Security Setup!– transcript – Kurt Baker
Written by Kurtis Baker on December 2, 2018
Security Setup!
00:18 Kurt Baker: You’re listening to a podcast of Master Your Finances with me, Kurt Baker, a certified financial planner professional, Sunday mornings at 9:00 AM on 1077thebronc.com.
00:28 Announcer: Another day, another dollar, and our certified financial planner professional Kurt Baker will give you the tips you need to turn that single into a sea of green with Master Your Finances, whether you have enough to get by or too much in your pockets. Kurt Baker and his weekly guests are here to show you how to manage it all. Master Your Finances is underwritten by Certified Wealth Management and Investment LLC. Now listen up, because it’s time to get ahold of those money matters and Master Your Finances.
00:56 Kurt Baker: Good morning and welcome back to another edition of Master Your Finances presented by Certified Wealth Management and Investment. I am Kurt Baker, a certified financial planner professional, I’m hosting your show today. My office is located in Princeton, New Jersey. And I can be reached through our website, which is www.cwmi.us, or you can call me directly at 609-716-4700. Last week we talked a little bit about a lot of the things that are going on this past week, which was Black Friday, as well as Cyber Monday, which were a lot of the deals that you could get and the ways to really kind of take advantage of the different deals. And we find that even though those were kind of the highlighted periods of time, as far as the deals go, we show that nowadays because it is so competitive that you’ll see deals ongoing most likely throughout the holiday season. So just keep your eyes open, hopefully, you’ve subscribed at some of the various retailers that you’re interested in, whether it’s Amazon or some of the individual ones like Best Buy and things like that, because it’s very likely that if you subscribe to their various services, they’ll alert you when they have very specific deals, because it is a competitive time of year and retailers really do try to kind of make their money, and a lot of their money is made in this final quarter of the year because of the holiday season.
02:37 Kurt Baker: Another thing that many of you were involved in, and hopefully you were involved in Giving Tuesday which was started a few years back, which is a very great tradition to help out non-profits. And many of the platforms such as PayPal will actually donate back the transaction fees during Giving Tuesday to also assist with them. And so we also like to thank everybody on the Wednesday afterwards, if you’re a non-profit, we actually have a non-profit that we’re involved in. And so we just wanna thank everybody for supporting whatever non-profits you’re interested in. It’s very important to support non-profits and the work that they all do, ’cause it’s very good.
03:15 Kurt Baker: And I also talked a little bit about how you can check out the various non-profits through various services such as guidestar.org and things like that. So just make sure that your donations are going to what you would like for them to go to. The other thing that happens this time of year, it is a busy time of year for retailers and many other professions, one of which is the people who get involved in various types of fraud. And we just had a recent disclosure by Marriott, where they had a breach that they notified everybody of on Friday, and it was pretty significant. Marriott is one of the largest hotel chains in the world, and its Starwood reservation database was hacked and the personal information of up to 500 million guests may have been stolen. That’s a lot of people considering United States has roughly 320 to 330 million. That is an enormous number of people, and so we are very exposed. It’s very important to understand that a lot of these systems are vulnerable, and that we need to do our part in it.
04:33 Kurt Baker: So some of the things that they feel that was accessed was unauthorized information from back up into 2014. Some of the information includes things like names, email addresses, passport numbers, and payment information according to Marriott. And of course, Arne Sorenson, Marriott’s chief executive said they were very sorry for that, and that they’re doing everything at this point that they can do to assist their clients, which is nice, but this is kind of after the fact. This is actually the second largest breach of information, personal information since Yahoo had its breach back between 2013 and 2014, which affected about 3 billion user accounts. A little bit of a difference here is they may even have more specific information. So if you happen to use any of Marriott’s systems in the Starwood reservation database and you have any questions about it, they did set up a website specifically for that which is info.starwood.com, and you can find out who may have been affected and whether or not you might have been affected. And so of course, when things like this happened, that brings up things like cyber security and fraud and identity theft and things like that.
06:00 Kurt Baker: And some of the things that they talk about here initially is that, when we go to different hotels and things, people often will tie into the various Wi-Fi networks, which many people aren’t aware that those are unsecure, when you actually tie into those. In fact, just when you sign in, you’ll see there’s a warning there that you accept their terms and service, but if you read very carefully, they talk about how it’s not encrypted, it’s not guaranteed that that’s secure. So one of the things that I’ve done is that helps with this, I mean, nothing can… Everything could be breached at some level if somebody wants to try hard enough, but I use what’s called a VPN or a virtual private network subscription.
