The best thing about being a victim of a data breach is nothing. I should know. Within the last two years I’ve been notified of eight instances where my private data may have been hacked at an organization I patronize.
My most recent security breach notification came last week when fraudsters usurped data from around 90,000 banking customers of BMO and CIBC-owned Simplii Financial.
Like many Canadians, I’ve also endured breaches at Equifax Canada, Uber, Bell Canada, PC Points, Air Miles, and Facebook.
I wish my hack attacks were limited to financial institutions, loyalty programs, and telecommunications companies, but last month one of my gig economy employers — the CBC — was robbed of a “piece of computer equipment” containing the employment records of likely myself and 20,000 other possible future identity theft victims.
If guarding my chequing account wasn’t bad enough, now my Social Insurance Number, health records, and credit history are at risk too. After cancelling my credit card twice due to fraudulent charges and reporting strange activity on my credit report thrice, I want to go offline and hide under a rock.
According to Symantec’s 2017 Internet Security Threat Report, almost 40 per cent of data lost in consumer security breaches in 2016 was personal financial information, which could include banking records, and credit or debit card details.
While new regulations starting Nov. 1 will require Canadian organizations to report consumer data breaches in a timely manner, the onus is ultimately on you to check credit reports and account activities to ensure you don’t fall victim to fraud.
My former life as a developer in the security industry doesn’t protect me from the hackers taking my personal information from the businesses I patronize. As personal finance and technology continue to merge, it’s wise to use the tools we all have to best protect our personal data.
Here are five steps you can take today:
1. Change your passwords, make them strong
A strong password is a pain to remember and create — that’s why too many of us use weak passwords like “flower” or numerical sequences to protect our accounts. A strong password has at least six characters combining numbers and symbols (@, #, $, %, etc.) with uppercase and lowercase letters.
Get a new ATM card if your login is also your card number. Never store your banking passwords in your browser cache — clear cookies to keep your passwords secure.
Change passwords every 90 days to keep hackers from snooping your online accounts, and make sure you don’t reuse passwords between different accounts.
2. Enable two-factor (2FA) authentication.
A more secure way of verifying your identity is to require two codes before logging in. With two-factor authentication you’ll first need to enter your password and then a secret code — often a text message sent to your phone — to access your account.
With 2FA even if your password is compromised, the hacker is blocked without the second factor.
Many bigger online services like Gmail and Facebook offer 2FA, but Canadian banks seem to be behind with consumer security.
3. Monitor your accounts and credit reports.
Check your bank account balances and credit card statements for unauthorized charges and report them immediately.
Request your credit report from credit reporting agencies TransUnion and Equifax (which also experienced a security breach in 2017) and set up a fraud alert.
Contact local police and the Canadian Anti-Fraud Centre (CAFC) to report identity fraud.
If possible, compare your paper statements to your online transactions to be sure they match — sophisticated hackers may have the ability to alter digital balances to prevent detection.
4. Stay on top of security updates.
Don’t wait to install new malware and security updates on your devices.
Taking an online break to patch an operating system, app, or software vulnerability could save you from a breach.
5. Never enter personal data on public Wi-Fi.
Entering your banking information on an unsecured website or via a public Wi-Fi hub increases your risk to hackers seeking to steal your personal data.
Be aware of what your financial institution is doing to protect you and request stronger security measures like 2FA to better secure your finances and identity.
It’s 2018, our banks must do better.