In December 2016, Yahoo announced that data associated with more than 1 billion user accounts had been stolen in 20131. The company believes this was a separate incident from a previously announced theft of data from 500,000 user accounts in 2014. Although the sheer number of compromised accounts is staggering, the Yahoo breaches are just two out of numerous major data breaches discovered in 2016, ranging from dating sites and internet companies to the IRS and the U.S. Department of Justice2.
Private companies and government agencies that hold personal information are responsible for protecting that data, but even the most vigilant organization can still be vulnerable. Once a breach has occurred, the aftershocks can last for years as cyber thieves exploit stolen information. Here is an overview of current cybersecurity trends and steps you can take to help protect your identity and personal accounts.
Passwords and Security Questions
An analysis of 10 million stolen passwords found that the most common password — used by 17% of users — was 1234563. Many of the other top passwords were simple combinations of numbers or letters that could be cracked in seconds by dictionary-based hacking software. A strong password should be at least eight characters long and use a combination of lower-case letters, upper-case letters, numbers, and symbols. Avoid dictionary words and personal information such as your name and address.
You should have a separate password for each account or website, and change passwords frequently. Consider using a password manager, a program that generates strong, unique passwords that you control through a single master password. Keep in mind that security questions can be used to unlock data by thieves who claim to have lost a password. Create answers that are fictional or cannot be discovered by others.
Chips and Strips
The transition to credit cards and debit cards with embedded computer chips utilizing EMV (Europay, MasterCard, and Visa) technology has reduced fraud at checkout terminals in brick and mortar stores. But EMV technology does not protect card numbers used online; in fact, thieves have shifted efforts to digital merchants, which have seen an increase in cyber theft. EMV adoption has also stimulated an increase in a new type of account fraud in which thieves use stolen information to create new accounts with new cards4.
The EMV rollout has been slow, and cybersecurity experts predict more widespread use of sophisticated skimmers inserted into a card reader to steal information from magnetic strip cards5. Gas stations, a favorite target for skimmers, are not required to install EMV terminals until October 2017. When using a card reader terminal, particularly in a standalone location, be aware of anything that looks amiss, such as colors that don’t match or arrows that don’t line up. If you are suspicious, do not use the terminal and report the issue immediately.
The United States has been slow to adopt mobile payment technology, but 2016 represented a big step forward. Almost 40 million Americans made a “proximity payment” using their mobile phones at the point of sale and more than 45 million transferred funds with a mobile payment peer-to-peer application6.
Paying with your smartphone could be safer than paying with plastic as long as you take the same security precautions on your smartphone as you would on your computer and utilize security enhancements such as fingerprint access. Also be aware that hackers have begun to send malware through text messages.
According to an IBM security survey, the healthcare industry was the top target for cyber criminals in 2015, with over 100 million records compromised, surpassing the financial services industry7. Cybersecurity experts predict that medical cybercrime will accelerate and spread to larger networks in 20178.
For consumers, stolen medical information can lead to fraudulent and expensive claims, and collateral damage as thieves use personal data in electronic medical records to open other accounts. Protect your health insurance ID card as you would a credit card and monitor explanations of benefits (EOBs) from your insurance company and payment records from health savings accounts.
What Can You Do?
Here are some other security tips to help protect your identity:
Take an extra step. Two-step authentication, such as a text or email code along with your password, could help protect your sensitive data.
Monitor your accounts. Notify your financial institution immediately if you see suspicious activity. Early notification can stop the thief and may limit your financial liability.
Think before you click. Never click on a link in an email or text unless you know the sender and have a clear idea where the link will take you.
Shop secure. When shopping online, look for the secure lock symbol in the address bar and the letters https: (as opposed to http:) in the URL.
Minimize information. Provide only as much information as necessary for your purpose. If you are suspicious of any request for information, don’t provide it.
Protect your Social Security Number. Your SSN is the key to a whole world of personal information. Do not carry your card in your wallet and never provide your number online unless you are on a secure IRS or Social Security Administration website.
1Yahoo, December 14 and September 22, 2016
3Security, January 13, 2017
4Javelin Strategy & Research, 2016
6Marketer, November 7, 2016
Prepared by Atlas Private Wealth Management, LLC in collaboration with Broadridge Investor Communication Solutions, Inc. Copyright 2017
Atlas Private Wealth Management, LLC (“Atlas”) is an SEC-registered investment advisory firm established under the Investment Advisers Act of 1940. SEC registration does not constitute an endorsement of Atlas by the SEC nor does it indicate that the advisor has attained a particular level of skill or ability.
This information is provided for general informational and educational purposes only, and is not intended to provide legal, tax, or investment advice. These materials have been prepared based on publicly available information from sources believed to be reliable. We cannot assure the accuracy or completeness of these materials. The information in these materials may change at any time and without notice. Contact your attorney or other advisor regarding your specific legal, investment, or tax situation.
PAST PERFORMANCE IS NOT A GUARANTEE OF FUTURE RESULTS. ALL INVESTMENTS INVOLVE RISK, INCLUDING THE LOSS OF PRINCIPAL. Different investments involve varying degrees of risk, and there can be no assurance that any specific investment or investment strategy (including those recommended by Atlas) will be profitable for an investment portfolio. Prior to investing, clients should consider carefully the information provided in the mutual fund prospectus, including investment objectives, risks, charges, and expenses.