News and culture through the lens of Southern California.
Hosted by A Martínez
Airs Weekdays 2 to 3 p.m.
US & World

Cyber security: How to protect your data and what to do if your identity is compromised




Although there is no one right way to guarantee your security from hackers, there are a few tips you can better help protect yourself and your information.
Although there is no one right way to guarantee your security from hackers, there are a few tips you can better help protect yourself and your information.
izzatFulkrum/Flickr Creative Commons

Listen to story

07:41
Download this story 3MB

All this week on Take Two we've been looking into the issue of consumer security and how to protect our financial lives. We covered a lot of ground, from identity theft to the impact of data breaches on business (the Sony hack, for instance).

You can read previous installments of the series on identity theft, the impact of cyber crime on small business, our attitudes towards consumer security a year after the Target data breach, how banks manage fraud  and a company that hunts down hackers.  

We've also been reaching out to you for your questions on the subject. Today we bring you some answers to your queries and concerns, and offer some tips on keeping your data — and your identity — secure.

How to protect your data:

Don’t leave your devices unattended in public

It is much easier for an attacker to get or corrupt information if they have access to your personal device. Be sure not to leave your smartphone or laptop unattended in public, the Department of Homeland Security’s United States Computer Emergency Readiness Team recommends. If you must step away, even just for a minute, be sure to lock it.  

Have a better password than: “12345”

It is important to choose passwords that will be difficult for hackers to guess. Be sure to choose different passwords for different programs or devices. And, although it makes life easier, the DHS advises you not to choose options that allow your device to remember your passwords; it makes it too easy  for hackers to access your information. 

You know those software updates? They matter.

If you’re prompted to update the software on your device, do it. By installing the update, according to DHS, it will prevent attackers from taking advantage of the known problem with the software.

Do not keep remote connections/Internet on when they’re not in use

Some mobile devices have wireless technologies, such as Bluetooth, that can be used to connect to other devices and computers, according to DHS. Be sure to turn off these services when they’re not in use to ensure the safety of your device's information.

Also, there is a higher likelihood that attackers or viruses scanning the network for available devices will target your smartphone or computer if you’re connected to the Internet. Depending on your device, disconnecting may mean switching off a wireless network, turning off your computer or  cables.

Encrypt your files if you store personal or corporate information on your device

By encrypting your files, you can ensure that those who don’t have authority to see your files can’t view the data even if they have access to it, according to DHS. It’s important to remember your passphrases and passwords if you encrypt your files; if you forget, it is possible  you will lose the data.

Check the security settings on your device

Most software, especially browsers and email programs, offer a variety of features you can tailor to your needs. Using features that provide convenience, such as automatic logins, may make you more vulnerable for attack, according to DHS. If you update your software,  take the time to make sure the update does not change your settings.

Keep an eye on your credit/debit cards and bank account 

Yes, it's painful to look at your transactions and reports but you need to check them often so you can spot any suspicious transactions. The California Attorney General's Office recommends asking  your bank for online monitoring and alerts which will help give you early warnings about fraudulent transactions. 

What to do if your identity has been compromised

Contact companies where you have accounts

Call companies that you hold accounts with to let them know that a person may be using your identity and find out if any unauthorized transactions have been made, DHS suggests. Close accounts to make sure that future charges are denied. In addition to calling, send a letter to the company so you have a written record of the problem. If you're concerned about having a written record, you could also call your local police to file a report or file a complaint with the Federal Trade Commission. 

Contact main credit reporting companies

Contact credit reporting companies, such as Equifax, Experian and  TransUnion, to check your credit report to see if there has been unauthorized activity. Also, DHS recommends, have fraud alerts placed on your credit reports to prevent new accounts being opened without permission.

Think about what other information may have been compromised

If a thief steals your information, it's likely they'll have access to other details. For example, if an attacker has your Social Security number, contact the Social Security Administration, DHS says. Other possible stolen information may include your driver’s license or car registration, in which case you’d want to contact the Department of Motor Vehicles.

Read more on protecting yourself from a "Take Two" conversation with Los Angeles Times consumer columnist David Lazarus:

Take Two: Advice for shoppers in general? 

