It seems like every day, you read about a new cybersecurity breach. Sometimes they’re huge — the well-publicized Equifax® breach compromised data for 147 million people, a hacker gained access to data for 100 million people from Capital One®, and the Marriott Hotels® breach affected more than 500 million people. Sometimes they’re smaller, as with recent hacks of local governments, including Baltimore’s and 22 cities across Texas. And then some are just odd — it seems fair to say only a handful of baseball enthusiasts need concern themselves with the recent hack of the Baseball Hall of Fame™.
When data breaches like these are announced, it’s typical to start asking yourself a number of questions, like which ones should you be concerned about? What can you do to be as secure as possible? And what should you do if you have reason to think you’ve been compromised?
We spoke with Chris Wong, the CEO of LifeSite©, a secure online vault devoted to providing best-in-class cybersecurity protection and monitoring for your most important data and documents. LifeSite is a partner of Haven Life Plus — a suite of services that helps policyholders live healthier, fuller and more protected lives.
Wong talked to us about data breaches, how to protect yourself, and why you should be a little paranoid — but not overly paranoid.
How worried should consumers be about the data breaches that have already transpired, and about breaches in general?
We all should be concerned. Our privacy is important (and we want it under our control). When we as individual consumers put our trust in companies like Equifax, Target — even our own LifeSite — we assume they take security seriously and will be responsible custodians and do everything they can do to protect our information.
For us, we think of each user like our ourselves and our own families — we would not want our information in a breach and therefore neither yours as well. Security always needs to be first and foremost.
Makes sense. Which breaches are more concerning than others? The big ones, or smaller players? Both?
Personal data, which can be used for financial fraud, is always the most concerning and have made for the scariest, most sensational stories. The reality is that for my generation, if we are going to take advantage of the value that many IT services/sites provide in exchange for personal information/registration, we have to assume that a breach will/might occur.
I’ve spoken to a lot of people who are now of the mindset that if someone ends up targeting me and they really want to go after me, there may be nothing I can do or have done to prevent it. My personal approach is to minimize my exposure by trying to only work with (when I have a choice) those service providers I (and we at LifeSite) trust.
What, if anything, can someone do to protect their information in advance? You mentioned that some companies fail to use full encryption protection. Is there any way for a consumer to know who does and doesn’t use that?
Knowing about the key and latest technologies that are available to protect us and whether the service providers actually use them would be my advice. Encryption, encryption and encryption — particularly with data at rest — is one fundamental element of security to look for. Users increasing data vulnerability for other users because they use passwords like 12345 don’t help as well. Lastly, many breaches are caused because of IT system breaches. Mostly human error IT mistakes. We guard against that by ensuring that our data is encrypted at all times through the entry, transit and storage processes. This protects against human error to a large degree.
In general, it’s hard for consumers to stay on top of this, or know if its an issue or not. Therefore we really need to commit to this as service providers. We certainly do.
What’s one simple thing someone can do to be as secure as possible?
LifeSite recommends that users always use two-factor authentication. The “front door” — username/password — is still the No. 1 attack vector for hackers. Passwords are phished, pulled out of email conversations, stolen through hacks into other systems, etc.
At LifeSite, we try to protect users from other users and have layers of security architecture, including innovations around “compartmentalization” and microservices protection. Think of us as a multi-layered submarine. No single breach or multiple individual breaches compromise users or data stored.
What should consumers do if their data is breached?
Change their passwords, check an online credit monitoring website for financial fraud, etc.
Some people might be motivated to take action because they can get money from a class-action lawsuit. But claiming that money requires you to… enter your data online. Is that safe? Or a case of “Fool me once …”?
I personally think this is a waste of time….
It seems to be pretty onerous. One, you provide a large amount of [your] data, and then what you get out of it, it doesn’t add up to me. They give you some ID protection for x amount of years, but other well-known credit monitoring websites do that as well. They provide something that works for them, but you can get that in a lot of different ways.
Do you think we will see more breaches like this in the future? Do you anticipate a time where it isn’t just money or identity that is breached, but databases related to a person’s reputation and privacy? Most of us wouldn’t want our bank numbers exposed, but we also wouldn’t want, say, our family’s digital photos (or snarky text messages to our friends) leaked, either.
