Greene: Beyond Equifax

Jan 9, 2018

It’s been estimated that about a third of Vermont’s population was affected by the Equifax breach. But galling as it was, it may have galvanized both public and private sectors to consider better safeguards for personal data.

John Quinn, Secretary of the new Vermont Agency of Digital Services, is focused on updating cyber security programs across departments that have, until now, dealt with cyber issues independently. He recommends that we look at our cyber-security the way we regard our wallets – proactively – and says, “Lock your devices if you have to leave them unattended. Put credit monitoring on yourself so you can watch what’s going on.”

Sebastian Szykier, cyber security researcher from Newfane, advises people to step back and consider meta data. That’s how companies - or hackers - piece together data from different sources for a disturbingly intimate picture of your life - finances, health records, even your whereabouts.

For instance, some insurance companies offer a safe driver discount if you put a sensor in your car or install an app on your mobile device. But attackers can use this data to understand your travel patterns - while the insurer could simply adjust your rates based on where you go instead of how you drive.

Companies try to reassure us with privacy policies, but those can change at any time, Szykier warns, and offer minimal protection. So Szykier advises consumers to use multifactor authentication, by employing additional factors beyond user name and password, such as adding a fingerprint, a token or a certificate with a pin. This adds another layer of security if a password is stolen. He also recommends getting a password manager program that generates unique passwords for every account so no one password can open all your accounts.

Finally, he says to update all devices regularly, since many updates contain enhanced security measures and fix security vulnerabilities.

There’s also a noticeable generation gap regarding these concerns. Boomers are often uncomfortable with levels of surveillance that Millennials barely register.

I was at a meeting of activists in which the twenty-something leader pulled up my profile with online petitions I’d signed. His intent was to demonstrate my laudably high level of engagement. But those of us in our 50s and beyond found it disturbing.

For a moment, I even considered throwing my phone into a snow bank, but then all my data would just be out there.