David Lazarus: My biggest, strongest advice when you're shopping — especially on the Internet — is do business with those you know and trust. For example, if you buy something from Amazon or through Amazon, chances are you’re not going to get burned. These guys know what they’re doing.

If you buy something from  “Bob’s You Buy It Online,” ah! That’s kind of a roll of the dice. Maybe it’s going to work out. Maybe it’s not. Go in with your eyes open, because these sorts of things, you get out of it what they put into it. If they’re not putting the security into it, well chances are what you’re going to get out of it is a lot of heartache. 

TT: What if I’m looking at one of those sites right now? And it says I can use PayPal, my credit card...? What do you recommend? 

DL: I recommend a credit card in almost all circumstances. That’s because if there is fraud, they will cover it. That’s just part of the deal you have when you have credit extended to [you], is that they’re going to have fraud prevention measures in place.

DL: I recommend a credit card in almost all circumstances. That’s because if there is fraud, the card company will cover it. That’s just part of the deal you have when you have credit extended to [you], is that they’re going to have fraud prevention measures in place.

If you use your debit card, remember: it’s your money. You’re basically reaching into your checking account. That’s not to say you can’t get some fraud protection with debit cards as well, but it’s harder. So if you are shopping online, a credit card offers you much more protection than using a debit card. 

TT listener question: Devices used to captured keystrokes to get your key code. Do we need to be worried about the magnetic strip? Do we need some sort of shield in our purse or wallet?  

TT listener question: There are devices thieves use to capture keystrokes and get your key code. Do we need to be worried about the magnetic strip? Do we need some sort of shield in our purse or wallet?  

DL: There are such devices, and they’re itty bitty things. They fit in the palm of your hand. There were reports in years passed that some disreputable servers at restaurants would have them. You would hand your credit card to the person, and they’d swipe it into this little hand-held device before taking it to the cash register — and thus making off with everything that was on [your] magnetic strip.

DL: There are such devices, and they’re itty bitty things. They fit in the palm of your hand. There were reports in years past that some disreputable servers at restaurants would have them. You would hand your credit card to the person, and they’d swipe it into this little hand-held device before taking it to the cash register — and thus making off with everything that was on [your] magnetic strip.

That’s not so common, to be honest. I mean, it can happen. The technology is there. Far more common now is the hacks we saw with Target, Home Depot and a number of other retailers. And in that case, what’s going on is sort of virus or worm or malware gets into the retailer's system, opens up a big hole for the hackers. And the hackers then can come through that hole and make off with all of the information that otherwise they could have gotten from the magnetic strip.

It’s all in the servers now and they can come away with your name, your address, your phone number, your email address, and then God forbid, things like your credit card number or your Social Security number. And that’s something that consumers can only take as an article of faith, because once you hand your plastic to the business or to the retailer, that's it. It becomes an act of trust. And you can only hope that these guys have the security measures in place to protect and be good stewards of your information. 

I have to say, more often than not, I’m unimpressed by what we see in the business world. Far too few companies are encrypting information or putting up the sort of firewalls that would keep the hackers out. Until they do, we’re vulnerable. 

TT: What to do if you’re traveling, someone steals your info and your card is cancelled? 

TT: What should you do if you’re traveling, someone steals your info and your card is cancelled? 

DL: Yeah, you’re up that proverbial creek without a paddle at that point. 

Happily, or unhappily, this happens enough that there is some infrastructure in place to deal with a situation like this. So it’s not the end of the world is what I’m saying. 

First of all, if you need money on the fly, what you’ll need do is either contact your bank or your credit card company or a friend or relative and have them wire it to you by Western Union or some other [service] like that to a locale that’s trustworthy, usually to another Western Union office or to your hotel. That’ll get you the money quickly. 

After that, presuming you’re still going to be overseas for a little bit of time, the whole thing is getting the new plastic sent to you tout de suite.
 