We most certainly will see an increase in the type of data that is breached. No doubt about it. Technology will get better, though. It already has. We should be mindful that the value remains enormous regarding digital information storage and access, and not get overly paranoid. There are far more reasons to not be afraid, and they far outweigh the odds of a personal breach with catastrophic consequences — especially since systems are so much better, awareness is heightened, technology is that much better and users are more educated to help themselves.
That’s an interesting phrase — overly paranoid. Does that mean there’s a right level of paranoid?
There’s paranoid and then there’s peace of mind. You get paranoid because you’re trying to seek peace of mind. My point about being overly paranoid is that you could penalize yourself by being overly cautious when you’re trying to achieve peace of mind. [Someone thinks] “I do have a password, I do have important documents, so I’m going to put them in a shoebox.” You think that’s the safest place because in the cloud it could get hacked, but that’s not the safest place.
Generationally, and this came out in our focus group with a leading U.S. aging organization, people are getting over it. My parents are in their late 80s, they would never use the internet for a whole bunch of things. But they’re ok with us putting info on it. The utility and the value, and the sheer weight of what we need to value digitally. The balance has shifted.
A lot of workplaces help their employees with security — providing secure email passwords, requiring two-factor authentication, forcing you to change you password every few months. Should families take similar precautions?
It’s up to us as service providers to help you help yourself. The majority of hacks and breaches are done through the front door. Someone getting your password through a phishing scheme, or they scanned an email, or they guessed it — they went through the names and birthdays of your children and they guessed it. All the good systems protect the front door through two-factor, and force you to change your password every 30 days, and recognize your device. These are all proven methods to protect the front door.
Services like us — take passwords for example. Some people put them in an excel file or the notes app on iphone. If someone gets your phone, or takes a quick screen shot, and then they have your password. At LifeSite, we have the eyeball there, so you have to press that to look at the password. There’s two steps to look at the password within the system.
What about password managers like LastPass©?
Everyone starts with a system to keep from forgetting their passwords. Most people type them into their notes or a spreadsheet. They’re all looking for something simple. 1Password© or LastPass are helpful, but not for everyone, because not everyone is technologically sound. You have to have that application with you at all times to make everything work.
How does LifeSite help, and provide peace of mind?
We have always made security our first priority. Everything we design and implement is done with security in mind. From privacy controls, to compliance, to leveraging the latest and greatest technology, to IT architecture and processes for updates. Data security is part of our culture and we are maniacally committed to earning and keeping our users’ trust.
Equifax is a registered trademark of Equifax, Inc.
Capital One is a registered trademark of Capital One Financial Corporation.
Marriott Hotels is a registered trademark of Marriott International, Inc.
Baseball Hall of Fame is a trademark of the National Baseball Hall of Fame and Museum.
LifeSite is a copyright of LifeSite, Inc..
LastPass is a copyright of LogMeIn, Inc.
1 Password is copyright of AgileBits, Inc.
Louis Wilson is a freelance writer whose work has appeared in a wide array of publications, both online and in print. He often writes about travel, sports, popular culture, men’s fashion and grooming, and more. He lives in Austin, Texas, where he has developed an unbridled passion for breakfast tacos, with his wife and two children. This article is sponsored by Haven Life Insurance Agency.
The opinions expressed in this article are those of the person interviewed. Haven Life Insurance Agency offers this as educational information only. Haven Life does not endorse the companies or offer the companies, products, services and/or strategies discussed here.
LifeSite is available as part of the Haven Life Plus rider, included in the Haven Term life insurance policy. LifeSite also is available independently of the Haven Life Plus rider, as a paid service.
The primary reason for the purchase of life insurance is the need for the death benefit. Haven Life Plus (Plus) is the marketing name for the Plus rider which is included as part of the Haven Term policy and offers access to “Plus Benefits,” which are additional products, services and benefits. The rider is not available in every state and is subject to change at any time. Neither Haven Life nor MassMutual are responsible for the provision of the benefits and services made accessible under the Plus Rider, which are provided by third party vendors (partners).