Protecting your identity: A conversation with Chubb and Aura about the dangers of cybercrime

A conversation between Chubb’s Paula Sibal, Service Solution Specialist, and Chris Hamilton, Practice Leader for Financial Services at Aura 

In today’s digital age, data breaches and identity theft pose significant risks to both individuals and businesses. We are also seeing cyber criminals exploit vulnerabilities in digital transaction and payment systems.

To highlight this important issue, Chubb’s Paula Sibal sat down with Aura’s Chris Hamilton for his valuable insights on the dangers of cybercrime. Aura is a leading provider of identity theft and privacy management services and technology. During the conversation, Chris shared tips to protect yourself against data breaches and offered guidance on what to do if you’re the victim of a cybercrime.

Paula: We hear the term a lot in the news, but what does “data breach” mean? 

Chris: A data breach is when unauthorized parties access an information system or database to steal confidential information. That information can contain sensitive PII (personally Identifiable Information) on individuals, such as emails, phone numbers, addresses, bank account details, healthcare information, or — as in the recent National Public Data (NPD) breach — Social Security numbers.

Paula: What do you consider to be the top ways people can try to protect themselves from cybercrime, especially identity theft? 

Chris:

1. Aura’s top recommendation is to reduce the amount of information available about you online. A privacy management company like Aura can help by removing your information from data brokers, but the best thing to do by far is to stop giving out personal information to sites and people you don’t trust to look after it. The fewer places that have it, the lower the risk of it being leaked in a breach. 

2. Learn to spot the warning signs of a phishing attack or online scammer; these warning signs include:

• Urgency. Online scammers tend to send unsolicited emails with seemingly urgent or time-sensitive messages that appear to come from government agencies, well-known businesses, or financial institutions.
• Poor spelling, formatting, and design. Scam emails, texts, and DMs often contain spelling and grammatical errors. Oddly placed logos and incorrect branding are also red flags. 
• Suspicious links. Online criminals often include links that prompt you to log in to your online accounts — but the links lead to fake websites.

3. Freeze your credit. Identity thieves may attempt to take out loans, open new accounts, or apply for credit cards in your name. A proactive credit freeze is better than a fraud alert as it prevents anyone from accessing your credit file and credit history. It’s a free service provided by the three major credit reporting bureaus and can prevent financial fraud with very few downsides — and you can lift (or “thaw”) the freeze anytime when you need to apply for credit, such as for an auto or home loan.

4. Add multi-layered security to your devices and online accounts. Strong passwords, two-factor authentication (2FA), and smart security settings on your phone and laptop can help proactively protect you against online identity theft. To add more layers of protection to your online accounts, create complex and unique passwords for each account. 

5. Don’t use public Wi-Fi (without a VPN). Avoid logging onto free Wi-Fi connections in hotel lobbies, airport lounges, etc. Hackers can break into public Wi-Fi networks and spy on you as you enter sensitive information and passwords – or even infect your device with malware. If you absolutely must use public Wi-Fi, make sure you:

• Use a Virtual Private Network (VPN). VPN services encrypt the connection between your device and public Wi-Fi networks, allowing you to browse privately and securely.
• Invest in reliable antivirus software. Without it, fraudsters can install invasive malware, spyware, or ransomware.
• Secure your cell phone. Scammers can trick your provider into transferring your phone number to their mobile device — a process called SIM swapping. Contact your carrier and ask what protections are offered for your SIM card.

Paula: If someone was a victim of a data breach or identity theft, what should they do?

Chris: Here is what consumers should be doing when notified of a data breach, or if they believe they are the victim of a digital identity incident:

• Confirm the breach happened (but be cautious of emails).
  
• Find out what sensitive data was stolen.
• Secure your logins, passwords, and PIN numbers.
• Switch to an authenticator app for 2FA/MFA on any account that allows it.
• Freeze your credit with all three credit bureaus – Equifax, Experian, and TransUnion.
• Start to monitor other accounts for suspicious activity.
• Remove your personal information from data brokers; this may require using a privacy management company.
• Delete accounts that are now obsolete, and
• Sign up for an identity monitoring service.

Paula: What can one do to prevent becoming a victim of financial or credit fraud?

Chris: A good start is to review your bank statements regularly for unauthorized account activity – which can be done in almost real-time with online statements.

A good proactive habit is to lock or freeze your credit — so that nobody other than you can use or claim it. A credit lock is a financial security feature that blocks unauthorized access to your credit reports. When your credit is “locked,” lenders can’t access your file – and therefore won’t be able to extend credit in your name until the file is “unlocked.” The alternative for consumers is to place a credit freeze, which is slightly different to a full credit lock.

Paula: How is a credit lock different from a credit freeze or fraud alert?

Chris: The terms “credit freeze” and “credit lock” are often used interchangeably. Yet, while they offer similar protections, there are subtle differences. The main difference between a credit lock and a credit freeze or fraud alert is that you can easily turn a credit lock on or off from an app or website. In contrast, a credit freeze or fraud alert requires you to contact each of the relevant credit bureaus to “lift” the security measure. 

Paula: Switching gears, we know social media platforms like Facebook, LinkedIn, and Instagram can be gateways for identity theft and cybercrime. What can people do to limit their exposure while still using social media?

Chris: When it comes to protecting your identity online, social media is highly problematic. Social media platforms are places where users are encouraged to share personal updates with the world around them.

But this doesn’t mean that individuals should share personally identifiable information (PII). Even sharing one’s whereabouts by posting real-time holiday photos lets any bad actor know that your home might be empty and accessible.

The same is true for limiting your digital identity. Our number one tip is to reduce the amount of information available about yourself online. Be cautious about what you share on all social media, including LinkedIn. Don’t share photos of your children that can be manipulated to embarrass or, even worse, threaten them or you later. Social media can also expose you to cyberbullying, online predators, identity thieves, and inappropriate content.

Paula: What about passwords? What are some tools people can use to protect passwords and other sensitive information?

Chris: Passwords are the first — and sometimes only — line of defense against hackers. When you use strong and unique passwords for every account, you are much less vulnerable to account takeovers and losing sensitive information that could be used to steal your identity. Unfortunately, few people have secure systems in place to help them protect and remember their passwords. 

Password managers can help. They store all your login credentials in a single encrypted vault, giving you quick access to accounts by using a single, secure master password. You can go further with an online vault — a service that enables you to securely store your personal data, home and property titles, passwords, and digital copies of your passport, insurance cards, and estate planning and other documents — all in one place.