There has been a recent increase in the number of data breaches … enough to prompt the Better Busine
To discuss this issue with us is BBB president Lane Montz.
Staying in Contact with London Mitchell
Guest: Lane Montz, Better Business Bureau
Let's take a few minutes away from the music to discuss issues affecting the quality of life in our communities and introduce individuals working to address those issues. Staying in contact, I'm London Mitchell. There has been a recent increase in the number of data breaches, enough to prompt the Better Business Bureau of Northwest Ohio to issue an advisory bulletin. Breaches have exposed confidential information for millions and millions of us. Recent breaches include Disney, Medicare, Avis, Dick's Sporting Goods. To discuss this issue with us is BBB President Lane Mott. And to start the discussion, I suggested many of us do not know these breaches are happening or even what a breach really is. I think that's a great way to start the conversation because it's one of those terms that gets thrown about and you start to hear it so much and you don't pay attention, but you come to realize you're not really sure what that means, right? Yeah, and I'm not sure that I understand fully what it means. So what it means, and I'm not a tech expert, but I do know enough about it, I guess. So we all know that we send our information to large organizations, well, we send it to small ones too, but we send our personal information, our financial information, names, addresses, phone number, email, credit card number, sometimes the CV code. And as well as our health information, it's out there. And the way the world works is yet you do a lot of your transactions online or electronically. I know I have to go see a podiatrist, right? So it used to be when you got to the office, you'd fill out a piece of paper that indicated your medical history and your personal information. For the most part, medical providers do all that online electronically. And so it was the case with this particular doctor. So I am giving them a lot of information about myself. And if somebody else got ahold of that information, they could use it to act like me or to pose as me online, where people can't see me, where they're not personally interacting with me. They can pretend to be me and the more information they have about me, the better they can pretend to be me. And so a data breach is when information, and you think about, you and I are two of 350 million Americans, almost all those Americans are providing information online at one time or another throughout the course of a year. And these big organizations, Visa, Medicare, Dick's Sporting Goods, any place where you do a transaction or where you go to shop, you know, they get your personal information, and then they store it all, right? They store it all on those mysterious servers. Unfortunately, more and more criminals, cyber criminals, the bad guys are getting into that protected information. It's supposed to be protected. It's supposed to have digital protections in place to people from getting into it. Just like in the old days, if you went to a filing cabinet in a business, it was often locked so that nobody could get those records out. Well, sometimes businesses leave these electronic file cabinets unlocked, and sometimes people just know how to break in. And then they get that information, millions and millions of records, and it becomes available or for sale on the dark web and other places. And that's what it is. When a large organization that keeps a ton of personal information and a ton of financial and a ton of health information, for its purposes, it's supposed to keep it behind electronic lock and key, and somehow that information gets out and the bad guys know how to get ahold of it. That's not a very short answer, but that's the best I can muster. Well, it gives us some good background because just to recap what you said, almost all of us are online in some way, shape, or form, and all our medical information is online. I do it. I'm sure a lot of people do bank online, but the bad guys are out there, and they're always stalking around, trying to get in, and that's what we call a breach, when somehow they've managed to get inside and secure some of our personal information. It's been going on since the beginning of the internet and the beginning of electronic transactions and London at the beginning, it was only a certain group of people doing business online, right, and so a lot of cases, older folks didn't do it. That was at the beginning of the internet, but now it's everybody. Everybody is doing it, everybody transacts business online, and the data breaches have been around since the beginning because of course, as soon as someone aggregates something valuable, like money or information, right, that's valuable to, as soon as somebody begins collecting something valuable, somebody else wants to take it, right? It's a type of treasure, and somebody wants to steal that treasure, and so it's been going on from the beginning, but it has become worse and worse and larger and larger as time goes on. And in just this summer, we saw so many major data breaches. It was so many that we felt we had to at least put out a press release on it to let people know, hey, it's happening a lot. This is scary. This is scary if these breaches are happening a lot, and we're all out there. How do we take steps to protect ourselves? It's almost impossible not to be online anymore or have your information online, so we need to protect ourselves. How do we do that? I kind of, I kind of liken it to, are you going to get a cold? It's not a matter of, are you going to get a cold? It's a matter of when you're going to get a cold, right? When's your next cold? Not if, but when? And so is scary. For data breaches and personal information and consumer information, financial and health, it's not a matter of if it's a matter of when, it's a matter of when and chances are, you probably have already been breached. I put my, one of my personal emails into a detector online before, before I join your podcast today. And that email came up as yes, it has been subject to disclosure through a data breach. So probably explains why I get a lot of spammy, spammy emails to that email address. And you can't stop it, really, Mitchell, London, you can't stop it. You and I, the average consumer, even the most sophisticated companies and government organizations, you can't stop it. It's going to happen. Here's the important thing to remember about these data breaches. Let's say tonight, you and I go to bed and there's a massive data breach and everybody in the US's personal information has become available. That doesn't mean anything yet has happened to anyone. So the data breach itself is not a scam. The data breach itself is not your money has been taken, your identity has been used. It's only a tool by which the bad guys can, can commit the same old scams and frauds that they've always been committing. It's just a new tool and