Security of our devices remains a primary concern as attorneys to protect client data as well as our own , and to prevent identity theft. Likely you have heard about identity theft and its consequences. In case you have not, it occurs when someone gets access to another person’s information and steals their identity by opening accounts in their name and/or by accessing accounts owned by that person. To give you some perspective on the seriousness of these concerns: in both 2021 and 2022, some 15 million people in the US experienced identity theft. The reported incidents resulted in $50 billion in financial losses. This equates to 4.5% of all US residents, with an average loss of $3,500. It is not as common as the cold, but the reported incidents likely do not reflect the true number of occurrences.
Nobody knows the number of cases that go unreported; we think it may well exceed the number that victims reported. Victims do not report identity theft for many reasons. Even if reported, identity theft cases have proven difficult to prosecute, which may offer some of the explanation for why identity theft goes unreported. As it turns out, seniors (over age 60) represent a disproportionately large segment of the known victims. Likely they also represent a disproportionately large segment of the unknown victims. Often seniors choose to not report such occurrences as a result of fear or embarrassment. They suffer embarrassment as they perceive that their victimization reflects a diminished or diminishing capacity. Many seniors fear that if they report such an event, adult children may perceive it as diminishing capacity and seek the appointment of a conservator or guardian.
We frequently talk and write about trying to protect yourself and your devices. Notwithstanding that, we often get questions from people about what they can do to protect themselves. Too often those questions come after someone has suffered the theft of their identity and incurred a loss.
We will focus this article on the things you should always do to protect yourself. Even if you do all of them, they do not guarantee that someone will not steal your identity. These suggestions can, however, reduce the odds that someone will steal your identity.
KEEP YOUR HARDWARE SAFE.We often see unattended hardware on tables in coffee shops, on seats, tables at airports, in garbage cans, and in a variety of other public places. Sometimes people leave their hardware on the table in a coffee shop while they go to get a refill. They don’t expect someone to take it in the few minutes they leave it unattended. Surprisingly most do not get taken; nevertheless, some do. Another common problem relates to the need to recharge our device’s constant hunger for power. For some reason most devices never seem to last long enough on a charge. As a result, people plug their devices in wherever they find a working outlet and often leave them to sit somewhere else. Even if that somewhere else is only a few feet away, that distance can create an opportunity for theft, especially if you work on something else, or engage in conversation so that you take your eyes off the device. A better solution: carry an external battery that you can attach to the phone and use (i.e., a magnetic connection if your phone accommodates that, or one with a wired connection to recharge your device’s battery). We use iPhones and like the idea of carrying a magnetically connected battery for the phone that fits in a pocket or purse. When we travel, we also carry a much larger battery capable of recharging all of our electronics: phones, iPads, laptop computers, Kindles, etc. Such power banks do not take up much space in a bag or backpack and keep you away from the plug-hunting crowd. If you keep it in your bag, you can easily plug the device in and leave it inside the bag, which you should always keep with you.
STAY OFF OF PUBLIC WIFI. You will find public WiFi almost everywhere these days. Most restaurants and hotels have networks set up for customers and guests. We consider those public. Many buildings do the same for visitors. We consider any network you do not control as public for purposes of this discussion. We recommend that you get a WiFi hotspot to use domestically as well as when you travel. Note that you may need to get two as the domestic hotspot may not work internationally. Another option is to get a device that will work in both environments and changing the SIM card when you travel outside of the area that your domestic provider services at a reasonable rate. All the major providers offer domestic hotspots. Some offer international connectivity as well. You can also acquire a device with an account that works internationally from providers such as Glocalme (www.glocalme.com). These hotspots will connect to multiple devices. Be sure to use a secure password for your personal network. (see discussion of passwords below).
USE A VPN.We recognize that you may find the lure of free WiFi irresistible during your travels. We also recognize that you may need to access WiFi in a location where your personal hotspot does not work. If you venture onto public WiFi you should use a good VPN (we like NORD). The VPN or Virtual Private Network provides protection to you while accessing a public network. We like VPN so much that we use it with our own private hotspot and our home and office networks. Better safe than sorry.
USE BIOMETRICAL ACCESS WHEN YOUR DEVICE HAS IT.More and more devices have made biometrical access available. Biometrical access means that the device uses something unique to you to allow access. The two most common means are fingerprints and facial recognition. If your device provides that option, use it.
USE SECURE PASSWORDS FOR DEVICES AND ACCOUNTS.Most things today require a password to access, including: Computers, tablets, phones, and bank accounts, in stores, and for many other things. People tend to want to use a password they can easily remember and often use the same password for multiple accounts. We have a simple suggestion respecting that: DON’T! You should have a unique and a strong password for each device and account to maximize your protection. If you use the same password for everything, anyone getting that password has the keys to the kingdom. We know most people cannot remember multiple strong passwords. Accordingly, you should use a password protector that will remember all your passwords and store them securely. You should, of course, protect that application with a very secure password and guard it carefully. The benefit of most of the password protectors is that they will generate and secure passwords for you and can provide you with a password generated with random characters (considered the safest type to use). The downside is that if you store all your passwords in one place and the bad guys get access to that password, they have the keys to the kingdom. Always use a strong password. Password rules:
- Longer is stronger: Nothing less than eight characters.
- Random characters work best: Passwords created from random characters have proven the most difficult to crack. You can reduce the likelihood of the bad guys cracking a password not consisting of random characters by using more characters (such as a pass phrase) and by following Rule 3.
- Mix character types: You should include in your password a combination of upper- and lower-case letters, numbers and special characters (any non-alphanumeric characters on your keyboard).
- Protect your password: It makes no difference how strong a password you create if you leave it lying about or store it unsecurely. We like the idea of using a password program like 1Password, NordPass, or RoboForms. Then you need only worry about the password to that application. Use a strong password and memorize it. You might want to store a copy of it in a safe, just in case. Do not attach it with a Post-It or in some other way to your device. We have seen people do that and it made us cringe.
- Stay away from common passwords: The most common passwords in use include:
- 123456
- 123456789
- qwerty
- password
- 12345
- qwerty123
- 1q2w3e
- 12345678
- 111111
- 1234567890
Also avoid things easily associated with you, such as your name, the name of your spouse or your child, your birthdate, etc. The bad guys will try those first if they have that information.