Your personal information is valuable. Criminals can use your personal information to impersonate you and open accounts, buy items on credit, take money out of your account and even set up investment scams. The more a criminal can find out about you, the easier it is to use this information to commit crimes. But you do need to share information with various people or organisations, like your bank for example, insurer, financial advisor, doctor, employer, and your family. Here’s how to keep your information safe!
What is personal information?
Personal information is anything and everything about you, including;
- ID and passport numbers
- Education details and qualifications
- Medical history and conditions
- Employment details
- Salary and income
- Debt details
- Bank, credit card, store card and investment account details
- Insurance policy details
- Estate planning details such as your will
- Safety deposit box, storage units or home safe details
- Contract details such as DStv, Netflix or home security systems
The good news is that you can take steps to make sure you keep your information safe.
Choose and use usernames and passwords with careThese are the words and phrases you use to sign in to your devices such as computers, laptops, tablets and phones, and accounts including bank accounts and online shopping, apps, email and social media.
- Set your own usernames and passwords, and always reset passwords on a new device or new account.
- Use different passwords and usernames for different accounts.
- Use phrases as passwords with different symbols and cases, for example a social media login could be [email protected]€nd$. Phrases are easier to remember, but don’t make them too easy to guess.
- Change your passwords often, at least twice a year. Schedule time and set reminders to do this.
- If you need to write passwords and usernames down, find a cryptic way to write it – such as a shopping list – and store it away from the devices you use. Or use an online password manager that will encrypt your passwords.
- Use two factor authentication – where you need to confirm via one device that you are logging in to another.
- Delete emails and SMSs with username, password and pin number details when you have logged in.
- Set your device to never remember passwords.
- Install a firewall that prevents unauthorised access and use antivirus software such as McAfee, Norton or Kaspersky – and update them regularly.
- Set your device to lock if you are not using it so you need a password to login.
- Avoid using free Wi-Fi networks to sign into accounts such as bank accounts because it is easy for another user on the network to access your details. If you need to use free Wi-Fi use a virtual private network – VPN – that offers more security.
- Turn off predictive text and spell check when setting and entering passwords – this makes it more difficult for someone else using your device to find your password.
Store paper and online documents safelyStore online documents such as your bank statements, policy documents and wills in an encrypted folder on your laptop or computer. You can set this up by right-clicking on the folder and selecting properties, and advanced on the general tab. Then click on encrypt and apply. You can back this up to the cloud or a flash drive that you scan for viruses but keep in mind that flash drives are physical items that can get lost or stolen.
Store paper documents, including your ID and passport, in a safe place only you and your family or lawyer have access to. This could be a small safe, or if your home security is good, a box file in a study or documents cupboard. You can store documents in a safety deposit box at a bank or other financial institution, but make sure there is a plan to access this in the event of illness or your death.
Destroy documents you no longer needAnything with your name, address, contact details and an account number should be destroyed so that it is unrecognisable because some criminals see waste as a source of information. You can shred paper documents, tear them up or burn them. If you don’t own a shredder or are uncomfortable burning documents search online for a shredding company and watch your documents being destroyed.
Some documents can be destroyed when you have checked them such as ATM deposit or withdrawal slips, some after a number of years, and some should never be destroyed. In some cases, legislation determines how long you need to keep documents, but in other cases you’ll need to use your discretion.
- Tax-related documents need to be kept for a minimum of five years, or longer if there is a dispute or audit.
- Employment records should be kept for at least three years.
- Contract information should be kept for the term of the contract, or longer if there is a dispute. This includes anything from vehicle to gym contracts.
- Marriage, divorce and adoption agreements should be kept forever.
- Big ticket purchase details, such as a house, jewellery or artwork, should be kept at least for as long as you have the item.
- General statements are an area where you need to use your discretion. If you have a bank statement each month that you check and reconcile and wouldn’t need for tax purposes, these could be destroyed when you have checked them or after a year. Ask yourself – what would I need this for and what would happen if I don’t have it?
- Medical records for significant conditions should be kept for as long as you are alive. This includes any x-rays and scans such as a neck or back x-ray, and any serious illness diagnoses and treatments such as cancer, or chronic conditions such as diabetes.
Learn to recognise fraudsters and scamsIt’s easy to know that an email from Bank A threatening to close your account is a scam when you don’t bank with Bank A. But what about when it comes from your bank, with a logo and signature – how do you know the email is really from your bank? Banks and financial institutions won’t ask for your details such as PIN numbers and you should never click though on a link in an email or give out your PIN number – on the phone or online. There are a few more things to watch out for:
- Check the domain on email addresses – this is the .co.za part of an email address. Common domains are countries such as .za for South Africa and .com or .org. It is unlikely a South African company would have a domain such as .ru, a Russian domain. View emails with unusual domains with suspicion and don’t respond without checking.
- Don’t respond to requests for personal information in emails or click on links. This is likely to be a phishing mail where someone wants to scare you into action and gets you to click on a link, share password and login information so they can access your account.
- Don’t be bullied into action by someone insisting your account will be closed or frozen – no reputable organisation should do this.
- If the mail looks like it is from a company you deal with and the request looks genuine but still asks for personal information, contact the company on the number you usually use (don’t use a number given in the email as it may be bogus) and check with them where the email came from.
- When you are asked for personal information in a phone call or to verify yourself, make sure the person you are speaking to is from the company they say they represent. Ask for the company registration number, FSP number if they are a financial institution and their physical address and phone number and offer to call them back when you have checked these details.
- Use secure sites when you give personal information online – these have https in their website address and a padlock on a menu bar.
- Read privacy policies to make sure you are comfortable with how companies and websites treat your data and online information.
- Check your browser settings and preferences where you can increase privacy and control who sees your online details.
- Use notification systems so that you are sent an SMS or email when an account is logged into or information shared. You can also set up a Google alert on your name.
- Be wary of answering quick and easy online quizzes and questions – this is how people build up a profile of you which they store and use with other information to commit crime using your ID and personal information.
Unfortunately, cyber criminals and identity thieves are very sophisticated and always on the lookout for personal information. So, while these protective measures may seem like a lot to do, once you get into the habit it won’t take too much time. And most importantly, when you protect your personal information, there is less chance you will be a victim.