06:38 Kurt Baker: And so no matter when or where or how I log into anything, it’s always through a secure connection which actually then goes to a known server, so to speak, of the service that I belong to, and then it goes from there into the Internet. So it’s a little bit better. So the the Wi-Fi piece of it is actually encrypted, and it’s very inexpensive to do that in my view. If you travel or you ever go on public Wi-Fi systems, I think it’s really wise to take that extra step because you don’t wanna make it easier for those who are trying to steal that information.
07:16 Kurt Baker: And so this is one of the things we have to be very careful of. In this case, it’s a little concerning because of the fact that some of this information may have been encrypted, and they believe that there’s a possibility the actual encryption keys may have been taken as well. And those encryption keys, what those are is when something is encrypted there’s a key to unlock it, so you lock it with the encryption technology and on the other end there’s a way to unlock it.
07:41 Kurt Baker: And the danger in that is that if somebody has those keys they can open it up. If you notice, when you go on to things like a website, a secure site which will have the little SSL certificate up in the bar at the top. So always make sure it is a secure website before you ever give out any credit card information, but once you actually start typing in that information, or when you finish, you’ll see that it’ll actually… Typically, you’ll see the encryption, it’ll actually hide the majority of the credit card information, because at that point it’s now encrypted and it makes it much, much more difficult for anybody to access the information, and that’s why they do that.
08:19 Kurt Baker: However, in this particular case, they think that the actual encryption keys may have been compromised, as well, which if you ever went in and reserve a hotel room, as we all know, they’ll typically ask for your credit card information even if you’re not going to be… It has a guarantee, so to speak, and so if you’ve ever been involved in any of that, just be aware that your credit card now may be exposed, and you need to take steps to kinda monitor it and make sure that you know whether or not there’s any fraudulent activity occurring on your card as you should always do. And so it’s kind of dangerous to just assume that everybody’s systems on the other end work as they should.
09:04 Kurt Baker: And this is an example where we need to be aware of that. So what we need to do on our end is constantly monitor the credit cards themselves, and there’s many things that we can do about that, because even though you think you’re using encrypted sites, you’re purchasing through these different portals that are out there now, which is most of the things we do are on these various platforms that we’re essentially trusting, you still need to monitor the activity on your end and make sure that you don’t… If you see anything unusual to be sure that you take care of that and you watch your accounts, you make sure you keep track of your credit cards and so forth.
09:41 Kurt Baker: So when we come back here in a few minutes, we’ll talk a little bit about some of the steps that you can take to go through and protect yourself from your end of it, because there are tools that are available as far as on the credit card side and on the banking side to have an extra level of security so that if something is going on, that you could stop it early before there’s a significant breach of your account and you have things like a money transferred out of your account, or your credit card bill has run up, and also maybe you’re traveling and you no longer have access to credit, because somebody’s actually accessed the account and now they’ve got hundreds if not thousands of dollars in charges against your account. I will be right back in just a few minutes.
[music]
10:32 Announcer: It’s all about how you manage your money. Now, let’s get back to learning how from Kurt Baker of Certified Wealth Management and Investment with Master Your Finances.
10:42 Kurt Baker: Welcome back, you’re listening to Master Your Finances. I am Kurt Baker, a certified financial planner professional. In the last segment we were talking a little bit about the recent breach we had with Marriott, where over… They estimated about 500 million of their customers’ information may have been exposed, everywhere from their names and addresses and phone numbers and credit card information and things like that. So if a large company can have an issue that means pretty much any company can have an issue. So what do we do? Right? So there’s really two sides to this, what do we do if we’re a business owner and what do we do if we are an individual? So there’s a couple of things, I’ll start off just kind of on the business side because there are some obligations. Many people think we hear about these larger data breaches, but the reality is it happens with smaller entities, too, because the professionals know that smaller businesses don’t tend to have the resources that larger entities do to protect the data. So if you happen to be in a business, a retailer, a small retailer even though you may think, “Well, I’m not really a big target.” You just might be a big target because from their perspective, you might be kinda like the low-hanging fruit, right?
