October is officially National Cyber Security Awareness Month. Unofficially, it also seems to be Cyber Theft Month.
Frighteningly, credit house Experian revealed that the personal information of 15 million people who applied for T-Mobile service had been stolen while online broker Scottrade revealed that up to 4.6 million of its customers had been digitally violated. If you're one of those millions, you've got some well-heeled company.
Even Trump is a victim. The Trump Hotel Collection had to also admit this month that seven of its hotels had experienced a possible data breach in its customer payment system.
So what gives? Are companies just throwing in the towel and accepting that such thefts are part of today's cost of doing business? And just what are we as consumers supposed to do about it, if anything?
While the news of these embarrassing thefts was making headlines, the Virus Bulletin conference was wrapping up in Prague. One of the attendees, independent security consultant Graham Cluley, said in an email that most of the attention was focused on combating sophisticated malware. But we could probably gain a lot from security experts by emulating their behavior.
Those working against hackers around the world habitually put electrical tape over the built-in cameras on their own laptops, for example. Are they being paranoid? Not really.
Adam Kujawa, head of Malware Intelligence at Malwarebytes Labs, suggests at a minimum each of us should take three simple steps to reduce our exposure to cyber theft:
“First of all, utilizing different passwords for different sites is important," he said. “Since break-ins are ineluctable, using different passwords will limit the damage to a single service, such as a store credit card, rather than all to all of your financial accounts.”
“Second is the utilization of two-factor authentication," Kujama added. Simply put, it means that your bank or Google account will require not just a password but also a confirmation text sent to, say, your smartphone before allowing access to your account. You can set this up on most sites these days.
Third, monitor your accounts, particularly credit cards, closely. According to Cluley, monitoring your financial transactions and looking for unusual activity is the main line of defense. Waiting for a company to tell you that's there's a potential problem isn't wise. The theft at Trump Central, for example, goes back as far as May of last year, and the Scottrade and Experian break-ins go back as far as 2013 - but the thefts weren't revealed to customers until now.
"Thieves will often test to see if a stolen card is good by making very small charges before ringing up big ones," explained Eric Chiu, president and co-founder of HyTrust. "So alert your credit card company immediately if you see anything unexpected - however small the charge may be."
The chorus of frustration from security experts usually contains a refrain about companies failing to take these thefts (and internal vulnerabilities) more seriously. So I suggest that consumers also complain to businesses every time there's a security breach. We tend to be too nonchalant about such thefts, but anyone who has wasted weeks fighting identity theft knows it can be a serious issue.
Should you pay for a special service to protect you online? Most security analysts answer succinctly: No. "There is no service available now or in the future that can promise 100 percent privacy, 100 percent security, and 100 percent effectiveness," says Malwarebytes' Kujawa.