So obviously, if you lose your card or you’re a victim of some sort of fraud overseas and you’ve got to cancel your card, the first thing you’re doing is contacting your credit card company, canceling, putting all the fraud alerts in place and all the rest and then immediately asking them to expedite the new card and send it to you via FedEx or some other overnight service as fast as they possibly can.
So obviously, if you lose your card or you’re a victim of some sort of fraud overseas and you’ve got to cancel your card, the first thing you’re doing is contacting your credit card company, canceling, putting all the fraud alerts in place and then immediately asking them to expedite the new card and send it to you via FedEx or some other overnight service.
 
Now these guys are used to this, so they can handle it. There is a good chance they’ll charge you for that expedited process or for the overnight, but you know if you’re overseas and you’ve already got your vacation planned, that’s the least of your worries, so I say go for it and worry about it later on.
Now these guys are used to this, so they can handle it. There is a good chance they’ll charge you for that expedited process, but you know if you’re overseas and you’ve already got your vacation planned, that’s the least of your worries, so I say go for it and worry about it later on.
 
TT listener question: My question is about identity protection and insurance, and I just had my credit card canceled because of fraud the last couple of days, and like he said, the bank covered that. They took care of it, no problem, but they picked it up of course. But what if they didn’t? What if someone gets my Social Security number?
TT listener question: My question is about identity protection and insurance. I just had my credit card canceled because of fraud and the bank  took care of it. But what if they didn’t?  
 
DL: Sounds like the question is, is there insurance for identity theft and is it worth getting? The answer is yes and no. First of all, yes there is insurance for identity theft. It won’t cover you for the losses as we’ve noted — usually the lender will cover you for that. What it will cover you for are the time you have to spend restoring your good name. So if you’re on the phone for a long time, if you got to miss some work, you know there are various things and it is a very time consuming process. ID theft insurance will compensate you for that, if that’s the kind of thing that’s going to be important to you.
DL: Sounds like the question is, is there insurance for identity theft and is it worth getting? The answer is yes and no. First of all, yes there is insurance for identity theft. It won’t cover you for the losses as we’ve noted — usually the lender will cover you for that. What it will cover you for is the time you have to spend restoring your good name. So if you’re on the phone for a long time or if you've got to miss some work.  ID theft insurance will compensate you for that, if that’s the kind of thing that’s going to be important to you.
 
I’ve had my identity stolen more than once and I’ve had to jump through these hoops, and I can tell you, it’s a pain in the tuckus, but at the same time I don’t think I really lost that much money that I have to worry about filing claims for it. So I don’t recommend that you splurge on ID theft insurance.

I’ve had my identity stolen more than once and I’ve had to jump through these hoops, and I can tell you, it’s a pain in the tuckus, but at the same time I don’t think I really lost that much money that I had to worry about filing claims for it. So I don’t recommend that you splurge on ID theft insurance.

 

Instead what I recommend are preventative measures, and in most cases I don’t think people need to have credit monitoring in place — which is something that you have to pay for to make sure that your credit files are being watched. That’s something that you might want to wait until after you’ve had an incident, but that said, by law you’re entitled to one free credit report each year from each of the big credit reporting agencies: Experian, Equifax and TransUnion.

Space those out every three months or so and you get, well, year-round credit coverage. Also, in some states, it’s worth noting, AAA offers free credit monitoring via Experian to its members and if, God forbid, you are victim of identity theft, you definitely want to look at some credit monitoring at least for six months just to make sure that someone is watching your back.

Space those out every three months or so and you get year-round credit coverage. Also, in some states, it’s worth noting, AAA offers free credit monitoring via Experian to its members and if, God forbid, you are victim of identity theft, you definitely want to look at some credit monitoring at least for six months just to make sure that someone is watching your back.

And if you’re really concerned, and this isn’t a bad idea, look at what is known as a credit freeze. This is when you can slam shut your credit files. It costs about $10 per file to close them and then they can only be reopened with a pin, which only you have. Therefore, if someone gets access to your Social Security number for example and tries to get out a new credit card in your name, they can’t.

And if you’re really concerned, and this isn’t a bad idea, look at what is known as a credit freeze. This is when you can slam shut your credit files. It costs about $10 per file to close them and then they can only be reopened with a PIN, which only you have. Therefore, if someone gets access to your Social Security number for example and tries to take out a new credit card in your name, they can’t.