11:52 Kurt Baker: So if they think, if they drive by and they detect that you have an open Wi-Fi system or something they can maybe access fairly easily, and they get into your system, they might then use their technology on how to break into your system a little bit easier, and they may just do it only because it’s simple and easy for them. So any time we have a data breach some of the things that we’re concerned about are, as I said before, name, address, email address, social security numbers is a big one, driver’s license numbers, other financial information like bank account information, credit card information, debit card information, which of course opens up your personal or your business accounts to possibly having them drain of those resources of which, of course, you may very well need, of course.
12:42 Kurt Baker: So the electronic breaches really come in a couple of forms like, through hacking, of course, they break in somehow through the passwords, they may actually install things like malware which is software where you may have gotten an email or somebody in your company may have received an email and they may have opened up an attachment of some sort, and they could have either installed some type of malware, some type of spyware, they can do skimming information off of websites and other areas. And so they can be insiders, somebody within the entities. You have to be aware, you need to set up protocol where you have security, where you monitor who has access to what and when, and that way you can track back if there is some type of breach, there is some type of data loss, you know which user or which person in your company had access to that information, then you can find out who the person was that did that.
13:35 Kurt Baker: Also, you need to be careful about individual computers and laptops and things like that, you have to be aware of those as well. So there’s lots of different ways that people can access the information, so you just have to be aware that every single place where you’re going in where you might be able to get into the network, you can have a potential for somebody to have access to that point of entry, and then move on from there into your network and find it, the data that they need.
14:00 Kurt Baker: So what’s interesting is, on an international level, United States is kinda fallen behind as far as the regulatory side, we really as a country have left it more up to the companies and the insurance companies and the individual companies to really take care of this. They say, “Well, obviously you can’t share information. We have privacy laws where you’re supposed to protect it.” But places like Canada and European Union have very, very rigid privacy and security regulations, whereas the United States it’s left a little bit more up to us. So we really need to respond and do that.
14:34 Kurt Baker: We even have things nowadays, insurance, you can actually purchase security insurance or cyber insurance, which is a type of insurance that’s now being offered which 10 or 20 years ago really wasn’t even thought about. And so when you do that, one thing nice is when you talk about insurance, some people are like, “Well, insurance is just something you pay for,” which is true. However, a company, when you get involved in insurance, they’re gonna have protocols, they’re gonna tell you, “Before we will insure your business, we wanna make sure that you have best practices in place.”
15:05 Kurt Baker: And so they actually act as a partner, because if they’re insuring you they don’t want you to lose the data either. And in a way, insurance companies could be a partner in helping you to protect the personal data and so forth. And so there’s some security within the system that you wanna make sure is there obviously, and some of the… They have credit card industry security standards, which you wanna make sure that you’re complying with that, which I believe most companies have pretty much updated that because we’ve gotten into the newer technologies. But if you haven’t updated to the latest encryption technology, you wanna make sure that you are doing that. Some of the other best practices we’ve heard about, and we wanna make sure that we do is to change the user account passwords on an ongoing basis. And most people recommend or most experts will recommend somewhere between 45 to 60 days that you change the password on an account.
16:02 Kurt Baker: And I know many of us, I know myself, I have a lot of different passwords, so it becomes kind of a process itself. So you have to keep all of those secure, and they also have some of the software out there, they have where you can actually… You have to set up like a super password, like a really, really difficult password, and then within that you can encrypt the passwords and use that, things like LastPass and things like that. So some professionals like those. The downside to that of course, if somebody breaks the master password then you may have access to other ones within that, but the pro to that is if you set up one very difficult master password, then you can set up extremely long and complicated individual passwords in the software, that’s just one of them, but there’s many of them that it’ll set up.
16:51 Kurt Baker: You could actually ask it to set up a very difficult password for you, and so it may be a very long password that you wouldn’t… If you looked at it you would have no idea what it is. And so it just makes it a lot harder for somebody on a one-off to access the system itself. Third party solutions are generally a good idea in this case, because with technology, especially encryption and security technology, it’s always changing, it’s a constant battle between those who try to access the data and those of us who are trying to protect our data. And as a business owner, really it’s not practical that we’re gonna stay up on that, unless that happens to be your area of expertise as a business, but for most businesses that’s not something that you really wanna spend a lot of time on. So it’s typically better to outsource it to somebody who’s really staying up on.
