By Rick Hyde
Special to the Financial Independence Hub
Most articles about identity theft will offer practical insights and steps that you can take to protect your self. But what about all the other people that handle your personal data – the financial advisors, accountants, lawyers and health professionals, to mention a few – what are they doing to protect YOUR privacy?
Identity theft and fraud is growing
As the use of digital systems for storing personal financial and health data has grown, so has the problem of fraudulent access to that information.
Identity theft and fraud has been growing steadily in the past 10-20 years, according to reports in the US and Canada. So far in 2015, the US-based Identity Theft Resource Center reports almost 300 incidents involving data on over 100 million individuals.
You are your account numbers
Our personal identity is increasingly tied to key accounts, eg., social insurance, driver’s license, email, bank, etc. These accounts serve both as foundations for and proof of our claims to be who we say we are. When these identifying accounts and numbers are lost or stolen, they can be used for a wide range of fraudulent activities – from impersonating you, to running up debts on your credit, to outright stealing from you.
You can protect yourself from identity theft, or at least respond more quickly if it does occur, by monitoring credit reports and financial statements along with shredding paper documents before disposal. Various identity theft insurance products are also emerging, but they generally offer protection after the fact rather than prevention.
Protecting identity in the digital age
Today, more people than ever have access to private and confidential information about your identity. For instance, any professionals with whom you have business dealings, including financial and insurance advisors, accountants or lawyers, and even health advisors such as doctors and health service providers, likely have access to and may be storing some of your private, identifying information.
Are these people, your advisors and service providers, taking precautions protect your identity? Here are some best practices that your advisors should be implementing to protect your security and identity:
- Never send private information via public email.
Email is not secure. The content of messages sent over public Internet email can easily be intercepted and viewed. Your advisor should never send you files with personal information, such as health history or account numbers. Instead, they should be using a secure portal that encrypts and protects data in storage and in transit – similar to an online banking site. If any of your advisors are transmitting your private information by email, ask them to stop.
- Avoid storing private client data on mobile devices.
Mobile devices, such as notebook computers, tablets/iPads, smartphones, and USB thumb drives, are easily lost or stolen. Your advisors should not be storing private information about you on these devices. A much better practice is to store sensitive data on a central server, then to protect that server and provide secure access to authorized mobile devices. In the event your advisor’s device goes missing, access to the server can be blocked and no personal data is exposed. Ask your advisors if they ever store your private data on their devices.
- Always use long and strong passwords.
People are often the weak link in protecting data because they choose short passwords that are easy to remember. Strong passwords are long and don’t follow obvious patterns. For instance, a password consisting of four common words strung together, for example “kitchenbaseballhorsehappy”, is both easier to remember and very hard to guess, even for a high-powered supercomputer. Ask your advisors if they and their staff are using strong passwords.
- Be aware of phishing scams and have an identity verification procedure.
“Phishing” refers to the spoofing of legitimate email or server identities in order to trick people into taking action or providing their private data. Say, for instance, your email is hacked and the hacker sends your advisor trading instructions. Your advisors need to be actively educating themselves and establishing clear guidelines for their clients and staff to ensure that there is a process in place to verify your identity before transacting on your accounts. Ask your advisors if they have such a process.
Keep all software, including anti-malware, up to date.
All software, such as your computer or mobile device operating systems, can have security flaws that are overlooked. As security vulnerabilities are discovered, software is updated and your advisors should have a process in place to ensure that you’re using the most up-to-date software. Anti-malware programs protect against computer viruses and spyware and these should also be updated on a regular basis, as new threats are appearing all the time. Ask your advisors whether they have a software update policy.
Next time you meet with your financial or other advisors, ask them about these issues. Letting your advisors know you care about their security practices is one of the best ways to help them protect your security.
Finally, if you have become the victim of identity theft, this RCMP website has a helpful resource on what you should do.
Rick Hyde is the founder and CEO of Ticoon Technology. For almost twenty years, Rick has been designing and implementing web-based wealth management and financial data solutions for North America’s leading financial services firms. Visit www.ticoon.com for more information and follow Rick on Twitter @RickHydeTicoon.