NAIC offers guidance on protecting against identity theft

Nearly all types of personal data, from medical to financial records, are now stored online, increasing the risk of identity theft and other cybercrimes. The National Association of Insurance Commissioners (NAIC) has provided several recommendations to help individuals reduce their cybersecurity risks.

Identity theft involves the unauthorized use or attempted use of an existing account, using personal information to open new accounts, or misusing information for fraudulent purposes. Even people who have never used the internet can be at risk because many companies store data online. Data thieves can access information through various means, including mailboxes, trash, public landfills, public records, and social media.

To protect personal information, NAIC suggests using multi-factor authentication for additional security on accounts. Regularly updating software and enabling automatic updates is also advised. The Cybersecurity and Infrastructure Security Agency (CISA) notes that over 90% of successful cyberattacks begin with phishing emails, so users should be cautious when clicking on links in messages.

Using strong passwords is important; a password generator and manager can help create unique credentials for different accounts. Individuals should also review their financial accounts and credit reports regularly. Each year, everyone is entitled to a free copy of their credit report from each of the three main credit reporting agencies.

Being careful about what is posted online is another key recommendation. The internet is a public resource, so it is best not to post photos revealing addresses or sensitive documents in the background.

When asked for a Social Security number (SSN), it’s important to verify why it’s needed and how it will be protected. According to the Federal Trade Commission (FTC), “Some organizations need your Social Security number to identify you. Those organizations include the IRS, your bank, and your employer. Organizations like these that do need your Social Security number won’t call, email, or text you to ask for it. Other organizations that might ask you for your Social Security number might not really need it. Those organizations include a medical provider, a company, or your child’s school. Ask these questions before you give them your Social Security number: Why do you need it? How will you protect it? Can you use a different identifier? Can you use just the last four digits of my Social Security number?”

If identity theft occurs, victims should report it to the Federal Trade Commission and follow its recommended steps.

Additional resources are available from the Cybersecurity & Infrastructure Security Agency as well as the Federal Trade Commission’s pages on Identity Theft and Online Security.