17:37 Kurt Baker: I know our security software is, every day if not more often, is at least one or two updates throughout the day, with different data that they get, as far as access, malware, the things that they’ve identified that they’re now trying to defend against. So that’s something we don’t have to worry about, because now you just purchase a subscription and you don’t do that. Another thing is to make sure, very basic stuff, you wanna make sure you have a firewall set up. Most computers will automatically do that now, but you also wanna set that up on the network and make sure that everything is set up together.
18:11 Kurt Baker: Anti-virus software, that kinda goes without saying, you wanna make sure, so if something does access it, you’ve got software already in place, it’s gonna help to protect it. It might be able to set your computer back. Let’s say you have a breach, you’ll have a copy of your computer, possibly if some software actually copy it off, so you can set your computer back maybe a day or two to a point in time where that software or that virus had not infiltrated. So there’s other things to do like that, as well as doing constant backups to other secure or off-site locations that are not in the same place as the actual data is, that we have another, you have a redundant backup copy just in case something were to happen to it. And that’s true of any type of disaster that could be even whether it’s somebody trying to access it from a fraud standpoint, or a natural disaster where maybe a hurricane or a fire or something like that maybe damage the building. You wanna make sure you have that data off-site as well, just to be safe, but that’s true from a security standpoint as well. So you wanna make sure that you take care of that as well.
19:16 Kurt Baker: Another thing is just to keep… Well, this is kind of simple but you just keep only what you need. If you don’t need the information get rid of it, If it’s no longer necessary or no longer… Maybe they’re old clients that no longer do business with you, why keep their personal information if you know for one reason or another, you’re no longer gonna be doing business, or from a regular… Some industries like ours, we have to keep it for several years. You may have to keep it for a regulatory period of time, but you don’t need to keep it forever necessarily. And that’s just another place that the data is sitting, so if there was a breach your clients might lose it.
19:52 Kurt Baker: Another thing that you need to do is physically secure it. Sometimes people forget that just because it’s in your office doesn’t necessarily mean it’s secure. Some people, you wanna make sure you do things, simple things, lock the door, keep it in a cabinet, lock your desk drawers if there’s any private information in there. Most of us have people who come in and clean at night, things like that. They should be screened. Anybody who comes in as far as some type of a background check or the company should be screening the people that come in, to make sure that they don’t have any kind of a background where you might be concerned about them breaching security, so that’s important as well. And when we come back in just a few minutes, we’ll talk about some more steps that you can take as a company, as well as some steps that we can take as individuals to protect us against this constant concern about somebody trying to steal our identity to steal our resources. We’ll be right back.
[music]
20:50 Announcer: It’s all about how you manage your money. Now let’s get back to learning how from Kurt Baker of Certified Wealth Management and Investment with Master Your Finances.
21:01 Kurt Baker: Welcome back, you’re listening to Master Your Finances. I am Kurt Baker, a certified financial planner professional. And today we’re talking about data breaches, and the risks that we have as far as our personal and our business data, and things like identity theft that tie into that. Where we left off just before the break was talking a little bit about from the company side, things that we can do. And I talked a little bit about just keeping only what you need, you wanna make sure you’re safeguarding the data itself, physically lock up the records, and that means locking like drawers to desks and things like that. Filing cabinets, of course, are important.
21:39 Kurt Baker: It’s important because you have other people coming in sometimes that might be cleaning the place, and they should be screening them but if they for some reason, somebody gets in. I’ve been in offices where I’ve seen people kinda walking around, they unlock all the doors, and so they shouldn’t do that, but it does happen. So you wanna make sure you’re doing your part to secure it, you wanna make sure that you have a professional grade shredder, which is a cross-cut shredder, so any of the information you have is destroyed. If any printed out, you wanna make sure that you destroy it. And in fact, in my office my shredder is huge and my trash can’s relatively small, because most of what I throw away is shredded and not actually put into the trash can.
