Who’s looking over your shoulder?
I’m a list maker. I carry around various lists for different parts of my life, and add and delete as I work my way through the tasks. While much in my life has become digital, I always write these lists out on paper. No digital task lists on my Blackberry or in my e-mail system.
But in other ways, I’ve eliminated a significant amount of paper from my life. One benefit is that fewer important pieces of correspondence have to compete with the avalanche of catalogs that seem to pour into the mailbox with astounding regularity. However, there are risks.
As part of my role at Vanguard, I think a lot about information security, and I’ve seen how the fear that someone will steal personal information from a physical mailbox has shifted to the fear of someone doing the same thing with an electronic mailbox. Guarding personal data online has become part of our lives, according to the Identity Theft Resource Center, much like looking over your shoulder on a dark night. In fact, identity theft has been the number-one complaint category at the Federal Trade Commission—accounting for 26% of all reported complaints in 2008—for nine years in a row.
While I think fewer of us are willing to bet that identity theft will miss us, the fact is that many people still feel like they’re in their own little world as they sail through the Internet.
We aren’t, and I believe we need to adjust our attitude.
Start by assuming your computer has already been compromised. Imagine that someone has placed “malware” on it, hacked into it, or “slaved” it to another machine. If you find these scenarios hard to believe, think about the last time you had repair people in your home. Did you leave your passwords next to the computer or in the top drawer while you left the room? Do you store the backup for your PDA on your desktop? If so, you’re inviting an information thief to come along and “scrape” all that data—such as that file in which you store all your passwords.
So, how do you reduce the risk? By making things harder for the fraudsters out there. Just as locking your doors, keeping lights on, and arming your alarm system will discourage thieves, so too will a few precautions on the Web.
You wouldn’t leave your bank statement on your kitchen counter during a party—you’d put it away. That same information should be stored digitally in a password-protected file. It’s not foolproof by any means, particularly if you use the same password for everything, but it lessens the chances you’ll be targeted. The object is deterrence. If someone really wants to break into your home, they will. The same goes for your computer.
Never click “Reply” on an e-mail and give out any personal information, including passwords. People do this all the time and lose personal data immediately. Make sure you have antivirus software, and when the message pops up that says it’s time to renew or update, don’t click “Tell me later.” Get it done right away. When shopping online, always use the same credit card—not a debit card—to help catch false charges. And before you click “Submit,” look for that yellow padlock in the lower right-hand corner of your browser.
More tips: Know who you are buying from, because the highest percentage of online fraud is from undelivered merchandise, according to the Internet Crime Complaint Center. Password-protect your home wifi network—not doing so is tantamount to leaving your front door wide open. Also, think about “diversification of data.” Just as diversification helps reduce risk in investing, it can help reduce the risk of losing personal data. That means not storing everything in the same place, even if it’s password-protected. Split it up. If you’re targeted by thieves, maybe all of your data won’t be taken, and you’ll have a chance to protect some of it.
We take this topic very seriously at Vanguard. Please check out our Security Center for more information.
Notes:
- Links to third-party websites mentioned in this blog post will open new browser windows. Vanguard accepts no responsibility for content on external sites.
- This information is for educational purposes only.
Thanks. I think I’m pretty safe, but the reminder is very usefull. Keep it up!
Glad to see this topic getting some of the attention it deserves, thanks.
I have my accounts on-line with Vanguard. Whenever I receive an e-mai from Vanguard with respect to the accounts, there is always a “link” to click on. I NEVER click on the link because I have no way of knowing whether or not the e-mail is really from Vanguard. I trash the e-mail and then go to the Vanguard website known to me and go from there.
Vanguard ought to discontinue providing clickable links in e-mails.
Good article and information
Good info. Very importand to have computer backed up to separate company on a fequent basis.
My files with critical data — passwords, credit card numbers, etc — are all encrypted. The decryption password exists in two places: in my head and in an envelope in the safe deposit box at my bank.
If I take my PC for servicing, I first encrypt even more files (e.g., a spreadsheet with my Vanguard balances).
I strongly urge everyone to learn about OpenPGP (pretty good privacy) applications and how to use them. For personal use, most OpenPGP applications are freeware.
Very good Info. However, identity theft through physical mail remains higher than e-delivery because e-delivery does contain confidential information. It’s a notice for individual to login and view/download through secure link. Vanguard should include TAX forms in the e-delivery. Due to cut-backs in USPS, there has been increasing amount of misplaced and lost mails. We should urge vanguard to allow TAX forms as part of e-delivery since it’s much more secure. IRS and SEC do NOT require physical tax forms. Some other institutions already allow waiver of paper tax forms.
I often heard about postal mail got lost or people received other people’s mail. It’s NOT safe to mail tax forms. Merrill Lynch, Charles Schwab, TD Ameritrade and Treasury Direct have all included tax forms in e-delivery. Fidelity is working on it, why Vanguard can’t? For Treasury Direct, tax forms are e-delivery only, postal mail is NOT even an option. If Vanguard must mail paper tax forms, at least mask out SSN and account number.