Cyber Security
Did you know?
- Hacking and identity theft is reportedly on the rise during the COVID-19 pandemic.
- In 2015 there were 3.8 million ransomware attacks and by 2016 638 million, a 168x increase; 40% of spam had ransomware. In June 2020, Capital One had a breach of more than 100 million customer records.
- You can take proactive steps to protect yourself
While we are not identity theft or on-line security specialists, we recommend steps that you can take. In addition, Financially in Tune takes steps to help keep clients out of harm’s way.
Below we address some actions for you to consider in light of these breaches that may have already occurred as well as preventative measures to reduce future exposures. We also describe action our firm takes routinely to protect data.
How can I prevent identify theft or someone opening credit in my name?
You can place a Credit Freeze on your credit accounts. This is a proactive approach to protecting against identity theft. You can request a freeze of your credit report at all four bureaus (Equifax, Experian, Transunion, and Innovis). With a credit freeze in place, no company (other than your existing creditors) can look at your credit report, and creditors will not be able to open new accounts.
This can be the best protection against someone opening an account in your name, but it can also be inconvenient when/if you want to open a new account or apply for a new loan, as you’ll have to unfreeze the report at all three bureaus.
Contact information for each of the following nationwide credit reporting companies:
Equifax 1-800-349-9960
https://www.equifax.com/personal/credit-report-services/credit-freeze/
Experian 1-888-397-3742
www.experian.com/freeze
TransUnion 1-888-909-8872
https://www.transunion.com/credit-freeze
Innovis 1-800-540-2505
https://www.innovis.com/personal/securityFreeze
The Federal Trade Commission provides additional Credit Freeze information at
https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
What if I am a victim of identity theft? What are the signs of Identity Theft?
In addition to freezing your credit you can report identity theft with the Federal Trade Commission (FTC) at https://www.identitytheft.gov/ and begin a recovery plan.
The IRS resource, “Taxpayer Guide to Identity Theft” provides guidance on signs of identity theft and action you can take: https://www.irs.gov/newsroom/taxpayer-guide-to-identity-theft
You can obtain an Identity Protection PIN from the IRS which helps prevent against filing of fraudulent income tax returns using stolen Social Security Number. More information here https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin
What about past activity? What can I do to monitor my credit report or see if there are fraudulent accounts in my name?
You should contact the credit bureau to request a free Credit Report.
To request your free credit report, visit the central source for free on-line credit reporting at https://www.annualcreditreport.com/index.action. From that site, you can view a copy of your credit report from one or all the bureaus. Or call toll-free (877) FACT-ACT to request your free annual disclosure from the agencies.
During the COVID-19 pandemic the credit bureaus are providing free weekly online reporting through April 2021. Historically, a free copy of your credit report was available every 12 months from each credit reporting company.
The Federal Trade Commission (FTC) provides additional information on Free Credit Report here: https://www.consumer.ftc.gov/articles/0155-free-credit-reports
Are there monitoring services for my credit?
Yes, for an additional cost, you can purchase services that offer daily monitoring of all three major credit bureau reports; as well as checking and savings account application alerts. There are many services available and include providers such as:
- LifeLock: https://www.lifelock.com/
- AmericanExpress CreditSecure: https://feeservices.americanexpress.com/premium/credit-report-monitoring/home.do
- Identity Guard https://www.identityguard.com/
We do not endorse any of the above services and we believe these may be of little value as they will simply report what has already occurred.
How to protect yourself: Social Security benefits information
mySocialSecurity is the Social Security Administration’s online portal which allows you to monitor your contributions, benefits, income data, etc. and protect from unauthorized access. You may want to sign up to prevent someone else creating an account using your data and to confirm your income data is accurate and that no one has used your social security number to claim benefits. You can also review estimates of future benefits. More information is available at https://www.ssa.gov/myaccount
Communicating with the IRS
Tax-related Identity Theft can occur when someone uses your Social Security Number to file fraudulent returns seeking tax refunds.
The IRS does not communicate with taxpayers by telephone nor by email, thus if you receive such communications simply hang-up or do not respond to the email. The IRS communicates only by US Postal Mail.
What else can I do to protect myself?
