Have You Already Been ID Hacked???

00:00:00.000 | I remember back when I was a venture capitalist, this company Fortalice, which I know you're

00:00:09.620 | familiar with, was raising money and they offered to run some reports on people in the

00:00:16.000 | investing group to show off their product.

00:00:18.880 | And they ran this report and I was like, "Wow."

00:00:21.160 | It's not that I didn't know there was information about me online, right?

00:00:24.200 | There's family tree websites, there's white page websites, there's my social media.

00:00:29.360 | But when someone pulls all that information together into one place, and you see a list

00:00:34.440 | of every address you've ever lived at, every job you've had, all of your phone numbers,

00:00:38.160 | all of your email addresses, and then the exact same set of information for your spouse,

00:00:42.960 | your siblings, your parents, and they put it all together, you're just a little bit

00:00:47.720 | taken aback.

00:00:50.120 | And it made me think, "Gosh, should I be getting rid of this?"

00:00:54.160 | Is there a way that consumers can just get a lot of this information off the internet?

00:01:00.420 | Or what goes into trying to mitigate this risk and minimize the risk in getting stuff

00:01:04.880 | taken away?

00:01:05.880 | Well, I could give you my favorite George Carlin line, which it's a mystery, but the

00:01:12.480 | truth is that there are things that can be done, but it is a long and arduous and time

00:01:21.120 | consuming process, because you literally have to go from data broker to data broker, and

00:01:29.520 | there are procedures you can use, and each one explains it to you.

00:01:32.760 | And of course, the CFPB, Consumer Financial Protection Bureau, has advice on exactly how

00:01:39.480 | to do all of that.

00:01:42.080 | But just like when LifeLock started, and someone said, "Well, isn't it true that a lot of this

00:01:49.480 | stuff people can do themselves?"

00:01:52.160 | And the answer, which I thought was a very interesting answer, and I've been a fan of

00:01:57.440 | LifeLock, is they said, "Well, sure, you can also change your own oil, and if you want,

00:02:04.200 | you could maybe even change your own muffler.

00:02:06.440 | Do you want to?"

00:02:09.480 | So it really has to do with how much time you're willing to dedicate to it.

00:02:15.480 | Some people, it's a crusade, and they will do it because they don't want to pay anyone

00:02:20.240 | else to do it, and they will do it.

00:02:23.480 | Others will find companies like reputation.com, which is where they will work to get negative

00:02:28.920 | information about you offline, or companies like Abine, where they will work with you

00:02:37.040 | to actually delete information from the online world.

00:02:43.520 | And now that there is a right to forget in the GDPR, which is the General Data Protection

00:02:50.600 | Regulation in Europe, and it's incorporated to some extent in the California Consumer

00:02:56.920 | Protection Act, and it is hoped that maybe it will be also incorporated in the American

00:03:06.320 | Data Protection Act, which is kind of wending its way through Congress, assuming it can

00:03:10.640 | actually find its way through Congress, which is very difficult for us.

00:03:15.160 | As we've seen in the past years, it's very difficult for stuff to get through Congress

00:03:20.280 | with all the interests involved, but it still is a process.

00:03:25.440 | Now, you can contact Google, for instance, and ask them to remove certain information

00:03:29.960 | about you, which they're willing to do, but it's a process.

00:03:34.520 | And even if, you know, this is just like with a credit report, when people would go to credit

00:03:39.560 | repair companies, and some of them are good, and some of them are really, really not good,

00:03:45.560 | and they would say, "Okay, we will get this information off," and they do, but unfortunately,

00:03:52.420 | it was legitimate information, and as a result, when the particular subscribing retailer does

00:04:00.600 | an update, the information finds itself back onto your credit report again.

00:04:06.880 | So, you know, think of all of the millions of websites that are out there, and how, unfortunately,

00:04:15.320 | over the years, there's been this wholesale sharing of information, or selling information,

00:04:22.860 | or lending information, depending upon what the relationship was between these organizations,

00:04:30.040 | and it's going to be out there.

00:04:31.880 | And yeah, can you get it off, maybe, for a period of time?

00:04:36.080 | Can you get it everywhere?

00:04:38.400 | It may take you forever to find out where everywhere is, and there's a new part of everywhere

00:04:43.880 | that shows up every day.

00:04:46.360 | So that's why you have to say to yourself, "Look, the world I live in, it's a surveillance

00:04:52.440 | economy."

00:04:53.440 | It just is.

00:04:55.880 | We are surrounded by billions of Internet of Things devices, tracking, listening, sending

00:05:03.000 | data back to manufacturers, data then being shared, that information also being hacked

00:05:08.680 | by hackers.

