Identity Theft: The Aftermath 2016
You might call 2016 the year of “the Cyber.” With hackers targeting elections, ransomware on the rise and the impact of the Yahoo breach, it seems we are besieged daily with news of another way information can be lost or stolen.
In the connected world in which we now live, there’s never been a greater need for cybersecurity awareness and education. More than any other point in time, this issue comes into full focus as we recognize National Cyber Security Awareness Month through October.
When it comes to cybercrime, one of the most critical issues facing consumers is identity theft. Approximately 41 million U.S. adults have had their identities stolen and another 49 million know someone who has.
I recently spoke to Eva Velasquez, President/CEO at the Identity Theft Resource Center (ITRC). ITRC just released its signature annual survey, the Identity Theft: The Aftermath 2016 report to better measure the impact of those affected by identity theft and security compromises.
Why was this study important? Why the focus on ID theft? All you have to do is pick up a newspaper or check out your newsfeed to see companies from every sector of the economy announce network breaches. This means lost intellectual property, the compromise of vital financial, personnel and competitive data. For consumers, it also means the loss of personal identifiable data, which in the wrong hands could be used to cause significant harm. Since 2003, the report’s overarching goal has been to better measure the scope of the impact of those experiencing identity theft.
What surprised you the most? What were your main takeaways from the results?
There were a few key findings that jumped out as us from the financial impact to even social and professional fallouts. For instance, nearly 20 percent of our survey respondents reported significant repercussions when their online accounts were taken over, including job loss (24 percent), damage to their friendships and relationships (61 percent) and an impact on their professional reputations (31 percent). We also took a closer look at the types of online accounts being targeted. The most commonly hit accounts include email (11 percent), payment services (10 percent), social media (9 percent), online banking (8 percent), online medical portals (5 percent), health and fitness trackers (2 percent) and gaming accounts (2 percent). What really stood out was the increasing danger in the context of social media. In today’s world of “soundbites,” once something tawdry is seen or read online, it’s often very hard to get your employers, friends and community to “unsee” it and realize that this was NOT something you actually said or did. I have personally spoken to victims whose accounts were taken over and they paid a price for the words and actions of someone else. They were unable to convince friends and employers to believe them. Even those who were eventually able to get others to acknowledge that a crime had occurred still suffered consequences. Sometimes the victim’s situation is viewed as a liability to the company; it’s often easier to simply move on and hire another employee rather than explain the scenario to anyone who might inquire about it in the future.
What’s the biggest challenge victims face in the aftermath? How easy it to recover from ID theft?
Stopping the domino effect that an identity theft issue creates. Every case is different and some are more complex than others. This crime creates challenges for victims that reach into other aspects of their lives. For example, if someone is unable to secure housing due to a bad background or credit check, this can lead to an inability to maintain a job and/or stable living situation for themselves or their family, which will in turn impact their financial stability, and it goes on and on.
The fact that many survey respondents – 30 percent – eventually had to rely on government assistance in order to meet their financial needs post-victimization should be a wakeup call for anyone who thinks this crime doesn’t affect society as a whole. Identity theft can have an extreme adverse effect on the individual, as well as very similar effects on the support systems and people associated with the victim. This issue has a ripple effect and impacts relationships, families and communities.
Fast-forward to 2016. What trends do you see arising and what should we look out for?
There continues to be a lack of general appreciation of the value of one’s identity which provides thieves with a rich platform of possibilities. Thieves have an exceptional track record of discovering new ways to monetize our identities and the various components therein – as we continue to share more information, with connected devices, online platforms, etc., in less than secure ways, we create untold opportunities for the thieves.
· Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media.
· Keep all machines clean: Having the latest security software, web browser and operating system is the best defense against viruses, malware and other threats. If you have experienced cybercrime, immediately update all software on every internet-connected device. All critical software, including PCs and mobile operating systems, security software and other frequently used programs and apps, should be running the most current versions. Use security software to scan any USBs or external devices.
· Back it up: Make sure you have a recent and securely stored backup of all critical data.
· Make better passwords: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember.
· When in doubt, throw it out: Links in email, tweets, posts and online advertising are often how cybercriminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.
· Help the authorities fight cybercrime: Report stolen finances or identities and other cybercrime to the FBI Internet Crime Complaint Center (IC3), the ITRC, the Federal Trade Commission (FTC) and/or your local law enforcement or state attorney general as appropriate.