In my last blog post, I shared some practical ways to help protect yourself online. As important as that is, you should also have a plan in case of a security breach.
How do you know that something has gone awry? All of a sudden you might not be able to log in to your email, social media, or bank accounts. Or maybe you get a multi-factor authentication request seemingly out of nowhere. You may even receive messages from your friends and family asking about a weird message you sent. Your heart sinks and you realize you’ve been hacked–someone has gotten into one of your most sensitive accounts, like your email. As panic, shame, and worry all coalesce into a ball of stress, you’re sure you need to do something! That’s when you need to take a moment, clear your head, and get to work reclaiming what’s yours.
- Reset your password – time is of the essence, so you should initiate a password reset as soon as possible. You can begin this process on the login page for your email–look for something that says, “Forgot Password” or “Login Help” and start that process. If you don’t have multi-factor authentication enabled for your email account, turn that on once you’ve regained access to your email. You can find more information about that in my previous blog post on how to protect yourself.
- Run a scan on your computer to check for viruses, malware, and/or spyware.
- Because your email address is the “keys to the kingdom,” you may find that your logins to other sites have been compromised. You should change the password on sensitive sites, especially if you used the same password on multiple sites. Choose a unique, long (at least 16 characters) password for each site and enable multi-factor authentication where it’s available. Now is also a good time to start using a reputable password manager.
If something more than just an attempt to hack into your email has taken place (e.g., some attempt to fraudulently open an account or steal money from you), there are additional steps to take.
- You can go to the FTC’s identity theft website at http://www.identitytheft.gov/ for resources to aid in the recovery process and help you report a crime if needed.
- If you suspect that your Social Security number has been compromised, contact the Social Security Administration’s fraud hotline at 1-800-269-0271.
- If you’re the victim of tax fraud, the IRS offers the Taxpayer Guide to Identity Theft at https://www.irs.gov/uac/taxpayer-guide-to-identity-theft
- If any of your brokerage or bank accounts have been compromised, your Team Hewins advisor can help you determine if they need to be closed or cloned.
- You can place a fraud alert at one of the credit bureaus, and it will be in place for all three for the next 90 days. You can renew it, for free, every 90 days. If you have a police report number, that fraud alert will be in place for seven years.
- Equifax – 1-800-525-6285
- Experian – 1-888-397-3742
- TransUnion – 1-800-680-7289
- To get stronger protection than a fraud alert, you can place a credit freeze at each credit reporting agency. Putting a freeze in place at one bureau will only freeze your credit with them; you need to put in a freeze at each bureau. With a freeze in place, the only way your credit report can be pulled is if you unfreeze your credit (either temporarily or permanently). This can help prevent people from opening unauthorized credit accounts in your name.
- Review a copy of your credit report. You are entitled to receive your credit report from each of the three main credit reporting bureaus annually at no cost. This has no impact on your credit score, and you can time this so that you’re reviewing your free credit report from a different firm every four months.
- Monitor your financial account statements monthly or log in to your accounts on a regular basis to monitor the transactions. Immediately report any suspicious transactions to your bank or broker and to your Team Hewins advisor.
- Watch your mail in case you receive any physical notifications of accounts being opened or other fraudulent activity.
Being prepared means both protecting yourself and being able to respond after an incident has occurred. We are here to help you with both!
Team Hewins, LLC (“Team Hewins”) is an SEC registered investment adviser; however, such registration does not imply a certain level of skill or training, and no inference to the contrary should be made. We provide this information with the understanding that we are not engaged in rendering legal, accounting, or tax services. We recommend that all investors seek out the services of competent professionals in any of the aforementioned areas.