Presented to NALS Philadelphia in September, 2017. This presentation explores common data security risks and discusses basic steps you can take to protect yourself. Includes a quick review of Equifax, Experian, and TransUnion recent breaches.
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Staying Secure Electronically
1. Keeping Your Data Secure
Jennifer Ellis
Jennifer Ellis, JD, LLC
Jennifer@JLELLIS.NET
Copyright Jennifer Ellis, all rights reserved
2. How Many Data Breaches in 2016?
• 1,093 data breaches for U.S. companies and government agencies
– 40% increase from 2015
• Most data breaches never discovered
• Most data breaches never reported
• At least half involved Social Security numbers
– 4 breaches exposed 120 million Social Security numbers
• Health care is a common target
– Responsible for half of breach notifications affecting 500 or more individuals
– Averaged one health data breach per day
• More than 27 million patient records
https://www.bloomberg.com/news/articles/2017-01-19/data-breaches-hit-record-in-2016-as-dnc-wendy-s-co-hacked
http://www.securityweek.com/number-us-data-breaches-increased-2016-report
https://www.healthcare-informatics.com/news-item/cybersecurity/report-healthcare-sector-hit-hard-2016-data-
breaches
3. Credit Agencies
• Equifax – mid May through July 2017
– 143 Million U.S. consumers
• If you have a credit report, you were probably affected
– Names, Social Security numbers, birth dates, addresses, drivers’ license information.
– Credit card numbers from 209,000
– Dispute documents from 182,000
• Equifax – May 2016
– W2Express website
• Downloadable W-2 forms for Kroger employees
• Tax data and salary details
• Equifax, Experian & Transunion – March 2013
– Focused on celebrities and high profile figures
• Michelle Obama, Paris Hilton, Hillary Clinton, Robert Mueller
– Credit reports
– Used publicly available information to bypass security questions
• Experian – September 2013 through September 2015
– Million U.S. consumers
• Applied for financing from T-Mobile
– Names, birth dates, addresses, Social Security numbers, drivers’ license information and more
4. Credit Cards in 2016
• $16 billion in fraud and identity theft
• 15.4 million Americans
• Card not present biggest form of fraud
– 40% increase from 2015
– This gets around chip-embedded cards
6. Protecting Yourself
• Sign up for insurance
– Check your homeowners policy
• Get copies of your credit reports frequently
– Should come with insurance
– AnnualCreditReport.com
• Each agency must give one every 12 months for free
– Do not sign up for “free” companies that are not
well known
7. Credit Freeze
• Credit Freeze (security freeze)
– Prevents opening new accounts
– Will not protect already open accounts
– Have to call each agency
• There may be a fee of between $5 and $10
• Equifax: 1-800-349-9960
• Experian: 1-888-397-3742
• Transunion: 1-888-909-8872
8. Fraud Alert
• Fraud Alert
– Concerned you may become a victim
– Prevents unverified access for 90 days
• Extended Fraud Alert
– Already a victim of identity theft
– Seven years
• Contact one of the companies listed previously
– That company will inform the others
– No fee
9. Web & Email
• Be careful of websites
– Even trustworthy sites can have malware
– Many fakes websites
• Use quality malware protection
– Webroot
– Norton
– Etc
• Do not click on links
– Go to the website directly
• Use a link checker
– https://validator.w3.org/checklink
• Do not open unexpected files
– Even if you know the person
10. Email is Not Secure
• Do not send private information through
email
• Add encryption
– See https://www.lifewire.com/you-should-
encrypt-your-email-2486679
• Put in an encrypted file and attach
11. Encrypt USB Drives
• If you store data on USB drives, add
encryption
– See
https://www.pcmag.com/article2/0,2817,249272
6,00.asp
12. Phone Scams
• Fake number on caller ID
• Often from other nations
• Try to scare people into paying money
13. Protect Your Phone
• Use a password
• Turn on encryption
– Search how do I encrypt (type of phone)
