Please consider downloading the latest version of Internet Explorer
to experience this site as intended.
Skip to content

Alumni Gazette

ALUMNI FORUMIdentity Theft and You How do you best protect yourself from identity theft? Can you make your online life safe and secure? Three alumni experts weigh in. As told to Kristine Thompson

Identity theft, data breaches, and online security are increasingly important issues affecting the world of the 21st century. How do we navigate life in a data- driven era while safeguarding our privacy and security?

Three alumni with expertise in technology, data privacy, and cybersecurity offer their thoughts.

‘Not Good News’

Bruce Schneier ’84

forum (Photo: Julia Joshpe)

An internationally recognized security technologist, Schneier serves as a special advisor to IBM Security and as chief technology officer of IBM Resilient, which helps businesses respond to security threats. A cryptologist, he is the author of 15 books on security.

I don’t have a lot of good news for you. The truth is there’s nothing we can do to protect our data from being stolen by cybercriminals and others.

Ten years ago, I could have given you all sorts of advice about using encryption, not sending information over email, securing your web connections, and a host of other things—but most of that doesn’t matter anymore.

Today, your sensitive data is controlled by others, and there’s nothing you can personally do to affect its security.

I could give you advice like don’t stay at a hotel (the Marriott breach), don’t get a government clearance (the Office of Personnel Management hack), don’t store your photos online (Apple breach and others), don’t use email (many, many different breaches), and don’t have anything other than an anonymous cash-only relationship with anyone, ever (the Equifax breach).

But that’s all ridiculous advice for anyone trying to live a normal life in the 21st century.

The reality is that your sensitive data has likely already been stolen, multiple times. Cybercriminals have your credit card information.

They have your social security number and your mother’s maiden name.

They have your address and phone number.

They obtained the data by hacking any one of the hundreds of companies you entrust with the data—and you have no visibility into those companies’ security practices and no recourse when they lose your data.

Given this, your best option is to turn your efforts toward trying to make sure that your data isn’t used against you.

Enable two-factor authentication for all important accounts whenever possible. Don’t reuse passwords for anything important—and get a password manager to remember them all.

Do your best to disable the “secret questions” and other backup authentication mechanisms companies use when you forget your password—those are invariably insecure. Watch your credit reports and your bank accounts for suspicious activity.

Set up credit freezes with the major credit bureaus. Be wary of email and phone calls you get from people purporting to be from companies you do business with.

Of course, it’s unlikely you will do a lot of this. Pretty much no one does.

That’s because it’s annoying and inconvenient.

This is the reality, though. The companies you do business with have no real incentive to secure your data. The best way for you to protect yourself is to change that incentive, which means agitating for government oversight of this space.

This includes proscriptive regulations, more flexible security standards, liabilities, certification, licensing, and meaningful labeling. Once that happens, the market will step in and provide companies with the technologies they can use to secure your data.

‘It’s Important to Empower Yourself’

Emily Trapani ’14

forum (Photo: Julia Joshpe)

Trapani serves as a policy director for the US House of Representatives Committee on Homeland Security. She previously worked as a policy specialist for a Washington, DC, government affairs firm and as a public opinion polling manager for a tech startup. Her portfolio has included national security issues as well as cybersecurity, data privacy, and foreign affairs.

Consumers tend to think that it’s the responsibility of the government and private sector to protect their data.

However, in current practice, the United States government has taken a rather limited role in data security, focusing on creating minimum standards of security, encouraging companies to follow best practices, and outlining breach notification requirements. Data regulation in the US is highly fragmented, as there are different laws specific to industries, jurisdictional boundaries, and data types.

As for the private sector, companies have a business interest in protecting consumers’ personally identifiable information, yet also a very real financial interest in mining, packaging, and selling consumer data to third parties. Inevitably, there are security gaps that exist when it comes to your data.

With this in mind, there are some basic steps you can take to help protect yourself.

Write down all financial, social media, and other online account information and passwords where you provide personally identifiable information. Keep this information in a secure location.

It will help identify where a breach has occurred, and which passwords need to be changed elsewhere in the event that one of your accounts is compromised.

There are encrypted password management software programs and apps that can do this for you.

These programs have built-in security features that scramble the data, ensuring a breach does not result in any personal information being compromised.