22:24 Kurt Baker: You wanna make sure you’re destroying things like CDs, DVDs, and portal media, and that means erasing as well as if it’s… You can actually physically destroy it as well, because when you erase something on a medium, you’re actually not deleting it necessarily. It actually takes another step to remove the data. What that means is when you “erase it”, your computer just can’t see it, it’s actually still on the hard drive. And somebody who has professional software often can go back and pull out that data if you haven’t “written over again”, which means recorded something else on top of it, it’ll actually still be there, it just won’t be seen from you, from the computer side.
23:02 Kurt Baker: So it’s important to understand that if you really wanna destroy it, you have to go and put an actual software specifically designed to wipe out the drive itself, to make sure it’s really truly gone. You wanna update your procedures, you wanna make sure that you don’t use things like social security numbers as an ID Medicare. Just this past summer, I believe it was, is when we transitioned over from using social security numbers to identify the Medicare recipients on their cards, the physical cards that were being carried around. Now they re-issued all the cards and it’s a different number.
23:39 Kurt Baker: So if somebody happens to steal your wallet or your pocket book, they won’t actually get your social security card. So don’t carry that around, don’t carry that number around, don’t carry around passwords or things like that, because if you do drop it or lose something, now whoever receives it is gonna have access to that information. So just be very cautious about how you secure that type of data. You wanna make sure that you have written policies at your company about how to protect the data. Privacy concerns are very important these days.
24:08 Kurt Baker: Data security is very important, because once it’s released it can literally go all over the world within seconds. You wanna make sure that all computers log off automatically, so they don’t stay on overnight by mistake, you wanna make sure to shut down, logged off, and closed. And where possibly you can lock the computer itself, that’s also a good idea so that it’s not easy to remove it. And then somebody could try to hack it later on if they physically have the computer itself.
24:34 Kurt Baker: You wanna make sure that you have strict use requirements as far as who can access the computers for business or for personal use per employee, and things like that. Where they can go or what software they can access, and there are software that can help you set that up so they don’t have… They can’t allow by accident websites and things to download information onto the computer that you do not want, because some business laptops are specifically designed to tie into certain systems.
25:02 Kurt Baker: So you can restrict it to just the systems it needs to go into and then make it, so it’s a little harder for the hackers to get in, because you’re simply not allowing it. A basic one, which some people sometimes overlook, I know we’ve had past security breaches where they had the software on the computers, however it wasn’t being updated on a regular basis, so they had… Even things like your operating software, like Microsoft, the operating system itself, or Apple. You have to continuously keep the basic software up-to-date, and there’s reasons they do that. Most of the time that’s for security reasons. There’s things out there they found, there’s kinda holes in the software that somebody’s discovered, and they’re trying to plug that hole so that it makes it much more difficult for somebody to actually break into the computer itself.
25:50 Kurt Baker: You wanna not send data through unsecured means without encrypting it. And I think a mistake some people make is they’ll email things that have private information on them. Email is not secure unless it’s actually encrypted email. There are encrypted email systems out there, most people are not using those at this point. If you’re not and you are sending information, you wanna make sure you set up a true encrypted email system. And you’ll know that because you typically have to authenticate it. When I’ve used email systems with the companies that have encrypted email systems, we actually have to authenticate with each other before any data can come.
26:30 Kurt Baker: And typically the data is on some kind of secure server, so if somebody sends me a file, it’s really not a file, it’s a link. And then we’ve authenticated each other, and then I can get into the actual system that’s holding that data. So it’s really more of a way to access this third-party encrypted server, a vault of some type, and not really coming over to the actual internet, because that is not secure. Because as many of us know, you’re really just hopping from one computer to another until you find the other end where it’s supposed to be, and that means it’s wide open, and people can steal information when it’s actually out there on the internet.
27:06 Kurt Baker: So you wanna make sure you create a secure tunnel of, so to speak, of encryption. So that makes it much more difficult. Keep things like, simple things, like keep DVDs, CDs, USB drives, anything that has personal information on it, just keep it secure just like anything else. And the issue with those of course, is nowadays, you have a little thumb drive or USB drive type thing, and there’s a lot of information that could be on this. So you can encrypt those but physically you wanna make sure that you keep track of it, don’t lose it, be very careful with it, and try to be very cautious with it.