it's a tool that's real big and can get a lot of information at once. But just because you wake up in here that, you know, Citibank or whomever, I'm not picking on Citibank. I don't even know if they've had a data breach, but a big organization like the like Medicare, just because it happened doesn't mean anything has happened to you or even will. It means that information is out there in some fashion and somebody can purchase it or get ahold of it for bad reasons in the various ways. You still have to be on guard against the same old frauds and scams that you've been dealing with for the past 15 years, right? So if you don't bank online, you probably should have a way to bank online. Why do I say this? Because if you can check your bank account periodically by logging into your bank account or checking it on your phone, assuming you do so with passwords and multi factor authentication, if you can check it more frequently, you can catch a fraudulent charge more quickly, right? I would hate to think about the old days when we waited for our paper bank statements to come in the mail. Remember those days? Yeah. I would wait 30 days to find out that I have fraudulent charges being taken from my bank account. So you really, you do have to commit to being dialed in, so to speak, to keep track of your personal information. You should get a free credit report on yourself once a year to check your credit history. Make sure periodically, once a year or so, check your chain of title on your deed for your house to make sure someone hasn't sold it online with a fictitious deed. It's going to have to require vigilance and some familiarity with the computer age. Not just your bank account, but your credit cards as well. Absolutely. Yeah. If you wait and only look at things once a month and your information was disclosed in a data breach, that's probably not a very good way to live your life because something could happen and you might not know about it for 29 days and you just can't live that way anymore. You just can't, you just can't, you have to be more vigilant, which is a real bummer because technology was supposed to make life easier, right? It did in some ways, but in other ways, it's going to take our time to stay alive and afloat and protected in this day and age. I'm London Mitchell and we're chatting with Lane Mott's president of the Better Business Bureau of Northwest Ohio. We're talking about how our personal information can get into the hands of the bad guys when there is a big data breach. We have to be more computer literate, whether we want to or not. Now, wake up every morning saying those same things. I hate computers. I don't want to use them. They're a pain in the patootie. I'm old. I am getting old. I say all those things every morning, but one of the nice things about my job is it forces me to stay on top of these things. Maybe if I wasn't at the Better Business Bureau, I might not be so motivated. It's easy to fall into a rut, but I can't do that working here because it's part of our job to inform the public and including businesses about things that are going on out there. Yeah, you're 100% right. You can't just bury your head in the sand unless you live in a very enclosed community and you're doing your transactions in cash, I suppose, or your trading vegetables for beef. I don't know. Maybe that's the way to avoid it. But otherwise, I think you do have to make a commitment to at least understand what's going on to a certain extent. And I do want to touch base lane on multi-factor IDs. They can be a pain in the behind, but more and more necessary. I remember the first time I had to deal with that, that's probably been 10 or 12 years now. And as online scams were taking off, the good guys were trying to figure out ways to blunt the effects of it. And one of the things they came up with was multi-factor authentication or MFA. And I remember the first time I was asked to sign up for it, I was so angry. What are you talking about? I had to have to go through all these hoops to get to my own information, to get to my own money, and the person was very patient with me and explained the reason for it. And what it does is it forces, it forces the transaction to include some personal interaction and some personal judgment, right? It's an extra layer of protection when you want to get into your own information, but then you're going to get a code on your phone. It forces you to physically do something extra so that even if there's somebody trying to access your account, that code comes to your phone, not theirs, and it's an extra layer. It's there for us, the populace, the consumers and businesses. It is a pain. And I mean, it's definitely not going away. Here at the BBB, we use QuickBooks, and every time my accountant, which is every single day, needs to log in, there has to be a multi-factor authentication. Now I could give that, I could set it up to go to her phone number, but that's probably not good due diligence as a business manager. So it comes to me and she has to come in each morning and ask me for it. But that's going to make sure that nobody can log in to our accounting software and access our bank accounts and everything else who shouldn't be. So yeah, it is a hassle, just like though, just like keeping records that were important in the old days in a locked office, in a locked file cabinet. That was also inconvenient. If you were the person with the key and you were on vacation, that was inconvenient for the rest of the staff. So it's a different kind of inconvenience, but I don't think it's completely new. Just to recap, a breach doesn't mean that your account has been compromised, but some of your information could be out there floating around for the bad guys to secure. So best bet is, if not every day, maybe every couple of three days, you check your accounts online, make sure there are no phony charges on your credit cards or withdrawals that you didn't make on your bank accounts. It's just the new world, the world we have to adapt to. Probably every couple of months, change your passwords on things. You consider using a password management program, which will keep all your passwords for all your accounts, and those are very protected. And for you to log in and check those, you have to pass certain barriers that the program puts in place that you agree to. And don't be afraid to fight fire with fire, which means don't be afraid to learn a little bit new. It's actually not that hard once you start to use it a little bit. All good advice. Lane Montz is the president of the local office of the Better Business Bureau. Find them online at BBB.org. I'm London Mitchell, inviting you to join us next week. As we continue staying in contact, in the meantime, feel free to link up with me through my website, LondonMitchell.News. Look forward to hearing from you. Previous episodes of staying in contact with London Mitchell are available on Apple Podcasts, Amazon Podcasts, Podbean, the Suite 419 app, and LondonMitchell.News. [MUSIC PLAYING]