Eventually, one of my websites will be hacked and/or my personal data used nefariously. This article is for physicians who want to take easy steps to ensure their online security and privacy.
Consequences of Data Breeches
You might think you have nothing to hide, but we all have something to hide. A hacker could hold your information hostage and blackmail you.
Your personal data can be used to file fake tax returns for the perpetrator to collect money from the government.
Your information can be collected and sold to underground/black market services, where the information is used over the next few years to target you in phishing attacks.
Just 2 days ago, I got a text message on WhatsApp from a friend I’ve been chatting with regularly. It’s just that the text message was a link which was a hack.
My friend had his Instagram site hacked and held for ransom. It was for his antique business, and he lost many clients, information, and online history because of it.
Your Online Data is Available for Free
Endless websites have your parent’s name, social security, driver’s license number, tax ID number, old addresses, and date of birth.
If you’ve ever hired someone, you know you can do a background check on anyone. If you’ve ever rented a place to someone you know, you can do a criminal check on anyone.
So the idea that your information is someone protected online is false hope. Whatever you’ve ever entered into an application is someone online waiting for the right criminal to exploit.
The consequences are often more of a nuisance that takes months and years to fix. So I am not trying to paint a picture of doom here. I’m in if I can take some simple steps to protect myself from that headache.
1. Tax Identity Protection Pin
This is fairly straightforward. Go to the IRS website and set up a pin so nobody can file a tax return without knowing that pin.
Here is a fun mental exercise. Imagine I added a link to the IRS tax pin website. Imagine someone hacked this site and put a fake link instead, and it took you to a site where you had to enter your information.
Therefore, it’s best to use your favorite browser to search for the terms or products I recommend and access them from those generated links instead of clicking on the links here.
Yes, it’s overkill, but it’s just good practice.
2. Password Generator
I recommend using software to store your passwords, such as LastPass. It has served me quite well for years. It generates the passwords for me, so it’s completely random.
If you don’t trust software, then use a random password generator to create your passwords.
3. 2-Factor with Authy
2-factor authentication means that when you enter the password to get into a private website, you are also asked for a text message, phone call, or email or to enter some numbers from an authentication app like Google Authenticator or Authy.
I use Google Authenticator because it’s simple. But I have used Authy in the past, and my privacy friends like it. Authy syncs across your devices, so getting the numbers is simple.
4. Password Protecting Your Devices
Physicians are the victims of not just criminals but also authority.
Without a pin or password, your computer or phone can be accessed by medical board investigators and officers of the law.
You might think that you have nothing to hide. But that’s not the point. Whatever you have can and will be used against you, and anything can be taken out of context.
Your data should be encrypted and have several layers of protection.
For example, you can have a pin to get into the phone and another to get into the app. The more layers, the better.
5. Fake Emails, Fake Phone Numbers
I hop on many websites which ask me for my email and phone number. Why expose me unnecessarily?
MySudo lets you create emails and phone numbers to receive inbound messages necessary to set up an online account.
6. Google Voice Number
Virtual phone numbers are different from SIM numbers. The SIM number is the phone number assigned to your SIM card, which is in your phone. It’s possible to hack your SIM.
Virtual phone numbers such as Google Voice are, in some ways, more hackproof.
But remember that nothing is completely hack resistant.
7. Don’t Accept Phone Calls
This is more extreme, but I don’t pick up my phone or click links in messages.
If my bank calls me or my auto lender wants to verify something, it’s rarely an emergency. I let them leave a voice mail, and then I open the website myself and check.
Recently my credit card tried to contact me by calling and texting. I went on the website and saw no action was needed. This was likely a scam attempt.
My partner was recently called by an officer of the law saying she had a suspicious package in impound. I told her to hang up. She was freaking out and so continued to provide some information, and after I continued to insist, she realized it was a scam.
8. Verify Emergencies
“Your son is here at the hospital, and we need to verify some information!” This is a terrible thing to hear, but if someone knows that your son recently planned a trip into the wilderness and is not reachable according to their social media, they might attempt this scam.
The first question is which hospital. If no answer is given, it’s obviously a scam. If the hospital is mentioned, hang up and call the hospital, or if you feel it’s genuinely an emergency, tell the person you will put them on hold and dial the hospital. They’ll hang up if it’s a scam.
9. Remove Online Personal Information
Several data removal services will remove your personal information, which is sold online.
MyDataRemoval is something I’ve used in the past, and it served me quite well. It’s quite inexpensive, and it’s shocking the kind of information they find about you online.
Sites like LocatePeople, PublicRecordsNow, Nuwber, etc., have information about you that is sold to hackers, criminals, and authorities.
10. Use a VPN
A VPN is a simple software or app to install on your phone. I have one built into my Windows OS and use an app for my iPhone and Android.
Why does my telemedicine employer collect information about my location? That’s an invasion of my privacy. Just because they can get away with it doesn’t mean I’ll give them that information for free.