Data security is critically important. The Ponemon Institute reports that the average cost of a data breach in 2018 has increased by 6.4% from 2017 to $3.86 million, with the average cost for the loss of an individual record containing confidential information also rising 4.8% year over year to $148.
Merely opening an unexpected email can infect your computer with malware, potentially opening you up to data theft and sale, corruption, deletion, or even to your data being held for ransom.
Do I Have Something to Hide?
Maybe a better question is; Do you have something to lose? Do you want to spend potentially weeks or months clearing your good name after your identity has been stolen? The stakes are high, so you shouldn’t trust any communication without running it through a common sense detector.
The IRS and Your Tax Information
For example, if you get an unexpected call or email from the IRS, that’s already a red flag. The IRS will never reach out to you by phone or email as an initial point of contact when there is information that they need you to respond to. They always make first contact by mail.
It doesn’t matter if the email sender is IRS Online, or the subject line contains something about your tax transcripts, or the email looks official in other ways as well. It will not be their way of contacting you to collect personal information, and neither will a phone call.
So, check your mailbox. But if you get a call or email about your transcripts, refunds, underpayments, or the like, it is safe to say that it may be an attempt by an unscrupulous individual to get their hands on your data.
Personal Information Best Practices
The Federal Trade Commission lists many things you should be doing to safeguard personal data. Here are some of my favorites.
In the Analog World:
- Carry personal ID, SSN, or cards used for banking only to the extent that you need to;
- Understand the reason behind persons at school, a business, or the Google play store wanting access to some or all of your information, hardware, or metadata;
- Shred documents that contain information that could compromise your identity, especially those involving your SSN or that are of a financial nature;
- Keep items such as a smartphone, wallet, laptop, etc. physically secured. For more sensitive documents including passports, SSN cards, birth certificates, etc. a safe deposit box at your bank may not be a bad idea.
In the Digital World:
- Understand how data storage works. When you ‘delete’ files they are still on the hard drive platter, but simply stop being indexed by your machine. The data itself persists until it is either overwritten or otherwise corrupted. Therefore, you must either overwrite a drive with new data or physically destroy it for complete protection. Also, remove the SIM card from any phone that you sell or e-cycle.
- Utilize data encryption when possible. Websites with the minimum required security for you to send financial information will typically display an icon resembling a lock in the URL bar.
- Use best practices when it comes to passwords. Typically, password cracking happens with what is called a “brute force” attack rather than random guessing, which means that all possible combinations of characters are tried in sequence (by a computer program). Therefore, a secure password is not necessarily short and convoluted but can be easy to remember as long as it is of sufficient length. As an example: If you were to have a password that used the Pledge of Allegiance as your starting point, the password “1Pledgeallegiancetotheflagoftheunitedstatesofamer!ca” would not only be more secure than “iP@2tFoTU$0fA” but also easier for you to remember.
- When you use sites like Reddit, Facebook, or others, there are certain types of data that you shouldn’t share. These include personal addresses, phone numbers, etc. They can subvert your intentions to contribute anonymously even on sites where you are not required to register using your real name (like Reddit). Images, including those with or without geolocations, can be used to locate you, where you work, or even to determine what times you are away from your home. Any one piece of information may seem innocuous, but, over time, they can form a more complete picture of these things than you may realize.
- Be aware that wireless networks, including WiFi networks, can allow your data transmission to be intercepted (this is where encryption can help).
This may be a lot to think about, but it’s good for you and even better for your data. Be safe out there!
Header photo credit Richard Masoner/Cyclelicious