While I worked the past few days with Cyber Security wiz Hemanshu Nigam on today’s guest column by the SSP Blue CEO, it was made painfully clear to me that some Sony staffers–I’m talking about the people living paycheck to paycheck, the ones who can least afford to be crime victims–are experiencing strange occurrences in the wake of having private information leaked. It’s also clear that some might not know where to turn after the hackers disseminated Social Security numbers and other private information, the cyber-shrapnel from North Korea’s attack against Sony. So forgive us if we are repeating things that Sony has already advised all its past and present Average Joes whose savings and retirement accounts might be at risk. I asked Nigam to suggest steps that these Sony staffers should consider, to protect their hard-earned money from cyber-thieves. You might want to square this with Sony human resources first, but it seems to me that too many have sat by while this unimaginable episode unfolded. We saw how that worked out. Here are his suggestions:
Said Hemanshu: “The news around the Sony cyber attacks has focused mostly on the executives who had their most detailed personal information leaked. But what about all the other employees at Sony – many of whom struggle paycheck to paycheck to make ends meet? So much of Hollywood runs because of these folks, and the free credit monitoring services they have been given may do very little to stop further victimization. I have seen numerous cases where future attacks are focused on the ‘little guy,’ who was just doing his/her job.
One single case of identity theft can siphon such an individual’s entire savings account, creating a downward spiral that can take years to recover from. Credit monitoring only does that, it monitors. Past and present Sony employees need to accept that their life as they knew it has changed, and must take immediate steps to proactively protect themselves from identify theft. The breadth and depth of personal information that was leaked is so significant that hackers will see them as what we call high-value targets. Not only was online info stolen, but so was physical information such as home addresses and phone numbers leaving them vulnerable to attacks by mail and phone in addition to online. Hackers can also now steal more than an online identity, they can engage in full-fledged identity theft offline.
Here are some ways to take charge of a horrible situation.
1. File a police report. This may have been an attack on Sony, but you are also a victim since your personal data was stolen and leaked. This police report will be very handy in future issues.
2. File a complaint with the FTC and IRS so they have a record of what has happened, and they can be more responsive in case you are further victimized. A police report copy will be very useful.
3. Make sure all your phone numbers are registered with the Do Not Call Registry.
4. Reach out to all three credit agencies (TransUnion, Equifax, and Experian) and put an immediate security freeze on credit checks. Usually this lasts 90 days, but if you have filed a police report, you can keep this going for up to 7 years. You may need to pay a fee that might make it permanent. If someone checks your credit, they must speak to you first.
5. Every year get a copy of your credit report and carefully review for errors. Use only the link provided here. Fraudulent sites exist out there offering free credit reports.
6. Visit your bank in person with a copy of the police report and check what protections they have in place for both credit cards and debit cards. If you can, use only credit cards and pay off every month to avoid the fees. Debit cards often have a max of $500 that you are responsible for if you get victimized. Yes, it is like a deductible on an insurance policy. If at all possible, close the current accounts and open new ones. This may be a challenge, but reduce the daily spend limit the bank gives you to as low as you can reasonable go.
7. Check your bank accounts weekly to see if there are any small charges. These can often slip through bank fraud-detection systems.
8. Change all your online account usernames and passwords, and create a new email that is your go-forward email. In essence, treat it like joining a witness-protection plan and build a new identity that you own and control.
9. Inform your local DMV in person of what happened and ask for a fraud alert to be placed on your driver’s license number. If you have a police report, they will be more responsive.
10. If you get emails, calls or letters from any bank or government agency asking you to update your personal information, do not provide any updates whatsoever. Instead, look up the number on your own and call directly to verify they need something from you. Do not call the number they give you on the phone or in the letter.
11. Get a folder that where you physically keep all records related to this – police reports, bank account info, credit bureau numbers, etc. Treat it like your shield of armor.
12. Install the latest anti-phishing and anti-virus software on your home computers and keep them up to date always.
This might seem like a lot to do right now, but these are the ways I would protect myself.