27:40 Kurt Baker: And really emphasize to employees that… And yourself, of course, is that, “Hey, this is a lot of data on here. If somebody were to get this they may have access to quite a bit of information.” So that’s kind of the basics of what you can do from a company standpoint. Just keep everything up-to-date, keep your policies in place, keep updating. I’m a big believer in using third-party providers for this type of thing, because it is something that’s really truly a battle of intellect as far as on the encryption side, and how you access, and most of us don’t have the time or resources to keep up with that. Better off outsourcing that and letting somebody else keep track of that.
28:12 Kurt Baker: That way you stay completely up-to-date as much as possible to lower that possibility of somebody accessing your information. So that’s from a company side, but what can we do from a personal side? Well, there’s actually quite a bit we could do. And the main thing is just not to get overly concerned about this, I mean, it may sound counter-intuitive, but we have data, we have to do our business, we have to operate within the system that we’re dealt with. So just realize that information that’s out there is susceptible to being accessed.
28:44 Kurt Baker: So you just wanna constantly be on guard, kinda like when you’re walking in unfamiliar area you wanna just kinda keep a watch out, just keep alert and know that people are trying to access your information. So some of the basics are, you don’t wanna give any information out if somebody contacts you. Sometimes people say, “Hey, I’m calling you from XYZ. I’m trying to validate something and I need your social security to verify something.” Very few, actually none that I know of, no security type entity is gonna reach out to you and ask you for personal information to authenticate in. They’re gonna ask you to authenticate in if you contact them, because then you know that you’re doing so.
29:26 Kurt Baker: So what I would do if somebody called me and said, “Hey, I’m from XYZ Bank,” and I happen to have an account at XYZ Bank, I would not receive that call. I would go back and say, “Okay.” Well, if there’s an issue, I would just thank them and say, “I’ll reach out to you shortly.” And I will research the number myself, I will find out what that main number is or what the fraud line number is or whatever the case is, but I’ll search it myself through my own records, because if it’s things like a credit card, you’re gonna have a number on the back.
29:57 Kurt Baker: If it’s something, an entity deal with the bank, it’s gonna have a phone number, a general phone number you can call and say, “Hey, my understanding is there may be some issues in my account, who do I need to talk to to see if there is an issue or there’s not an issue?” That way you’re generating the call and you’re getting the information directly. Don’t ever give out information to somebody who’s contacting you by phone, by text, text is becoming a big problem. A lot more text fraud going on will ask you to click something and take a look or verify something, “Hey, we think there’s an issue with your account.”
30:32 Kurt Baker: Again, anything you’re receiving that’s not familiar to you and you’re not sure about, no matter how real it sounds, you wanna make sure that you’re generating the outgoing. Don’t ever respond to somebody who’s sending something inbound, unless you’re absolutely certain it’s coming from who you think it’s coming from. It’s very easy for them to duplicate exactly what your bank looks like or exactly what your credit card company looks like. They just copy it direct from their site or from their resources. So that’s very important that you are the one that generates the call or the email or the text message out. And we’ll talk about some more things that you can do to protect yourself and your credit, and make sure that other people aren’t accessing the information that you do not wanna access it. We’ll be right back.
[music]
31:13 Announcer: It’s all about how you manage your money. Now, let’s get back to learning how from Kurt Baker of Certified Wealth Management and Investment with Master Your Finances.
31:25 Kurt Baker: Welcome back, you’re listening to Master Your Finances. I am Kurt Baker, a certified financial planner professional, and we’ve been talking about data breaches, and security of your personal information, and your business information. And when we left just a few minutes ago, we were talking about some things you could do on a personal level to protect your information and your data, so that people don’t have access to it. And so that’s what we’ve been talking about. So you don’t wanna leave things out, so to speak, you don’t wanna carry around your Social Security card, you don’t wanna carry around pins or anything like that.
31:57 Kurt Baker: You wanna make sure that’s all separated. I would suggest setting up, if you can, I would set up a small safe that’s fireproof where you could put some of these types of really secure things in a place that’s not easily accessible and would be protected in case there was any type of a fire or a disaster, so to speak. So that you would have access to really, really critical pieces of information that you might need to have later. And redundancy is always good if you can back up things online in an encrypted fashion, that’s a good thing as well.
32:26 Kurt Baker: And so you just wanna make sure that you have that. Things like, you don’t wanna share information, whenever possible, things like date of birth, mother’s maiden name, first pet’s name, other personal information. You don’t wanna put that on things like Facebook, Flicker, Friendster, LinkedIn, MySpace, and all these others like Twitter and things like that. You wanna really restrict that information as much as possible. In fact, over the last few years, Facebook has been updating as far as their privacy issues, but we’re still not really sure how much information they’re sending out or not sending out.
