Time to read: 5 minutes

Ever since the story broke about the Equifax data breach and potential theft of personal information, we’ve received many questions from concerned clients.  According to the Federal Trade Commission, if you have a credit report, it’s likely you’re one of the 143 million U.S. consumers whose personal information was exposed.  While there’s never a guarantee of your complete online security/privacy, there are some practical steps you can take to protect yourself.  Here’s our short list:

  • To see if you might be impacted by the data breach, Equifax offers a free search on its website (equifaxsecurity2017.com) by entering a portion of your Social Security Number and last name. We think it’s best to simply assume your data was exposed.  Keep in mind that the full impact may not be known right now, so revisiting the site periodically may be helpful.
  • Keep strong and unique passwords. Consider changing passwords, especially those used to access banking, healthcare, or email accounts.  Many e-mail services offer two-factor authentication, which sends a text message to your mobile phone with a PIN you must enter to complete the login.  Two-factor authentication adds an extra layer of security.
  • Consider using a credit monitoring service, such as Creditkarma.com or Credit Secure, offered by American Express. Equifax offers a free year of its credit monitoring service, although you may want to carefully consider using the Equifax service since the company was unable to protect personal data.
  • If you are impacted, consider placing a freeze on your credit with all of the following credit reporting agencies. Freezing your credit is the only way to prevent anyone with your personal information from opening accounts in your name.


Transunion: https://freeze.transunion.com/sf/securityFreeze/landingPage.jsp

Innovis: https://www.innovis.com/securityFreeze/index

Experian: https://www.experian.com/freeze/center.html

  • Be on high alert for impersonators or phishing attempts by fraudsters and the emails that appear to be from these companies telling you that you’ve been impacted. They will try to create a sense of urgency and ask you to “click here” for more information.  When in doubt, do not click the link.  Any legitimate company will have another way for you to contact them to be sure the email is safe.  If in doubt, pick up the phone and call the sender to verify before taking any action via email.
  • Avoid emailing personal/confidential information via unsecured email. Password protect PDFs, for example.  When emailing information to BWM Financial, you may drop any sensitive documents into your EMX vault or request a secure email from us to which you can reply.  If you’d like a refresher on how to use the EMX vault, let us know before or during your next review.

Our office will continue to exercise extra caution in the wake of the data breach.  We have strong protections in place already, three of which are particularly important:

  • Our client websites are non-transactional so funds cannot be moved via online request by clients or fraudsters.
  • We verbally verify any new money movement with you via phone call, in addition to receiving signed paperwork before funds are sent outside of LPL. Verbal verification for a change of address or phone number is also required.  We cannot accept emailed instructions alone.
  • We serve only a small group of clients whom we get to know well. Familiarity with your face, voice, and habits are invaluable.

Please feel free to contact us with any questions you have about protecting your personal information.