WATCH How to Prevent Identity Theft – Day 23 of Cybersecurity Awareness Month
Mike Miller 00:06
Today we’re talking about identity theft. We hear about this in the news all the time, however rarely, if ever do we hear how it happens, why it happens and how to stop it from happening. So with us today is Craig Taylor, CEO and co founder of CyberHoot, the Cybersecurity Awareness and training company for msps and small businesses to help combat identity theft and a whole lot of other cyber attacks. So Craig, welcome. Can you explain identity theft for us, please?
Craig Taylor 00:35
Absolutely, Mike, this is a topic that I love talking about. Because it’s such an easy fix. Identity Theft over the last few years have become so much more prevalent, due to the large amount of financial data stolen in major breaches. If you think back just in the last few years, you can remember Experian was breached, Equifax was breached Capital One was breached today, just a few financial companies.
And that left our financial information exposed online. And with that comes the potential for identity theft. This is where your credentials and credit history are used to take out credit in your name in the form of a credit card or a loan. In other cases, hackers will use your financial data to file your taxes for a refund from the IRS. Now to do this, you’re wondering how does this happen?
Well, people need access to your full name, address, social security number, and some of your credit history, all of the things stolen in the three breaches I mentioned. And then they also need to be able to check your credit to be able to get a credit score. Otherwise, any underwriter will not give you credit because they base the interest rate that you get charged when you borrow money on that credit score.
Mike Miller 01:57
Okay, so the large the large breaches in recent years have given hackers the information needed to file our taxes or apply for a credit card. Yep, you know, all to make money for the hackers. But, Craig, would the information already out there? Isn’t it impossible to stop identity theft from happening?
Craig Taylor 02:16
Well, Mike, nothing is impossible. So what I’m going to tell you is that it is very, very difficult for hackers to take out credit in your name, if you do one thing. And that one thing is freeze your credit. We always hear about getting credit monitoring with this breach or that breach, right, when in fact, the correct answer and response is not monitoring. But freezing your credit because remember I said if you have all these data points, you still need to get an accurate credit score to find out what interest rate to charge on the credit card or on the loan.
And that’s where you can freeze the credit report so that no one not even yourself, can get a credit score on you. And you need to do that at the four different credit bureaus. Now most people know of three they know of Equifax, Experian, and TransUnion. But there’s a fourth and the hackers know about the fourth because that’s where they go when the first three are locked, or frozen, Innovis is the fourth credit union or credit bureau, you need to lock your credit at those four. It’s funny, I talk to people all the time about this family members, anyone that’s ever had trouble with their identity. And I say it would have been so smart just to freeze your credit.
They’re like What’s that? Well, imagine this imagine you could have fire insurance protection for your house that prevented the fire from happening. Rather than monitoring your fire with smoke alarms and tying it into the fire department. So they came when there was a fire, it’s too late once the fire starts for you to save yourself from trouble and damage and inconvenience.
But in the case of credit monitoring, that’s the same as the fire smoke alarms, right? There’s some fire and some smoke somewhere. You want to put it out early and quick. But in credit, it’s too late. So freeze it. That’s an absolute because again, you’re blocking that credit check to get the interest rate to set the interest rate. So that’s essentially the key message here.
And I think if we put in the show notes, we can probably put links to those for credit unions, and specifically to their freeze pages for you to reference to freeze your credit. And then it’s a simple matter to unfreeze it. Whenever you take a loan out, you can say to the loan agency, I’m going to unfreeze it at Experian for tomorrow and the next day, it will automatically lock after that, but you can pull my credit from the one credit agency for 24 hours and then work Ready to go? I’ll get the approval. My credit history is good, you know, and you’re all set.
Mike Miller 05:04
Okay, correct. So you told us about the importance of, you know, freezing, not just monitoring, but freezing, which is excellent advice. Is there other things that you can do?
Craig Taylor 05:14
Yes, in fact, there’s really a lot of other things that are considered best practices that every company ought to do for their employees. First of all, you need to train your employees to spot these kinds of attacks, such as phone, social engineering, phishing, that could lead to the compromise of your data, or even the release of financial information in your organization to further credit, troubles for people identity theft, I’m familiar with one company, Seagate was sued by their own employees, because someone in HR released all of their w two forms, which has all the data I just talked about, to a hacker who was pretending to be the president of the company.
And so by training your employees on the social engineering attacks, you might even avoid being the source of the compromise of the identity in your own company. Phish test your employees, I have time and again, I’ve trained companies and then the very first phishing test, the company forgets what they learned or doesn’t apply it and lots of people click on the phishing link and provide credentials to me, but it only happens once. So the importance of testing your employees is really important with phishing tests so that they apply their knowledge.
It’s also important to govern employees with cybersecurity policies. So when they have discretionary decisions to make around I’m registering on this website, and I should use my company’s specified password length 14 character passwords in that online application. You can’t control that as a with technology, but you can guide and govern your employees to do the right thing through policy cybersecurity policy. So like a password policy, or an acceptable use of computers policy.
Another one which is really useful is following a three to one backup methodology to backup to first know where all your critical data is, and then secondly, back it up using three copies on two different media’s with one of those media’s being offline. And that’s basically a lot of the high level important steps that you can take to further protect your company, not just from identity theft from but from a whole host of other cyber security attacks. I’d like to finish Mike with one little shout out to CyberHoot, where anybody signs up with us to learn about these and other best practices or training of their employees. We do have governance policies as well. We have a special for the October cyber security month is a savings of 50% off on all fees for anyone signing up in October for three months in a row so you’ll pay half of what you would normally pay if you sign up in October to help build your cyber program through cyber month.
Mike Miller 07:53