33:05 Kurt Baker: So you can restrict it more than you could in the past and it’s a little more obvious what’s being shared and what’s not being shared. So the bottom line is only put out what you really have to put out as far as information goes, the less it’s out there, the less likely that there’s a breach, of course, if it’s not there, they can’t take it, so to speak. So you wanna make sure that that is always secure. Another thing that you can do that I find very beneficial and I recommend that all my clients do this actually is to place security freezes on your accounts.
33:37 Kurt Baker: And what I mean by that is you can actually go to each of the major bureaus, there’s one site that you can go to and get a copy of your credit report every single year, it’s called annualcreditreport.com. On there… Again, that’s annualcreditreport.com. When you got to annualcreditreport.com, you’ll access the three major credit bureaus. Those three major bureaus are transunion.com or TransUnion, it’s transunion.com. There’s Equifax, which is equifax.com, that’s equifax.com. And the third one is experian.com.
34:20 Kurt Baker: There’s also a fourth one that many people aren’t aware of and don’t… But it is a fairly large one, it is used, it’s called Innovis, it’s I-N-N-O-V-I-S. So you can go to innovis.com and freeze that one as well. So when you go to the sites themselves, whether you access it through annualcreditreport.com, what that’ll do is actually let you go in and look at each of them. Most states allow you to… In fact federal law allows you to get one per year for free as far as your actual credit report, take a look at that, make sure there’s no fraud extending, nothing’s on there that you’re expecting, nobody’s taken out credit in your name. Believe it or not, that does happen where somebody gets your identity, they’ll take out credit in your name, and they may pay it for a little while and then they’ll default. So once they’ve opened up enough credit and they’ve used as much of your credit as they can, then they default on everything. So it’s important that you know who may be accessing your credit, and if there is a problem, you can also set up fraud alerts and you can lock your account.
35:18 Kurt Baker: But if the report is actually frozen, which is what I’m recommending you do, you freeze it. You can’t get credit with a credit report. So if you were to go down to a car dealership or try to get a mortgage or anything like that, and you try to access your own credit, or your lender try to access your credit, they simply would not be able to do it until you did what they call a lift. And you can do a security lift by either doing it for a period of time, a universal one, which basically lifts your entire account for a couple of days until somebody has the ability to go in and pull your credit for you.
35:52 Kurt Baker: I generally ask, “Which bureau do you need?” Because sometimes people will say, well, we’re not… We lift all of them, right? So they lift all three of them as an example, but they may only need one of them. So just find out which credit bureau they use. If it is all three, of course, you need to update all three, or if it’s one of the four, then they can tell you which one they’re actually using, then you just do the lift on that particular account and do it for a period of time.
36:18 Kurt Baker: You can also do it just for a particular entity as well, you can do it right down to a particular entity. That sounds great. My experience has been that doesn’t seem to work as well as I think it’s designed to work, maybe it’s gotten better. I try to do like just for a particular creditor, when I need to do it, ’cause I get… For licensing purposes they get pulled all the time, periodically to validate things. So that becomes a little harder because if you don’t have it in there exactly correctly, it’s not gonna match.
36:50 Kurt Baker: I just found it to be very difficult, so I find that if I just do it for a day or two, that seems to work pretty well, and then it automatically goes back on at the end of the period of time. In that way, you can allow the access to the credit just for the amount of time that you need. Some states will charge you a little bit, they’re allowed to… The bureaus can charge you maybe $5 to $10 to do the lift, they don’t charge to put this freeze on, but they may charge you to do an actual lift for a period of time, which to me is money well spent. Most of us don’t get our credit pulled very often, so it’s very inexpensive to do it.
37:22 Kurt Baker: And I just suggest that everybody has a freeze put on their credit report and be done with it. And that’s a good way to do it. You wanna make sure that you keep an identity theft file, so you keep copies of all the different things that somebody may get access to, that way you can kinda reconstruct it later on if you need to. And that’s things like passwords, copies of your credit reports, privacy notices, any type of security breach notices you have, any type of ID that you have that might get stolen or compromised, keep copies of those. And as I said before, keep them in a small safe, that way if something does happen, you can kind of reconstruct, and you can help authorities help you get your identity back.
