Want to prevent identity theft? In this interview, we sat down with Michael Bruemmer, Vice President of Experian Data Breach Resolution Group and Consumer Protection, to learn more about cyberthreats and how the basic internet users can protect themselves.
Experian is the world’s leading global information services company. During life’s big moments — from buying a home or a car, to sending a child to college, to growing a business by connecting with new customers — they empower consumers and their clients to manage their data with confidence.
Additionally, Experian help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime.
Interestingly, they have 16,500 people operating across 39 countries and every day they’re investing in new technologies, talented people and innovation to help all their clients maximize every opportunity. Also, they are listed on the London Stock Exchange (EXPN) and are a constituent of the FTSE 100 Index.
1. Question: What are the threats associated with exposed personal information?
Answer: There are many ramifications to having your personal information exposed or stolen.
We have seen that a large portion of personal information such as name, address, phone number, social security number, and medical identification number, for example, are sold on the dark web. Bad actors run the dark web like a marketplace with pieces of data being bought and sold on a regular basis.
Ultimately, it is hard to say when the impact, if any, would occur. Cybercriminals may try to use the data to hack into your financial accounts to steal money. Sometimes they use it to blackmail companies for money, which is termed ransomware. They also just steal information to cause havoc.
But every consumer should take identity theft seriously and be vigilant about protecting themselves. They should practice good security hygiene by doing the following:
- Do not connect to public Wi-Fi.
- Only access safe and reputable websites with the SSL security certificate (the s in https://).
- Shredders are a smart way to destroy unneeded personal documents, like bank statements, so they don’t end up in the wrong hands.
- Consumers should also be weary of suspicious emails and avoid clicking any links that could be phishing scams.
- Password protecting devices and accounts can also help secure personal information, especially when it comes to a cell phone.
- Mobile technology provides access to sensitive information, so setting a unique password, and changing it regularly, can help keep that information protected. Enabling remote finding and wiping software, which tracks the phone or destroys data if the phone is lost or stolen, is an extra step that could ensure the safety of personal information.
- The risk of identity theft is also reduced by being careful about posting information, such as in social media.
There is information here for consumers on our blog: https://www.experian.com/blogs/ask-experian/how-to-protect-yourself-from-identity-theft/
2. Question: What should the basic internet user do in the case of identity theft?
Answer:To protect yourself, you should follow the tips, as mentioned above, to avoid using public Wi-Fi and to only use credible websites. Also, when online shopping, it’s beneficial to use a specific credit card with a low spending limit used just for online shopping. With a low spending limit, if the card number gets stolen and used for fraudulent purchases, the criminal can’t do too much damage.
If a person is a victim of identity theft, they should report it to their local authorities.
He/She should also report identity theft to the Federal Trade Commission. The FTC has a designated identity theft website that offers step-by-step instructions to help victims reach mediation.
Other steps include contacting creditors, changing your passwords to all of your online financial accounts and checking your credit reports from each of the three national credit bureaus (Experian, TransUnion, Equifax) periodically for any fraudulent activity. If you suspect fraud, consumers can contact the credit bureaus to submit a claim and have it investigated.
3. Question: What is the most effective pre-breach security measure that companies should implement?
Answer: Employees have been – and continue to be – companies weakest link in the security fence.
In our 2019 corporate preparedness study, we found that, unfortunately, companies are still not shoring up their security trainings for employees which is the most effective approach companies should adopt.
Only 72 percent of respondents say they have an employee security training program, which is down from 73 percent the year prior. This number should be increasing. When asked how often the training is conducted, 49 percent do it as part of their onboarding of new employees, only two percent do it every six months, and 24 percent conduct it annually while 25 percent conduct it sporadically. Also, only 50 percent train employees on phishing scams, while 69 percent of respondents had experienced phishing attacks in the prior 12 months.
Companies recognize this is a problem though. A majority of respondents (87%) say employee negligence has a significant/very significant influence on their security posture.
This is an easy area to address and improve, and I recommend that training be conducted at least annually.
With the current climate, hackers are even more aggressive right now. They are unleashing email or texting phishing campaigns. We also see that a trend with hackers is they are being more patient than ever and infiltrating systems but just remaining ‘hidden’. They are taking time to do this across all industries that are getting affected by the pandemic. As soon as we get the ‘back to normal’ order, businesses are going to focus on everything else to get back on track, but cybersecurity may not be a top priority, and then the hackers will spur into action.