The common ways identity and login credentials are stolen include malware, phishing, and hijacking of email accounts. Malware is used to describe malicious software that is installed, often unknowingly, to gain access to private computers and personal data. Phishing describes criminals attempting to acquire personal sensitive data via email often pretending to be a credit card company or another financial service company. Hijacking is where criminals simply gain access to your email accounts and pretend to be you engaging in fraudulent activities. What are some of things you can proactively do?
Think First, Click Later
- Do not open unfamiliar links in emails
- Be careful clicking on banner ads
- Beware of ‘Rouge USB Sticks”, portable drives that you plug into your computer
Disclosing/sharing personal data
- Never disclose personal data in an email, including address, social security number, date of birth, account number(s).
- Use Financially In Tune’s client upload document system to securely send and receive sensitive documents. If you do not have access please contact us so we can set this up.
Passwords
- Activate dual-factor authentication where available. Such authentication means you will be emailed or texted a security code needed to get into your account. Many banks now offer this.
- Be sure to change your passwords to online accounts on a regular basis
- Do not use simple passwords that can easily be hacked – try to include numbers and symbols each time.
- Avoid using your mother’s maiden name. This information can be available on social media platforms or googled. Use a password that is difficult to guess and the banks do not care if the name is really your mother’s or not.
- Request a verbal password from your financial institution, if available.
- Do not share your passwords.
Update Your Privacy Settings
- The National Cyber Security Alliance provides guidance here for common services and digital devices https://staysafeonline.org/stay-safe-online/managing-your-privacy/manage-privacy-settings/
Public Wi-Fi
- Do not connect to the internet via unsecured wireless networks, such as those in public spaces.
- Use a VPN (Virtual Private Network) service
- Watch out for phony access points when on public Wi-Fi if you must access.
- Use only secured sites. Look for “https:” in the url
- Avoid highly sensitive activity. Do not conduct financial transactions.
Social Networks
- Do not disclose personal information on on-line social networks, including when you are taking vacation.
- Don’t post photos while on vacation.
House Cleaning/ System Updates
- Clean out your emails regularly – if someone has gained access to your email they may gain more information about you using old emails. In fact, they may try to impersonate you and attempt to move money from your accounts.
- Update antivirus/antispyware/malware/ransomware programs on all of your devices
- Update your operating system and programs
- Delete mobile phone apps if no longer using the apps
Banking/Credit Cards
- Activate free alerts – get alerts to your mobile device when purchases are made
- Do not use Debit cards for purchases on-line. Credit cards offer a higher level of protection against theft.
“Medical Report”: A Credit Report for your Health Records
In addition, you can obtain a free annual report for your medical and personal information by health, life, disability insurers. You can request this report by calling 866-692-6901 or online at http://www.mib.com/request_your_record.html. You can do the same for your prescription drug purchases which is available by Milliman, Inc. Additional information is available at http://www.rxhistories.com/RequestAReport/
What does Financially In Tune, Fidelity and Schwab do to help protect clients?
- We will not send client sensitive data, such as account numbers and social security numbers, via email.
- We expect clients will not send us sensitive data via email
- We will call and speak directly to client to confirm Bank Wire transfers
- If clients request funds via Electronic Fund Transfer (EFT), funds are transferred to an existing, previously established link. Fidelity and Schwab have pre-note periods when establishing new links between account to help safeguard against fraud.
- Fidelity and Schwab maintain their standards and processes to ensure secure systems.
- We review client account balances and transactions regularly
- We do not maintain any client data on any local computers, hard drives or servers. We utilize virus protection on each computer and maintain a firewall.
- Our vendors who maintain client data are all compliant with 201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth of Massachusetts
- We are always on the lookout for email requests that seem a little “off” or strange. We will call to confirm over the phone in these cases.
Other Resources
If you are looking for additional information or training on cybersecurity issues, consider these free options:
https://www.cisa.gov/stopthinkconnect
OnGuardOnline.gov (Federal Trade Commission)
StaySafeOnline.org (National CyberSecurity Alliance)
Summary
While October may be Cybersecurity Awareness month, the truth is that every day you need to be aware and proactive.
You are the first line of defense.
We cannot control what cyber-criminals are doing. We can control our own behaviors by being “safe online” and safe with our finances by implementing the strategies as noted above. Be mindful of what you are doing, clicking or with whom you may be sharing information. These actions will help to reduce potential risk to fraud.