How Do I Protect Myself From Data Breaches?
A Q&A with Kathleen McGee, Chief of New York Attorney General Eric Schneiderman’s Bureau of Internet and Technology
To mark National Cybersecurity Awareness Month, we took questions from New Yorkers on what a data breach is, why there seem to be so many in the news recently, and what consumers can do to protect themselves.
What are data breaches?
“Data breaches are an intrusion into a data pool, a database where you’re going to have sensitive information. This data could be anything from a Social Security Number to your name and driver’s license number. For some people, it’s also biometrics or username and password. It’s going into those databases, stealing that information, often extracting that information and using it for your own personal gain or selling it for something else.
Here in our office, we’re really concerned about this, as everyone is, and we’re working really hard to make sure that, one, the laws are enforced; and that two, companies are paying attention on a regular basis to how they’re operating and whether they have the best reasonable security in place.”
Why do there seem to be so many data breaches recently?
“This is a really interesting question. We recently did a report that chronicles a real uptick in the number of data breaches that have affected New Yorkers over the past year. It also talks about the two primary reasons for data breaches.
One is, of course, hackers. Hackers love your data for a couple of reasons. First, data is the new commodity. Data’s very valuable and you can use it for all sorts of reasons. You can use it to open up your own account; you can sell it; you can create a new ID. Hacking is also incredibly disruptive, and whether it’s for fun or a nation-state hacking into an entity, these things are done purposefully just to be disruptive.
The other reason for an uptick in data breaches, actually a grouping of 40% of all of the reasons for data breaches in New York State, was negligence from inside companies. That means they’re asleep at the switch. Companies aren’t doing what they need to do to make sure that they’re vigilant and employing reasonable data security standards to protect the information that they’re collecting from you, whether you know it or not. Under the law it doesn’t matter — if they have that sensitive information, they’re required to protect it. So it is a problem for consumers, it’s a problem for businesses, and really it comes down to both entities being really vigilant about practicing reasonable data security.”
What can New Yorkers do to protect themselves?
“There are a couple things New Yorkers can do on a daily basis to make sure that they’re not the victim of a data breach. Just like we look both ways when we cross the street, we should be making sure that when we’re purchasing something online, whether it’s from our smartphone or our home office, we’re using a secure website. From your desktop, that’s going to be an https:// symbol on the URL or web crawler at the top of the screen. If you’re using an app on your smartphone, you should make sure that you see that little lock symbol. If you’re going online, make sure you’re somewhere where you know the wi-fi you’re using is secure. If it’s not, maybe you can wait if you’re engaging in a sensitive transaction online.
There are other things you can do as well. Don’t share your passwords. Make sure that you’re not using the same passwords on different sites. Check your bill statements; a lot of us now have our accounts set to pay automatically. It’s good to check your bill and make sure that the things you’re paying for are things you actually purchased. And even with the Equifax breach, you do need to get credit reports regularly to make sure that someone hasn’t used your identification for a new line of credit.”
Should I be worried about getting hacked?
“We can’t live our lives in fear. Everyone should be concerned and should have a sense of awareness about having your identity stolen, having your bank accounts purloined. That is just the unfortunate state of the world that we’re in today. I think fear isn’t the right word — just a heightened state of awareness. Things are different now, and we need to be more cautious about how we interact online and we need to be more cautious about what we’re doing to make sure that we’re safe.”
Want to hear the full Q&A? You can watch it on Facebook here.