00:05:10.280 | So that's why you need to really consider the three Ms, and among the things you should

00:05:17.320 | be doing, assuming that your data is out there, even despite your best efforts to get it off

00:05:23.120 | the online world, is everything from long and strong passwords, not shared among websites

00:05:29.880 | or password managers, using two-factor authentication, which makes it, again, more difficult for

00:05:36.840 | someone to represent that they are you, because they do have to go through that extra layer

00:05:43.240 | of whether a code is sent to a cell phone or you use biotech, not biotech, but you're

00:05:55.420 | using thumbprints, eye scans, depending upon the particular device you're using.

00:06:00.520 | I'm a particular fan of thumbprints.

00:06:04.360 | They also, multi-factor authentication, can involve voice prints.

00:06:08.200 | Of course, the issue is what if, God forbid, someone steals a database of a company where

00:06:13.480 | they have your voice prints, that could be a problem too, but again, any layer of additional

00:06:18.960 | authentication you can add is important.

00:06:22.140 | It also means you don't click on every link you see.

00:06:25.580 | You don't open every attachment, even if you think it's coming from someone you know.

00:06:30.980 | I mean, a perfect example, it's a buzzkill, but anytime I get an e-card from someone,

00:06:37.100 | the first thing I do is I call that person and say, "I know this is a buzzkill, but did

00:06:42.220 | you just send...

00:06:43.220 | You don't have to tell me what it says.

00:06:44.500 | I'll go do it, provided you confirm you really did it," but again, with the malware that's

00:06:51.480 | out there and the ransomware attacks that are going on, you always run the risk that

00:06:57.500 | someone you know receives something that they opened that they thought was hysterically

00:07:02.940 | funny and terrific, and they're sending it to you, but they didn't realize that it had

00:07:08.380 | malware on it, and all they've done is they've shared the love and the hack with you, so

00:07:16.500 | you do run that risk.

00:07:17.580 | That's why it's really important to be very careful where you click, what you open.

00:07:22.080 | That means, as we talked about earlier, you lie like a superhero when you're sending up

00:07:26.820 | questions and answers.

00:07:28.640 | That means that you freeze your credit, which is, as we talked about, is free and you can

00:07:34.720 | do it.

00:07:35.720 | That means that even the humble shredder, and I don't mean a ribbon-cut shredder because

00:07:42.320 | for those of us who saw Argo, as an example, what happens is you can get kids or people

00:07:50.780 | hopped up on drugs who will sit there and meticulously tape back up things that have

00:07:57.260 | been cut by a ribbon-cut shredder.

00:07:59.840 | That's why you need a confetti-cut shredder or a cross-cut shredder, which turns this

00:08:05.340 | into little useless pieces of confetti that no one can put back together again.

00:08:13.800 | These are some of the things that you need to think about doing, or as we also talked

00:08:19.860 | about earlier, that's where the third M comes in and it's so important, and that is to contact

00:08:27.340 | your insurance agent, your financial services rep, or the HR department where you work and

00:08:33.380 | say, "If I become a victim of an identity incident or if I'm worried about it or I find

00:08:38.340 | out that an organization that I've had a relationship with has been hacked, are you going to help

00:08:45.240 | me through the incident?"

00:08:46.980 | And that's where it's really important.

00:08:49.220 | And a lot of these programs are free, deeply discounted, and worth you signing up for.

00:08:56.700 | I'll share a couple others that I've learned in the past, I don't know how many years,

00:09:01.620 | but some I've employed, some I plan to.

00:09:05.140 | I actually have multiple email addresses.

00:09:07.340 | So I have an email address that I just used for financial institutions.

00:09:11.500 | I have never shared that email with anyone.

00:09:15.180 | Only financial institutions know it.

00:09:16.860 | I've been recommended, though I haven't, to use a separate one for social media profiles.

00:09:21.860 | Yes.

00:09:22.860 | That was another recommendation, is to just have different email addresses.

00:09:26.460 | Look, if you don't have a password manager, I can only imagine how hard that is.

00:09:29.900 | So we're going to go back to your original recommendation, which is everyone needs a

00:09:33.140 | password manager.

00:09:35.340 | Everyone should be using two-factor authentication everywhere they can.

00:09:38.620 | Well, yeah.

00:09:39.620 | And you can use Google Authenticator.

00:09:41.940 | You can use some of the more, the hardware-oriented.

00:09:46.500 | When we talked earlier, you had mentioned one of them when we talked prior to that.

00:09:51.580 | Yeah.

00:09:52.580 | I'm a fan of all of my two-factor being one-time passwords that you can put in Google Authenticator

00:09:57.340 | or Authy or even 1Password, though I had historically been putting all of my one-time passwords

00:10:03.680 | in 1Password.

00:10:05.380 | I am now realizing, as convenient as it is for them to copy and paste them, the fact

00:10:10.620 | that I'm storing my password in the exact same place I'm storing my two-factor auth

00:10:15.380 | inherently makes it no longer two-factor because they're in the same place.

00:10:21.020 | So that's...

00:10:22.020 | That's like 1A factor.

00:10:23.020 | Yeah.

00:10:24.020 | So it's, yeah, I got two types of single factor.

00:10:27.100 | So I'll probably actually be changing that.