risk losing forever, such as photos, videos, original recordings, financial documents, you’ll want to back them up regularly. And it’s not just materials on your personal computer, but your mobile devices as well. Depending on how much you use your devices, you may want to back them up as frequently as every few days.
* A good rule to follow is the 3-2-1 rule. The rule means having three copies of critical data stored in different locations and on different media. This can help lessen the risk of a fire, physical theft or hacker compromising your data.
* Ensure that at least one backup copy is stored offsite. You could store your external hard drive in a safe-deposit box or at a trusted friend or family member’s house. Cloud storage is also considered offsite.
Is cloud storage a good fit?
Cloud storage, using Internet-based service providers to store digital assets such as videos, photos, and key data files including financial statements and contracts, has become increasingly popular in recent years. Does this fit your needs?
If a cloud service is one of your backup tactics, be sure to review carefully the company’s policies and procedures for security and backup of its servers. Another good idea is to encrypt (that is, convert to code) to protect sensitive documents and your external drives. Other considerations include:
* Evaluate the provider’s reputation. Is the service well known, well tested, and well reviewed by information security specialists?
* Consider the provider’s own security and redundancy procedures. Look for such features as two-factor authentication and complex password requirements. Does it have copies of your data on servers at multiple geographic locations, so that a disaster in one area won’t result in an irretrievable loss of data?
* Review the provider’s service agreement and terms and conditions. Make sure you understand how your data will be protected and what recourse you have in the event of a breach or loss.
* Make sure you have a complex system for creating passwords and never share your passwords with anyone.
Educate yourself on good risk management
To help ensure that you are maintaining sound cybersecurity practices. The actions you take will greatly enhance your ability to fend off hackers and ID thieves.
* Set up instant text or email notifications for credit cards and bank accounts. The notifications will be generated whenever a charge or withdrawal is made on your account.
* Wherever possible, enable 2-step verification on accounts. This requires an additional code when you login. There are apps available to create authentication codes.
* Consider a Credit Freeze. These are free in all states and can be done with all three credit bureaus.
* For business owners, insist on tighter controls for wire transfers through your financial institutions. Using two-step confirmation by telephone and email, along with multiple sign-offs for the wire transfer will discourage thieves to attack your business.
The concern many people have regarding cyber theft is very real. I hope some, or all, of these tips can help you better safeguard your financial life.
All the best for your Thanksgiving celebration!