By Eric D. Morton & Kellie M. Delaney
All of us have dozens of online accounts. LinkedIn, Facebook, 
Instagram, professional organizations, Google, Apple, Netflix, Zoom, to mention a few. And then there’s online shopping. How did we get THIS connected to a digital ecosystem?
Every day, we make tradeoffs between data privacy and security on the one hand, and the myriad reasons we embrace technology and share personal data on the other. Advertisers, public utilities, banks, retailers, friends, and family are all beckoning us to eschew the analog for the digital. Since COVID-19, it’s even more apparent that we must share personal information in order to rely on technology for things that we can no longer do in person.
This leaves us more vulnerable. A recent study found that the average person online has about 100 passwords for various accounts. Criminals are using more clever and sophisticated means of breaching security systems such as “credential stuffing”. Credential stuffing is the use of repeated attempts to access online accounts using usernames and passwords stolen from other online services. Criminals use software that makes hundreds of thousands of log-in attempts with stolen login credentials until one works. Online criminals constantly create new hacking methods.
What to do
While we can’t control a lot of what happens to our personal data, we can take steps to protect ourselves from the rampant fraud that has been enabled by the ubiquitous circulation of personal data.
Here are five steps you can take to protect your personal data:
- Lock your credit reports at all three credit reporting agencies. Set up alerts so you know when something changes with your credit report.
- Add two-factor authentication to all your online accounts. Yes, it’s inconvenient to look for the code and enter it before you can log in. But it’s one of the best ways to protect yourself.
- Use a password manager like LastPass or Norton, for all your accounts. Consider generating new passwords for all of your accounts.
- Open an account online with the Social Security Administration. The website is ssa.gov. Do so even if Medicare and Social Security are nowhere on your horizon. This helps ensure that no one can impersonate you at the Social Security Administration. Some retirees have been surprised to find that when they went to enroll in Social Security or Medicare, someone had beat them to it, and the SSA was paying benefits to someone else in another state.
- Go to the IRS website and get a tax return PIN number. Other bad actors file fraudulent tax returns to get a refund on someone else’s account. With a PIN from the IRS, no one can file a return on your behalf without that PIN.
The train has left the station when it comes to personal data. But you can still be careful and protect yourself. You’ll be glad you did.
Eric D. Morton is the Principal at Clear Sky Law Group. You can reach Eric at emorton@clearskylaw.com or 760-722-6582. Kellie M. Delaney is Of Counsel with Clear Sky Law Group. Her practice areas include data privacy, workplace investigations, and employment law. She can be reached at kdelaney@clearskylaw.com or 510-556-0367.