– Follow instructions
• Do not jailbreak your phone
• Do not add applications from unknown sources
• Check what applications access
• Turn on find my phone
• Use malware software
• Keep up-to-date
15. Homeland Security Scam
• Claim to be from Department of Homeland
Security – Immigration
– Called ID shows 800-323-8603
• Hotline number
• Never used for outgoing calls
– Demands person prove who they are
– Sometimes tells person they are a victim of
identity theft
16. FBI
• Claim to be from FBI
– Claim they are investigating person
– Demand money or will be arrested
– Spoofs local FBI phone number
• FBI does not call to demand money or
threaten arrests
• Get information about local offices
– https://www.fbi.gov/contact-us/field-offices
17. Can You Hear Me?
• Voice asks “Can you hear me?”
• You respond yes.
• They record the yes and use it as a voice
signature to approve various things.
• Just hang up if they call
• If you already said yes, check your bank and
credit card statements for unauthorized
charges
18. Fake Bank Numbers
• Text you claiming that your bank is concerned
about a charge
• Provides a number for you to call
• You call the number, they ask for information
• They use that information to steal from your
bank account
• Always make sure you call the bank directly
19. Computer Support
• Claim to be from Microsoft or Apple
• Ask for information to log in to accounts
• Ask to be able to take control over your
computer
• Ask for money to pay for services they claim
they performed
21. Arrest Fraud
• Someone uses your name and information
when arrested
• You end up with a warrant
• You get pulled over
• You get arrested
• Requires a lawyer’s assistance
22. Child ID Theft
• Begins with child’s social security number
• Create entirely new identity on child
– Government benefits
– Bank accounts
– Credit card accounts
• Often not known until child is an adult
• Check your child’s credit too
23. Tax ID Theft
• Use your Social Security number to file fake tax
return
• Unknown to you until you try to file your own
– Or you receive a warning letter from IRS
• If occurs
– File a complaint at identitytheft.gov
– Contact one credit bureau and set fraud alert
– Contact all financial accounts
• Close and create new ones
– Complete IRS form 14039 – Identity theft affidavit
24. Medical ID Theft
• Steal personal information to
– Obtain medical care
– Buy drugs
– Submit fake bills to Medicare
• Solution, contact:
– Department of Health & Human Services –
Inspector General
– Medicare Call Center
– Federal Trade Commission
25. Social ID Theft
• Someone creates an online social media
presence using your information
– Often uses such information to fool people into
giving them money
• Commonly used in romance scams
• Periodically search your name and photos
online
• Watch out for warnings from friends
27. Get a Good Shredder
• Not Strip Cut
• Cross Cut is fine
• Micro Cut is best
• Shred:
– Documents
– Cards
– CDs/DVDs
28. Getting a New Computer?
• Shred the hard drive
– There are places that do this
• Use data destruction software
– See
https://www.pcmag.com/article2/0,2817,249272
6,00.asp
29. Wi-Fi
• Secure your home wi-fi
– https://www.pcmag.com/article2/0,2817,240975
1,00.asp
• Don’t use free wi-fi
• Don’t use hotel wi-fi
• Get a hot spot
– Often $20 per month
– Can get pay as you go
30. Passwords
• Choose complex passwords
– https://identitysafe.norton.com/password-generator/
– At least 14 characters, preferably more
– Mix upper, lowercase, numbers, and if allowed,
special characters
– Change high risk passwords every 3-6 months
• Use a tool such as LastPass to remember
passwords
– That way you only have to remember one
– Make it extremely secure
• Do not repeat passwords
31. Two-Factor Authentication
• Uses two steps to protect accounts
– When you forget a password
– When you try to use a new device
• Sends a code to your cell phone
– Enter the code on the device you are trying to use
the account on
32. Additional Issues to Consider
• Use firewalls
• Do not use computers you don’t know
• Closely watch banks and credit cards
• Don’t carry Social Security card
• Don’t let mail pile up
– Put it on hold if going away
– If bills seem late or don’t arrive, call the company
33. Keeping Your Data Secure
Jennifer Ellis
Jennifer Ellis, JD, LLC
Jennifer@JLELLIS.NET
Copyright Jennifer Ellis, all rights reserved