Keeping Your Identity Safe Online
by Bob Williams
You got this—all you have to do is start!
This time of year, you’re apt to get a lot of advice from us about how you should go about filing your income taxes on 1040.com. But once in a while, we have to take a bit of a side trip in order to let you know about important developments or tools that can keep you safe.
This is one of those times. In reality, it’s not much of a side trip, since our subject is central to the cyber-security of you and your family.
It’s identity theft, and you need to know how best to avoid it.
A Combined Approach
The Internal Revenue Service has teamed up with the various state departments of revenue or taxation and the income tax industry to spread awareness of anti-fraud measures you, the taxpayer, can take to protect yourself from identity theft and income tax fraud.
Many of these recommendations are simply common sense, but may not be measures the average taxpayer thinks about a lot. That only means we should be thinking about these – and acting on them.
Strategy No. 1: Give personal information ONLY on encrypted websites. Look at the web address bar in your browser; encrypted websites will always start their web address with “https” (the “s” stands for Secure). Some sites use encryption only on their sign-in page, but if you are entering financial or personal information, every page of the site should be encrypted, not just the sign-in page. Encryption secures your information as it travels from your computer to the company’s servers.
Strategy No. 2: Protect your passwords. Long gone are the days we could use “password” or “123456” as our password for anything. Today, the longer the password, the tougher it is to crack. Use letters, numbers AND special characters. Ten characters is good, 12 is better. Don’t use predictable passwords such as your name, your birthdate or common words. And don’t use the same password for all your accounts. Remember, your password is a type of key; if it’s stolen, it can unlock a lot of doors for the thief.
And while we’re on the subject of passwords, let us remind you not to reveal your passwords in texts or email. If you get an email that asks to “verify” your password for an account, don’t do it; it’s phishing.
Strategy No. 3: Suspect EVERYTHING – don’t assume ads or emails are from legitimate companies. If you are contacted by an alleged company that you don’t know, Google the business name along with terms like “review,” “complaint,” or “scam.” If you get bad reviews in return, you may want to steer clear. If you can’t find contact information for the company, take your business – and your information – somewhere else. And don’t be swayed by the ads their site carries as proof of legitimacy. Those ads can be imported without the ad owners ever knowing.
Strategy No. 4: Don’t over-share on social media. If you haven’t done this already, it can be a real eye-opener: try plugging your name into a web search. Chances are, the results will bring back past addresses, names of the people who live with you, even social media accounts and the photos you’ve posted. Every bit of this information is fodder for identity thieves. Posting photos of your new car could give an identity thief extra information about your finances that could enable him to bypass security questions on your accounts.
Strategy No. 5: Back Up, Back Up, BACK UP! Remember that no computer system is totally secure or invulnerable to attack from an experienced hacker. Copy all your important files (that includes your tax returns, of course) to an external hard drive or flash drive and store it in a safe place.
It’s also a good idea, while you’re at it, to keep a separate copy of your important paper financial documents – your mortgage, student loan documents, loan papers and vehicle registrations, for example. Keep a paper copy – your bank’s safety deposit box is a good place for that – and keep a separate scanned copy. Do not, however, keep the electronic copy of these documents on your computer; if it gets hacked, they would be easy pickings for the intruder. Keep them on the separate hard drive or flash drive, and update everything at least once a year after you’ve e-filed your tax return.
The IRS has more ideas about your computer security in IRS Publication 4524, Security Awareness for Taxpayers.
The bottom line to all these measures is that we must be much more careful with our personal information than ever before. For every shopping opportunity and social media connection, there is a potential identity thief waiting to use those vehicles to snare your information.
As the IRS so aptly puts it, “Treat your personal information like cash – don’t hand it out to just anyone.”