There are ways, however, you can protect yourself against these kinds of crime.
How Cyber Crime Starts
Anyone can place a freeze on their credit, purchase credit monitoring programs or take other actions to protect against similar large scale breaches. However, most identity theft or compromises of PII, including a couple of the major breaches mentioned below, have nothing to do with the Internet or lax computer or network security.
Unpatched operating system vulnerabilities or hacking wizardry are involved in a relatively small number of the total cases.
Think about this: How much information does someone really need to know in order to impersonate you to a 3rd-party? Your name? Birth date? Address? Armed with easily found information such as this, and maybe a couple other key pieces of information such as the high school you went to, your dog’s name or your mother’s maiden name, an individual might be able to access your existing accounts or establish new loans or credit in your name.
Recently, reports of security breaches in which customer data and personally identifiable information (PII) were somehow compromised seem to appear almost daily. Verizon, for example, reported the loss of data involving more than 14 million customers. Cybercriminals even attacked credit bureau giant Equifax – in possibly the largest data breach ever – and stole information from 143 million people including names, birth dates, Social Security numbers, addresses, and driver's license numbers.
The more insidious cases involve small thefts such as information being pulled from your trash can. Or a waiter who swipes or simply writes down your credit card number when you make a purchase at a restaurant. There are a variety of laws related to securing customer information including Sarbanes-Oxley, HIPAA, GLBA and others.
But social engineering and good, old-fashioned theft still pose a larger threat than network security and it is up to you to monitor and protect your personal information and your credit.
How To Help Stop Identity Theft
Below are some initial steps you can take to help secure and protect your personally identifiable information and ensure that your identity or your credit is not compromised.
1. Watch for shoulder-surfers. When entering a PIN number or a credit card number in an ATM machine, at a phone booth, or even on a computer at work, be aware of who is nearby and make sure nobody is peering over your shoulder to make a note of the keys you’re pressing. Use a fingerprint scanner for identification, too, or turn on facial recognition systems if your device offers them.
2. Require photo ID verification. Rather than signing the backs of your credit cards, you can write “See Photo ID”. In many cases, store clerks don’t even look at the signature block on the credit card, and a thief could just as easily use your credit card to make online or telephone purchases which don’t require signature verification, but for those rare cases where they do actually verify the signature, you may get some added security by directing them to also make sure you match the picture on the photo ID.
3. Shred everything. One of the ways that would-be identity thieves acquire information is through “dumpster-diving”, aka trash-picking. If you are throwing out bills and credit card statements, old credit card or ATM receipts, medical statements or even junk-mail solicitations for credit cards and mortgages, you may be leaving too much information lying about.
There are two ways to shred files: Buy a personal paper shredder and shred all papers with PII on them before disposing of them or use a file shredder software program.
4. Destroy digital data. When you sell, trade or otherwise dispose of a computer system, or a hard drive, or even a recordable CD, DVD or backup tape, you need to take extra steps to ensure the data is completely, utterly and irrevocably destroyed.
Simply deleting the data or reformatting the hard drive is nowhere near enough. Anyone with a little tech skill can undelete files or recover data from a formatted drive.
Use a product like ShredXP to make sure that data on hard drives is completely destroyed. For CD, DVD or tape media you should physically destroy it by breaking or shattering it before disposing of it. There are shredders designed specifically to shred CD / DVD media.
5. Be diligent about checking statements and pay bills at the post office. This actually has two benefits. First, if you are diligent about checking your bank and credit statements each month, you will be aware if one of them doesn’t arrive and that can alert you that perhaps someone stole it from your mailbox or while it was in transit. Second, you can ensure that the charges, purchases or other entries on the statement are legitimate and match up with your records so that you can quickly identify and address any suspicious activity.
If you aren't using online banking to pay your bills, listen up: Never leave paid bills in your mailbox to be sent out. A thief who raids your mailbox would be able to acquire a slew of critical information in one envelope – your name, address, credit account number, your bank information including the routing number and account number from the bottom of the check, and a copy of your signature from your check for forgery purposes just for starters.
6. Encrypt your email and messaging. All of the data you send in messages or through email is at risk if you aren't using end-to-end encryption for security.
That means only the sender and receive can read the information. Combine this with fingerprint ID or a password lock on a device to ensure that you're extra safe.
7. Require 2-Factor Authentication on financial and social media accounts. Add an extra layer of security to your personal online accounts that you regularly sign in with using an email address/username and password. Even social media accounts should have two-factor authentication enabled. If someone does happen to obtain a password, for instance, they would still need a second, corresponding piece of information to actually get into an account.
8. Analyze your credit report annually. This has always been good advice, but it used to cost money, or you had to first be rejected from receiving credit so that you could get a free copy. Now it is possible to get a free look at your credit report once per year. The big three credit reporting agencies (Equifax, Experian and TransUnion) joined forces to provide free credit reports to consumers.
The website annualcreditreport.com, and places such as CreditKarma.com, also provide free credit reports and even monitoring. You should review your report to make sure the information on it is accurate and also make sure that there aren’t any accounts on there that you aren’t aware of or any other suspicious entries or activity.
9. Protect your Social Security number. The Social Security Number has become the one thing they had always promised it wouldn’t – a sort of national identification number.
It is often suggested that you do not carry your Social Security in your wallet with your drivers license and other identification. For one thing, although it is expected to last your entire life, the Social Security card is issued on very flimsy cardboard that doesn’t hold up well to wear and tear.
Aside from that though, knowing your full name, address and full Social Security Number, or even the last 4 digits in many cases, can let a thief assume your identity. You should never use your Social Security Number as any part of a username or password that you establish and you should never divulge it to telephone solicitors or in response to spam or phishing scam emails either.
10. Caveat Emptor. Do not conduct business online with companies you don’t know anything about. You can feel relatively secure doing business online with Amazon.com or BestBuy.com or any website affiliated with well-known, national or global merchants. But, if you are buying something online you need to have some level of trust that the company you are doing business with is legitimate and that they take the security of your personal information as seriously as you do.
by Tony Bradley, CISSP-ISSAP (repost from Lifewire)