If you haven't dealt with a data breach, you probably will soon. It's not a matter of if, but when hackers have the time to get around to you.
Hackers stole the personal information of more than half of all Americans in 2014, according to the Ponemon Institute. Globally, hackers have swiped personal information and account username and passwords belonging to more than 1 billion people.
Even Inc. magazine suffered a breach recently. A staffer was duped by a phishing email and sent a PDF of employee W-2s to a criminal. In response, we have been freezing our credit, filing identity theft affidavits along with our taxes and monitoring our accounts.
This week, Adam Levin, the founder of identity theft management firm IDT911, came into Inc.'s offices to talk about what we should do now that hackers have our name, address, salary information and Social Security number.
Levin says it starts with recognizing the reality of our online world today.
"The environment we live in, breaches have become the third certainty of life," Levin says. "That's the reality. Getting breached is right behind death and taxes."
Every time you buy something on a credit or debit card, every time you Tweet or use Facebook, Instagram or Snapchat, information about who you are, where you are, and what you're doing is being monitored, tracked, and stored. Companies buy and sell customer data and these companies get breached.
"As a result, the chances your information isn't already floating out there is extremely limited," says Levin. "The only reason why people haven't become victims of identity theft as of now is simply because they haven't gotten to us yet."
It all sounds fatalistic, but there are steps you can take to minimize your risk, monitor your identity and manage identity theft after a breach.
Minimize your risk
To minimize the risk of being hacked or to reduce further damage once criminals have your data, you need to limit the amount of information and access you give to everyone in your life and every organization you deal with. First and foremost, do not click on links in emails, text messages, or social media and do not verify your identity with personal or financial information to anyone who calls you. If you want to learn more about email phishing scams, listen to the Episode 54 of the Inc. Uncensored podcast.
Do not leave sensitive data on your hard drive. When you do your taxes or apply for a mortgage, take the files off your computer by putting them on an encrypted thumb drive.
Freeze your credit. It means you can't open a new credit card, but no one else can either.
Never give out your Social Security number. This includes doctors and landlords.
Get comfortable with lying. Do not give your real birthday or address on social media or online accounts. When an account asks for answers to security questions, including your mother's maiden name, the high school you went to, or a pet's name, make up fake answers. These answers are information a hacker could use to mimic your identity and if you tell the truth to these questions, it's easier for them to track down the right answers using other means.
Monitor your identity
Levin says you can buy a monitoring service, but the best guardian of your own information is you. You need to be proactive and monitor your credit score, credit card purchases, bank account transactions every day. Make sure you keep an eye on your 401K or retirement account, and read the explanation of medical benefits and social security benefits frequently to make sure no one is using your benefits.
Financial identity theft is one thing, but medical and criminal identity theft can be even worse. Criminals steal other people's identities to do crimes under a false name, Levin says. Other criminals steal people's identities to use their health insurance or sell your health insurance to others to use. You need to stay alert to all types of fraud.
If you get a phone call from a creditor you never heard of before, ask them to prove it to you in writing before making payments. Whatever you do, do not authenticate your identity, Social Security number, or account number to someone who calls you.
Manage your identity
If your Social Security has been stolen, you need to manage your identity for at least five years, Levin says. Buy an identity management service or ask your insurance company or HR department. These services are available now on many policies. You need to remember that your identity is a day job to hackers, Levin says. Criminals make money off your identity, either by selling it or exploiting it.
The most important thing, says Levin, is embrace the mindset that identity theft is like a form of cancer.
"You have to deal with this as if you have a chronic and potentially terminal illness in the sense that there are precautions you have to take and you have to keep an eye on it. If you don't, it can and will get worse," he says.