internet security

6 Things You Can Do To Protect Yourself from the Recent Equifax Hack

It’s happened once again. On Thursday, September 7, 2017 Equifax reported that they had fallen victim to a cyber-attack. Headlines were plastered with the news of customer information being compromised. An estimated 143 million people may have been affected as result. You can read more about the details of this specific attack here. To find out if you have been impacted you can check here. Understand that if you take any offers from Equifax you may waive your rights in the future to pursue them for damages that may arise from this situation.

How does this affect the average person?

For starters, personal information may now be available to criminals or publicly exposed for the world to see. That personal information may be sold on underground markets and can include names, addresses, phone numbers, and even social security numbers. Just a few pieces of the right information would be enough for anyone to open credit cards, utility accounts, bank accounts, or even allow someone to steal your physical identity. In short, if you receive a notice that you’ve been affected, take the news seriously.

What can be done?

It’s hard to imagine that your personal information might be exposed. Not only that, but it’s scary to think of what might happen after the fact. There are a few things you can do immediately to help prevent any ill-fated effects of compromised information. Here are some tips about what you can do to combat any issues:


Consider setting up credit monitoring with all three of the credit bureaus. The three bureaus are TransUnion, Experian, and Equifax (coincidentally enough). These three bureaus keep a close eye on your credit and are likely to have any credit-related activity reported to them including opening and closing of accounts as well as delinquent, late, or defaulted payments for liabilities. Once credit monitoring is setup you can breathe a little easier knowing you’ll be notified of any activity. Note that these services may or may not be free of charge, and personally I’m not sure I’d recommend anything Equifax has to offer (since they are the reason I’m even writing about this topic). There are also third party identity theft monitoring services such as LifeLock that can monitor your credit and other identity related activities.


In lieu of (or in addition to) setting up credit monitoring you may also want to pull a credit report from each agency. It is a best practice to monitor your credit report on a continuous basis regardless but in times of heightened risk it might be a good idea to grab a copy and make sure there is nothing questionable on your report. If you do find something you disagree with then you can start the process to resolve issues immediately. By continuously monitoring your credit it should reduce the impact from issues in the future. Keep in mind that any unfavorable credit report effects due to a recent compromise of information may take months (or even years) to show up since your information may not be used immediately after the attack.


Alert any banks, credit card companies, investment firms, accountants, and any other third party financial service providers that your information has been compromised. This is helpful in enforcing safeguards to validate your identity when attempting to make transactions or do business with these parties so that they can ensure only you are the party being dealt with.


Consider changing passwords (and login IDs) to sensitive websites. This seems to go without saying, but whenever there is a breach of information it’s always a good idea to change your password to prevent unauthorized use of your information.


Monitor your bank accounts and credit card activity more closely. You can do this by downloading the smartphone apps offered by your bank and credit card company and/or setting up spending notifications by text/e-mail. By setting automated alerts you’ll at least see activity for large transactions and can react very quickly to recover any lost money. Check out my blog about using credit vs. debit at checkout to further reduce the risk of financial compromise.


Last but not least, make sure you file your taxes on time. With the information that may have been stolen anyone could file a tax return for you. It is easy for criminals to craft fictitious tax returns in the hopes that they will receive a refund check, leaving you holding the bag at tax time for any money paid out. There are safeguards set in place at the IRS and state levels to ensure proper handling of all tax returns, but there is always the risk that something slips through the cracks. In the perfect storm of identity theft a criminal may have everything they need to file a legitimate tax return for you and direct any refunds to their accounts. If you do fall victim to fraudulent tax reporting then you should consult with your tax advisor (or find one if you are a self-preparer) to help you address the issue. Even if you don’t meet the minimum requirements to file you should still file a tax return annually.

Criminals are becoming more sophisticated with how they steal from others. The above steps are a starting point; however, they may not be all encompassing since everybody’s situation is different).  I would urge anyone who feels they have fallen victim to a data breach to do what they can to protect themselves. Feel free to post any other tips in the comments section below!


5 Online Security Habits You Should Adopt

Some of you may have heard about the phishing attack that was perpetrated through Google last week. In case you didn’t though, check it out here. I personally experienced an incident through my non-profit e-mail around the same time as the Google phishing incident. I received a suspicious e-mail from the President which appeared legit and written in a similar fashion as that of the President. In my case the sender’s address did not match our non-profit’s extension which was a huge red flag. The request was also odd in itself and so I validated the e-mail with the President and once we determined it was a fake I immediately reported it to Google (our e-mail provider) as well as the rest of our team.

