January 28, 2019
By: Drew Sorrell
Marriott International announced a massive data breach of its Starwood database. Hackers took off with names, mailing addresses, phone numbers, email addresses, passport numbers, affinity account information, dates of birth, gender, arrival and departure information, reservation dates and communications preferences or some combination of this personal information. According to Marriott officials, the stolen information was accessed from the Starwood database as early as 2014 and affects information in the company’s possession prior to September 10th of 2018.
Unfortunately, Marriott’s troubles are not an isolated event. Welcome to the new millennium.
Here are ten ways to protect yourself:
- Communicate with business associates
Are you traveling? The hackers now know who you are via your Marriott information. Remind your business associates how a smart hacker can exploit and spoof your email to look like it’s coming from you, and to always double check with you personally before acting on that odd request to wire money or employee information to “you” while you are traveling. Sending “emails from you” while you are traveling is a great way to prevent you learning that “you” have just ordered a wire transfer.
- Change your passwords
If you recycle passwords as many of us do (but shouldn’t), at a minimum change the password for every account that uses the same email address as Marriott (or any other breached account). Consider changing your passwords on a routine basis using a trigger that is easy to remember, such as daylight savings time.
- Change your Starwood password
- Sign up for credit monitoring
Credit monitoring is increasingly cheap and in some cases free. I used to recommend that this be done when you learn of a breach, but, breaches are now so common it really should be a constant in your life. Why not have it in place so that if a new account is opened, a new credit check hits or the like, you get an instant message or email when it happens so you can react!
- Get a password manager
One of the problems with passwords is having to remember them. With a password manager, you create a single master password (we suggest using a pass phrase that is memorable, long, and includes a number and special character or, similarly, use the first letters from the phrase as the password itself to give an almost random password), and then file your other passwords into the encrypted password manager. You won’t have to remember any passwords but the one that gets you into your password manager. Easier and safer!
- Download the App for your credit cards and banks
Frequently, these apps will permit you to turn on messaging to alert you of transactions or even freeze the account. Thus, if you are sitting in a meeting and get a text that “you” just bought something, you may react immediately. Many also offer two-factor authentication, where you receive a special code via text after logging in – highly recommended if available.
- Consider your email choice
If you are using your work email, as many of us do, for travel or other accounts, when they are breached, this email address is a trail back to you at the office. We suggest using a different email address that is generic and sanitized for such things.
- Good ‘ole 2FA
2FA is cool-dude speak for “two factor authentication”. When it is available, you should use it. For instance, if your bank account will permit you to set 2FA, say by requiring entry of a password, and then an email with a code that should be entered, then use it. Can you really be too careful?
- Be suspicious
If you get an unexpected email from “someone” you know (or especially if you do not know them), that contains a link or an attachment, think twice about clicking it. It doesn’t take much to download malicious software. Along those lines, if you accidentally click the link to open the attachment, don’t be bashful and decide “it’s probably nothing”. Reach out to your help desk folks and get them to help. Or, if at home, make sure your antivirus and anti-malware is up to date, then run it.
If you are still reading this, then your data thanks you and reminds you to call your loved ones, especially the aged ones. They love to hear from you and it’s the right thing to do. Oh, and while you are catching up with them, make sure that they are also being safe with their data. Help them to understand these issues and help them be safer.
Hackers are smart. Try to be smarter with extra thought and security applied to all your online activity.