Enable two-factor authentication. Many social media sites and email service providers offer this extra layer of protection; opt in under “security settings.”

This verifies your identity by sending a randomized code directly to your cell phone or other method of communication after you enter your user name and password information.

Change your passwords every few months on sensitive accounts.

Avoid connecting to public Wi-Fi in coffee shops, transit stations, and other highly trafficked public locations. These are breeding grounds for identity theft. Use the “personal hotspot” feature on your phone instead.

At home, make sure your Wi-Fi router has encryption enabled. To check, click on your home computer’s Wi-Fi icon and view “properties.” The best widely available right now is WPA-2.

Don’t default to using “autofill” options when entering your personally identifiable information on websites. Although they offer in-the-moment convenience, they increase your exposure to identity theft.

Regularly review the transactions on your debit and credit cards. Although banks have gotten very good at fraud detection, things can slip through the cracks.

Keep an eye on your credit score. There are a few companies that offer free credit checks that won’t affect your score if you review it periodically.

Be cautious of any email from an unknown sender, only click on links from sources you trust, and be skeptical of any email asking you to provide personally identifiable information.

Email phishing scams are common. Interestingly, recent security industry reports have found that the market built around phishing scams has become more profitable than the illicit drug trade.

Protect your credit card information when you’re in public by using a wallet or card holder that incorporates radio frequency identification (RFID) blocking technology. Criminals can use radio frequency scanning devices to steal your credit card information by simply walking by you on the street.

It’s important to empower yourself and those around you to get smart on data security.

While the government and private sector offer certain protections, being an educated steward will help fill in the gaps to enhance the security of your data.

‘Today, Everything Is at Risk’

Mark Zaid ’89

forum (Photo: Julia Joshpe)

The founding manager and partner of his own law firm, Zaid has been named a Washington, DC, Super Lawyer and a Best Lawyer by Washingtonian magazine for his national security work. He is also the executive director of the James Madison Project and a cofounder of Whistleblower Aid.

The best way to protect yourself? The answer is really something that probably none of us can stomach: don’t be online.

If you have an online presence, which is virtually required nowadays, and unless you are on the Forbes 100 most wealthy people list, you really can’t completely protect yourself.

Today, everything is at risk.

For me, and most of us, we don’t need to worry about the government or spy agencies tapping into our lives.

It’s the dark web radicals, ideologues, and hackers we should think about. They don’t follow rules or ethical norms.

And, although the major companies out there are getting more and more sophisticated when it comes to security breaches, so are the criminals.

Apple, IBM, and Google may be able to keep up with them, but most of us, as individuals, can’t.

What can we do? We all need to pursue protection based on our personal comfort level and how much we want to spend. Think about statistics and act accordingly. With millions of people online, the odds of someone latching onto me or you are small. That said, there are common sense things we can all do.

Be careful with your credit card information. Use cash when you can, for instance, in restaurants, gas stations, and elsewhere.

Rip up or, better yet, shred anything with identifying information in it—like those credit card solicitations that we all get often in the mail. Your info is likely in that envelope that you never open, so don’t make it easy for criminals to get.

Whatever is most convenient for them to take and use, they will. So make your information less easy for criminals to get. Know that identity theft is a crime of convenience.

The more steps you take, the more likely a criminal will be to go to the next person.

Sign up for a protective service and check your credit score regularly. All banks offer this, many for free. If you see something odd, report it right away.

Remember that when you are online, you are using public forums—even though you are doing so in a private capacity. Be smart, and then your information will be difficult to steal.

Be cognizant of the location trackers on your phone and minimize the ability for someone to find you. Many apps and games, along with tools and devices, use your location data so this is getting harder to avoid.

Be careful about wireless usage, too. Use your own hotspot, if you can. It adds another level of protection. Also, think about using encrypted apps like WhatsApp, Viber, or Signal for texting.

One thing you should never do: don’t ever post anything that alerts people you aren’t home.

If you are at the theater, don’t post pictures to social media about the performance that will start in minutes.

If you are on a bucket list trip in some distant place, don’t post anything until you are home.

If you do post when you are out for the night or week, you are telling people, aka criminals, that your house is easy to break into.

I tell my family and friends: “If you don’t want the Washington Post posting it, don’t send it.”