Cybersecurity Tips – Protect and Respond
Protect yourself against identity theft and learn how to respond if targeted.
Every year, we have clients who are targeted by identity thieves. DCM is committed to protecting you on our end, and we’ve taken great measures to strengthen our cybersecurity infrastructure. Still, you can do a lot to protect yourself. Below are actions that will minimize your exposure to risk and steps we can assist you with should you find yourself a victim.
Don’t overshare on social networking sites
Social networking sites and their users are collecting and storing data constantly. Never post any sensitive or financial information on sites like Facebook, LinkedIn, Twitter, Instagram, etc. Even your “connections” or “friends” may use that information to target you.
Maintain anti-virus and anti-malware software
If you are using a computer or electronic device that accesses the internet, then you should be using anti-virus software. And you need to make sure the software is updated regularly so that it can fight against the latest attacks. Software such as AVG, Norton, McAfee, or Webroot are all good options. We recommend a subscription because paying for the service will provide the best and most overarching protection. In most cases, a subscription will allow you to install the software on all of your devices.
Shred unneeded financial documents
In general, we don’t recommend you hold on to hard copies of financial documents, statements, and forms for more than one year. You can hold on to tax return documents for three years. Once those times have expired, you should not just dispose of the forms, but make sure they are shredded first.
Create strong passwords online
Try using passwords that contain at least 8 unique characters, including a variation of numbers, letters, and special characters. Never make a password something personal or a word found in any language’s dictionary.
Be careful with unsecured/public Wi-Fi hotspots
If you are on public Wi-Fi, do not access financial accounts online. This opens you up to attack from the Wi-Fi-owner, who may be spoofing the Wi-Fi of a legitimate business. Airports and coffee shops are especially vulnerable. Even secured public Wi-Fi connections can be unsafe. We recommend only accessing sensitive accounts online from your secured home network. If your home network isn’t password protected, please enable a password right away.
Don’t be reeled in by phishing scams
All of us are targets of phishing scams, and even the most savvy computer users have fallen for them. Never provide financial information or Social Security numbers to a company via email. If they need that information for an application, they will provide a secure form by which you can provide it during the application process. Also, don’t be fooled by emails coming from people claiming to be in duress, needing money urgently. Their stories may tug at our hearts, but they are nothing more than fiction and they are preying on our desire to help.
Monitor credit and bank accounts closely
Keep an eye on accounts by reviewing transactions on a regular basis. This includes bank accounts, PayPal accounts, and investment accounts. If a transaction is confusing or you don’t recall initiating it, contact the institution.
Don’t carry your Social Security card
If your purse or wallet is stolen or lost, and your Social Security card is in there, you’ve been compromised. Keep it at home in a safe place.
Don’t put financial information on your resume
Resumes are not secure. They are seen by a lot of people you don’t know well, and financial information is up for grabs. Don’t put information about past salary or where you bank on there, even if it seems like it will give you an advantage with a prospective employer.
Never open unexpected emails or attachments
If you don’t recognize the sender of an email, just don’t open it. If you do happen to open it, NEVER click on a link or download an attachment that you didn’t expect. Email is where we are often the most vulnerable. Be careful. When in doubt, delete.
Never trade financial info for freebies
Compromising your identity is not a good trade for a freebie. For one thing, you’ll probably never receive any gift. For another thing, the gift won’t be worth the agony. If someone asks for how much money you have in the bank, or where you bank, or Social Security number in return for something, don’t give up the information. Even if they have good intentions, you don’t know what they will do with the information or how secure it will be. It’s just not worth the risk.
Responding if Victimized
Notify the custodian of the affected account(s)
Once you realize that you’ve been targeted or your identity has been compromised, you need to take immediate action. If the threat has to do with your DCM account(s), call us right away. We’ll contact your custodian for you. If it has to do with account(s) we aren’t connected with, call them and let them know what happened. Change the password on any online access sites associated with that custodian. And if you fell victim to a scam via email, change the password on that email account.
Place a fraud alert with credit agencies
Notify the three major credit agencies (Equifax, Experian, and TransUnion) if any of your accounts have been compromised. You don’t know the extent of the information that has been accessed, and placing fraud alerts will stop others from opening accounts in your name.
Contact the Federal Trade Commission and create an Identify Theft Report
The FTC will help you report the identify theft properly and get a recovery plan. Visit https://www.identitytheft.gov.
File a police report
Contact your local police department and file a report. This can help you recover information and help contribute to ongoing, larger-scale investigations. It can also help you recover losses in the future.
Order and review your credit reports
For at least a year, you need to monitor your credit reports and make sure no new credit accounts have been opened in your name. You can get these reports through the three major credit reporting agencies (Equifax, Experian, and TransUnion).
Change passwords on all online accounts
Again, if you’ve been compromised, the attacker might have information beyond the accounts you’ve noticed. Change the password on all your online accounts (banks, social media, email, etc.).
Notify the Social Security Administration
The SSA needs to know you’ve been attacked. They may be able to find the thief if your Social Security number is used without your knowledge.
Monitor Social Security and credit reports
The information stolen from you might not be used for a while, if ever. You need to monitor these reports for at least a year, maybe longer. Just glance through the information to make sure nothing out of the ordinary exists. If it does, contact the reporting agency right away and they can investigate.
If you have any questions or think you might have been targeted by a cyber-attack, please call us and we’ll help walk you through it.