Anthem Data Breach: Protect Yourself
February 5, 2015
With news of the hacking of health insurer Anthem, many consumers may be wondering what they can do to protect themselves. Below are six key steps you can take to ensure you are protected. 1. Get a password manager. After every data breach, the advice is the same — change your password, make sure it is complex, and don’t use the same password or username across various websites. That is simply too hard for you to do without a password manager. Most of us have multiple online accounts, you probably have multiple email addresses, an Amazon account, a few credit card or online banking accounts, student loan accounts, Facebook, Twitter, LinkedIn, DropBox, Evernote, etc. You simply can’t remember all of those usernames and passwords, so chances are you’re using the same username and password, or you’re changing the passwords slightly by adding an “*” or “#” or changing around the capitalization. That’s not secure, as experienced criminals will use your base password and sophisticated software to crack your other passwords. You may think you’re being creative, maximizing convenience and security, but in reality you’re merely maximizing your convenience.
The hackers know you’re lazy, in fact they are relying on it. As soon as they get access to your credentials from one site, they are trying out your credentials at many other sites. So you may think using your standard username and password at the local 5k run website won’t expose your data — at best the bad guys will have access to your name, address, date of birth and run time — but in reality, they will not only have access to that data, but they may also have your username and password, and if that username and password is the same one you are using for important accounts, well you’re asking to be a victim.
How does a password manager change that equation? It provides you with strong, unique passwords for all of your accounts, and keeps them in a secure encrypted vault on your device. There are many password managers on the market (I recommend 1Password). To give you an idea of how it works, check out their video here. 2. Stop recycling user IDs and passwords. Building off of recommendation #1, if you use the same Anthem user id or password across sites, stop doing that, and change all of your other passwords. Of course, this is going to be quite a challenge if you don’t have a password manager, which is why recommendation #1 is so important. Remember, hackers sometimes try stolen IDs and passwords on different sites to gain control of other accounts. That’s why it’s a bad idea to recycle credentials. 3. Don’t confirm or provide personal information in response to an email or text, and don’t click on links in unexpected messages. Legitimate companies won’t ask for bank or credit card information, social security numbers, passwords, or other sensitive information through unsecured channels. The Anthem breach included names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data. Criminals may use this stolen information to send email or texts that appear to be from people or sites you trust. 4. Review your credit card and bank statements often. If you see charges you don’t recognize, contact the fraud department at your bank or credit card provider right away. 5. Check your credit reports – for free – every few months. Monitoring your credit report is a good way to find out if someone has opened credit in your name. You’re entitled to a free report every 12 months from each of the three credit bureaus: Equifax, Experian and TransUnion. To get your report, visit AnnualCreditReport.com or call 1-877-322-8228. Better yet, consider putting asecurity freeze on your accounts. Credit monitoring services like TrueCredit let you do this with a simple click within their software. 6. Use two factor authentication. Two factor authentication is an extra layer of protection beyond your password. First you enter your username and password as usual, then a code is sent to your phone via text, voice call, or mobile app. Only after you enter that code will you be allowed to access your account. Two factor authentication combines something you know (your password) with something you have (your phone), making access by unauthorized users much more difficult.
This article was written by Gregory S. McNeal from Forbes and was legally licensed through the NewsCred publisher network.