In light of these incidents, I’m writing this week to discuss the importance of online security. It’s a topic that is very hot among CPAs because we are always working hard to protect the sensitive information that is passed to and from our clients. Encrypted e-mail, secure portals, and passwords are just a few of the ways CPAs protect client information from data breach and compromise. I will highlight some best practices that general computer and internet users should consider below.

A Quick Note

Before I get to the 5 online security habits users should adopt I want to tell the tale of an incident of identity theft.

This past tax season when attempting to file a client’s tax return I was notified that my client had already filed a tax return. The IRS has safeguards in place that prevent the same person from filing more than one return for a given tax year and any tax preparer would have received the same notice for this client. Upon further investigation, we were able to determine that the client’s identify had been compromised. The IRS was skeptical as well and had already flagged the return that was filed as fraudulent. The good news is that we were able to identify this with enough time to get the return filed on time, but unfortunately my client has had to clean up any messes the fraudster made.

The moral here is that nobody is safe...

Okay, on to the tips!

#1 Use Internet Security / Antivirus Software

Security software is a cheap insurance policy to help protect from malicious attacks. Although I don’t have many recommendations, my advice is to pick something and use it. Whether you choose Norton, McAfee, BitDefender, Kaspersky, or Avast, you need the protection of a trusted internet security provider. These services are particularly helpful in detecting and preventing threats. Whether those threats are firewall holes, bogus website phishing for your passwords, or viruses designed to compromise your system and private information, a trusted security software platform can save you from hours of headaches from a breach or attack and potentially your financial well-being.

#2 Securely Transmit Sensitive Information

I can’t stress this one enough but if you do nothing else you should be religious about this one. I have heard arguments about how your information is probably already “out there somewhere” but that doesn’t mean you shouldn’t be cautious. You really shouldn’t be e-mailing unsecured files to anyone. Instead, use third-party services like Dropbox or Google Drive to share files with others safely. This not only reduces the chances of an e-mail becoming intercepted but also helps maintain version control over your shared documents. You can also ensure that collaborators have the correct access they need to a file by allowing them to edit or read-only files you share with them. If you must send sensitive information via e-mail, find a way to encrypt the message between you and the sender.

#3 Use Trusted WiFi Spots

Remember the last time you went to Starbucks and hopped on their free Wi-Fi? Well, you might want to reconsider doing so. Whenever you access a public network your information becomes available for all on that network to see. Sadly, hackers have developed sophisticated attacks they can use to scam you just from being on the same network. If your computer is not secured properly you may also be exposing the contents of your entire computer for all to see. Research Virtual Private Networks (VPNs) to learn more about how you can protect yourself when using a public Wi-Fi connection.

#4 Never Give Out Passwords

Never give out your passwords, ever! To protect you, no reputable software, app, or internet product vendor will ever request your password. They can either already see what it is, or, they typically verify your account another way that doesn’t require surrendering your password. If ever asked, consider if the vendor is reputable and if there is another way you can validate your account with the requester. When in doubt, don’t give them up.

#5 Stay Vigilant

You have to stay on your toes nowadays. Some might say the Internet is a blessing and a curse (in more ways than one), but you definitely need to stay vigilant. It's still a relatively new technology so it still has a "wild west" feel to it. Resetting passwords as well as revisiting (and refreshing) your security protocols every few months is well advised to keep attackers guessing. Using keychain style programs such as LastPass to store all of your logins in one place is helpful, but can also be a single point of failure if the master key is compromised. The nice thing is that those vendors typically generate very powerful passwords for you without you having to think about it. Also, most internet security software will run in real-time and on a scheduled basis so you can constantly have the software monitoring your system for flaws. Evaluate your security situation and make necessary changes to get setup to help prevent problems. Remember, it’s better to be safe than sorry.

I could go on and on about all the things you should do to stay safe and the above tips are certainly just the tip of the iceberg; but I’ll spare the audience. These tips should be considered whether you are using a mobile device or computer. Stay safe out there and think about what you’re doing, where you’re doing it, and with whom you’re dealing with before you do anything. Feel free to share your tips & tricks to staying safe on the internet in the comments section below.