September 27, 2017
Equifax Breach Commentary
While the Equifax security breach only recently became public knowledge on September 8, in many ways, it was a lifetime ago.
We were already on high alert for instances of identity theft. But the source, scope, and what seems like a justified feeling of betrayal associated with this particular breach have ushered in a new era of cybersecurity. There was before the Equifax breach; now there’s after.
What does “after” look like, and how can we help you navigate it? You’ve no doubt noticed a barrage of articles covering what has happened and what others suggest you should do about it. Unfortunately, there is no one-size-fits-all regimen, but here are some of the most frequently cited actions we’ve seen, along with our commentary on them:
Check your credit reports using annualcreditreport.com. Keeping an eye on your credit reports has long been a best practice, and should continue to be, today more than ever. Be sure to only use annualcreditreport.com. As the website says, it is the only provider authorized by Federal law to provide you with the free annual reports that already are rightfully yours. Also, so you can obtain a free credit report more than annually, consider staggering the three primary agencies’ reports, selecting one to review every four months.
Consider placing a fraud alert or a freeze on your credit. Deciding which (if either) of these actions makes sense for you depends on your personal circumstances. For example, if you’re frequently applying for credit, placing a freeze may be impractical. On the other hand, if you have been a victim of identity theft, an alert might not suffice. In this instance, it’s worth reading through the advantages and disadvantages before determining your next steps. We’re here for you as well, to serve as an additional sounding board.
Consider enrolling in a credit monitoring service. Equifax has offered to provide a year of free credit monitoring and identity theft protection via TrustedID Premier. We’ve seen mixed reviews on whether it makes sense to accept Equifax’s offer. First, there’s the whole trust issue raised by the recent breach. Plus, identity thieves have nearly endless patience, so one year of monitoring is only the beginning. That said, other independent services can be costly (especially if you’ve got an entire family to cover), and they may not ultimately offer much that you cannot do on your own if you so choose. It comes down to a cost/benefit analysis unique to you.
Regularly change the passwords and PINs on your financial accounts. Like regularly monitoring your credit reports, periodically changing your financial account login information has been and remains a best practice. Quarterly or at least twice a year makes good sense to us.
File your tax returns as early as you’re able. Filing early minimizes the opportunity for an identity thief to file a bogus return on your behalf.
We’ve seen other tips and pointers besides these, some of which may be advisable as well. To avoid informational overload, here are three guiding lights:
- Pace yourself. As with any seemingly insurmountable challenge, it may be best to take things one step at a time, lest you lock up and end up doing nothing at all.
- Patiently prevail. Approach your security as an ongoing process rather than a quick fix. After determining which actions make sense for you, set up a routine and a schedule for implementing them. Write down your plans, and then follow them.
- Partner with us. We won’t go into sensitive specifics here but, as financial advisors, we have long been taking strong measures at our end to protect against hackers and identity thieves. That said, no system is impregnable. The more aggressively we join forces to thwart cybercriminals, the more likely we will ultimately prevail.
So, how can we help you moving forward? If you’d like to consult with us as you think through some of the points we’ve touched on above, we welcome the conversation. We also ask you to be responsive when we reach out to you with security-related questions or suggestions. For example, earlier this year, we produced a quick-reference and more detailed overview, “Avoiding Financial Scams and Identity Theft Slams,” filled with perennial information and best practices. We’d be delighted to share (or re-share) those materials with you.
As this wise educator observed in reflecting on the Equifax breach, “Security isn’t a product. It’s a process.” Just as sensible investing involves taking appropriate near-term steps in the context of an ongoing, personalized plan, so too do we find it increasingly imperative to respond to this and future cyberattacks with upfront planning, well-reasoned action and continued best practices. Let us know how else we can assist with that!