What Can You do to Help Protect Yourself From Data Breaches?

On November 30, 2018, Marriott revealed that its Starwood reservation system had been hacked exposing the personal data of approximately 500 million guests. It appears that not only credit card information was compromised but also passport numbers, birth dates, cell numbers, arrival and departure dates, etc. The Marriott data breach is just another in a long series of seemingly continuous breaches.

Do you pay attention to the notice letters sent in response to data breaches such as Marriott, or have you succumbed to “breach fatigue”? Our strong advice is to pay attention. If you receive notice that your information was potentially involved in a data breach, carefully read the letter and seriously consider taking advantage of any credit monitoring or other services which are offered. For example, Marriott offered an identity monitoring service from WebWatcher which will alert you if your information shows up online or on the dark web. While industry experts largely agree that such monitoring services does not “prevent” identity theft and individuals must exercise constant vigilance, these monitoring services serve as an additional “set of eyes.”

In addition, you should consider taking the following proactive measures:

1. Change all of your passwords—immediately. When you create new passwords, be sure to use a different one for each site. And make the password length as long as you are allowed. If the site will allow passwords of 15 characters—use all fifteen. Most experts now agree that length of a password is more important than its “complexity.”
2. Use a password manager. If you follow the advice above, a password manager will become a necessity. There are a number of good ones available such as: LastPass, Dashlane, Keeper,1Pass, Roboform, LogMeOnce, Boss, etc. You can easily search online for password managers and learn about your options.
3. Implement multi-factor authentication whenever it is offered. This usually involves sending a code to your cellphone or receiving a code from an additional application installed on your smart device. As of now, it is the most widely used and most cost-effective authentication strategy available. While some users may view multi-factor authentication as a “hassle,” the extra security it provides is worth the extra 45 seconds required complete the process.
4. Use PayPal, Apple Pay or a similar online payment service rather than saving credit card information in multiple online accounts. And make sure that service is protected with multi-factor authentication.
5. Unless you frequently visit an online store or vendor, use the “Guest” checkout feature rather than creating another on-line account. This will help to minimize accounts with your information that could be compromised.

Finally, before you provide any personal information online, take a moment to pause and weigh the benefits you receive for providing that information against the harm that might result if it is misused—remember, the information you put online will likely be there forever. The more you can reduce your online footprint the less you will have to worry about breaches such as Marriott.

James E. O’Connor