38:03 Kurt Baker: I actually had a client though, who had her identity stolen and it was stolen through a bank employee, at a major bank and it took years to unwind it, because they had everything that they needed to essentially become that person. So they had a very difficult time proving to the different creditors that she was who she was and the other person wasn’t. That’s how much information the other person ended up getting through her accessing the entire file, because they had… It was basically a insider theft, and that can create a real problem.
38:37 Kurt Baker: So the more information you have to kinda prove to them everything that happened prior to that, the better off you are as far as trying to reconstruct. Of course, when you have the freeze on, it makes it much, much harder for people to access that information. You could do things like stop unsolicit credit card offers. When those kind of things come in the mail, sometimes people pull them out of the mailbox and try to open up credit in your name, and you can go to a website called, optoutprescreen.com. That’s opt, optoutprescreen.com, and you can actually get off of the list so to speak or you can call 888-567-8688. And that way you won’t get the offers in the mail. If you don’t need any credit why get them in the mail? There’s plenty of time, but if you really need to, you can always just go out and research and you get credit the traditional way, so to speak. Monitor your accounts, keep a track of your accounts. Many of the different services like credit cards and banks will allow you to set up alerts within your accounts, let you know when your bank balance gets to a certain level, let you know when there’s a charge over a certain level, when a check clears for a certain amount.
39:39 Kurt Baker: So you can set it if you don’t… So you can set all these different parameters. Most people don’t realize that they’re in there. Find out what alerts that your bank offers or your credit card company offers, put those in place. And that way you know exactly what’s happening if it’s not within your normal spending parameters. And you’ll be like, “Oh, wow, I can see it.” But just checking your statements and logging in periodically to make sure that nobody’s accessing the account, that’s another great way to really do it. I mean, the sooner you find out what’s happening, the quicker you could stop it, and the quicker you can get things back to the way they’re supposed to be.
40:10 Kurt Baker: There’s also companies out there that help with this. I mean, the security freeze is really kind of the baseline. That’s what really kinda makes it happen, but they’ll do other things as well. And so there’s a couple of companies out there, there’s probably quite a bit of them, but there’s a few out there that we’ve probably heard of like, LifeLock, they advertise everywhere. Experian offers their own service as well. There’s another couple more, Identity Guard, Identity Force, Real Shield. So there’s a whole bunch of ones that do this and you can do a search on them, and they offer different types of things.
40:47 Kurt Baker: Basically they’re offering insurance and they’ll help you reconstruct it. Typically, it’s up to about a million dollars to reconstruct your identity, so if it’s really important to you this might actually be worth it for you from a business perspective. So if something does happen, you kinda have a partner to help you put all this stuff back together again. So you can research those. And that’s kind of a step above having just the security freeze in place, which is actually insurance to help you kinda put things back together if something were to happen.
41:13 Kurt Baker: So in a nutshell, be careful, put these things in place. Use professional services to help you to protect your security. Stay alert if anything is outside of the parameters, they should be set up, fraud alert, set up a security freeze, those are kind of the best ways to really protect yourself and your business from somebody accessing your information that you don’t want to access. And again, you’ve been listening to Master Your Finances. I am Kurt Baker, I can be reached at 609-716-4700. You can hear this podcast, as well as subscribe to the podcast at masteryourfinances.us. Remember, together we can master your finances, so you can enjoy financial peace of mind.
[music]
41:57 Announcer: It’s hard to keep up with the fast-paced financial world, but because of Master Your Finances, you have a head start. Thank you for listening to this week’s edition of Master Your Finances with Kurt Baker, our certified financial planner professional, only on 1077 The Bronc and 1077thebronc.com. Tune in next week, Sunday at 9:00 AM, to get a boost on your financial planning. But if you missed a week you can check out past episodes, just go to masteryourfinances.us to check out past episodes and more. Master Your Finances is underwritten by Certified Wealth Management and Investment LLC. Money doesn’t grow on trees, but it can grow your portfolio. Thanks to Kurt Baker and Master Your Finances, on Sundays at 9:00 AM, exclusively on 1077 The Bronc and 1077thebronc.com.