Hopefully many of you have seen our latest data breach infographic and Mike Gross’s commentary in WIRED on the data breach risks for businesses. It got me thinking about the risks for consumers as well…
I remember the first time I ever used a computer. I was in the 4th grade, and we had this new thing called a computer class that we had to attend. Computer class consisted of playing Wheel of Fortune and Jeopardy on old Apple 2Es. It’s safe to say that as a Millennial the Internet and I grew up together, and in that span between 4th grade and now, the World Wide Web has spidered it’s electronic grip into every aspect of life, resulting in my entire life being online. My. Entire. Life. In the rush to live online there was something I didn’t learn in that and subsequent computer classes. I didn’t learn how to use the Internet properly, and may have made it more efficient not just for myself but for hackers as well.
I have one email address that I use on my resume and my resume only. There are no personal accounts on the Internet anywhere linked to this account. You don’t want your college debauchery visible to someone you’re asking to trust you and give you money. You do want a responsible version of yourself visible, so perhaps your LinkedIn account and any professional publications should link back to this email. I have one other email address that I use for just about everything else. That one email address touches every aspect of my digital existence.
I sat down and tried to think of all the places I have my email registered. The most important and critical part is my financial life; I have my bank account, my retirement account, credit cards, student loans, utilities, and my tax preparation services, among others. These are all very sacred to the online consumer as they contain sensitive information. I have at least 19 financial based accounts. The next biggest chunk of online accounts I have are ecommerce accounts. Websites I’ve shopped at once to buy something very specific, never to return again, websites I shop at religiously and return to over and over again, and websites that I love to window-shop in before I go in store to make my purchase. They all have my email address. There are only 25 that I can remember. That I can remember.
Next up are my social media sites. My wonderfully full email, the videos I have posted of my son and daughter on YouTube, the thousands of pictures I have posted on Facebook, and my affinity for DIY projects is clearly visible to all on my Pinterest. I have at least twelve social media accounts, including a defunct Twitter that I never sent a single tweet from and a Tumblr account I haven’t used in over a year.
I completed my Bachelor’s degree online. I have signed up for email notifications from the last two cities I have lived in. I pay my doctor’s bills online as well. I am looking at buying a house soon so there is my Zillow account. I travel and get miles with a few airline carriers and hotels. I check my son’s grades online and deposit money into his lunch account online. Prescription rewards. Movie tickets. DMV. Everything is online.
All in all, I have at least 115 accounts, and this does not include to 50 or so ecommerce accounts that I am guessing I have out there and have completely forgotten about because I only bought one thing one time five years ago.
Realistically 200 or more companies have some sort of account on me.
But is this really a problem?
Maybe. If someone gets ahold of any of these accounts, whether through a data breach or malware, they can login to them and place orders or send money to themselves. It’s really not that hard to do if you think about it. Most merchants don’t require a security image or question, and those that do have security questions that are pretty lame and easy to figure out by looking at a social media account. Oh, you went to such and such high school, which had this mascot, your mom is your friend and she used her maiden name when she created her social media account. Name of your kids, city you were born in, favorite sports team, favorite TV show- all visible within five minutes of viewing your profile.
It is also possible for fraudsters to reverse engineer some of these enough so that they can not only place orders with already store card information, but they can also obtain the full number to make purchases elsewhere. But so what if they do? Credit and debit cards have zero fraud liability these days and all it takes is a phone call from me to dispute some charges. I change my password to that account, my money is back in my account, I’m out five to ten minutes of my day and life goes on.
What is more concerning is if someone gets ahold of multiple accounts and pieces together my entire life. It can make identity theft really easy for someone to perpetrate. This can take months, or even years to resolve.
But these are all resolvable. The worst thing that can happen is if someone logs into your accounts just for the sole purpose of erasing everything you have. All of those videos I mentioned earlier, the pictures of my kids at Valley Forge, at the beach, D.C., reunions with friends, weddings, and family vacations, all can be erased because I was careless and didn’t protect them. If I don’t back them up they could be gone forever. You may think I am being a little dramatic, but it actually happened to this guy at Wired. It really can be devastating.
So what can be done, realistically? Should I create 115 different emails? Of course not, I am a Millennial, ain’t nobody got time for that. What I do have time for is creating four or five email addresses and declining the option to link them together. One for financial information, one for social networking, one for work and career, one for ecommerce purchases, and one that you give out every time you go to the store and buy something and they want to clue you in to their special deals.
The next thing we can do is get better with our password usage. For some reason, digital society continues to use passwords like ‘password’ and ‘monkey’ or whatever the default is, which is most often the username. Seriously, people really still use ‘password’ for their password and in high numbers. Diversify the passwords you use, don’t use the defaults, and change them somewhat frequently. I am guilty of this- unless I am prompted to I don’t usually change my password. I have banked online for at least eight years with the same bank, and in those eight years I have only been asked to change my password once. Fail on my part.
There are a few other steps you can take as well. Opt out of storing your credit card information when making purchases. Yes this may be a bit of a hassle the next time you go to purchase, but it might be worth it in the long run. And finally, back up the important things that can’t be recovered- your thesis from college, a copy of your wedding vows, and your videos and pictures. You’ve probably had someone ask you what you would take with you if your house were on fire- most reply with ‘important documents and family photos.’ If you’re afraid of losing these items in a physical fire, then you should be afraid of losing them to a hacker and should take proper precautions.
The age-old adage is still true: an ounce of prevention is worth a pound of cure.