You’re more than your credit score

—Originally published on ReadITQuick—

The exposure of 145 million Americans’ personal data through the recent Equifax breach was an unfortunate wake-up call for internet users everywhere. It forces us to confront the reality that, due to the “Internet of Things” and the nature of our increasingly interconnected lives, no matter how strong our defenses, data breaches are not a question of “if,” but rather a question of “when.” Cybersecurity threats are a fact of the highly-connected life we lead, and we must work to better protect our identities from those who seek to exploit them. Identity theft consumers need to guard against:

​It’s also increasingly clear that credit monitoring alone is not a sufficient safeguard against malicious forces on the web. First, relying on credit monitoring alone for protection is asking the technology to do something it was never intended to do. Credit monitoring can be a helpful tool in identifying a potentially fraudulent account activity on one’s credit file, but it doesn’t include monitoring of the dark web, which expands the search to corners of the web that house much more risk. identity theft consumers need to guard against:

Download our eBook The Art of War: Using Economics to Defeat Cyber Crime

​Second, credit monitoring is limited in the types of identity theft it is able to help detect, specifically a type of financial fraud called new account creation. But in total, there are nine different kinds of identity theft consumers need to guard against:

• Financial Identity Theft
• Child Identity Theft
• Social Security Identity Theft
• Driver’s License Identity Theft
• Criminal Identity Theft
• Employment Identity Theft
• Insurance Identity Theft
• Synthetic Identity Theft
• Medical Identity Theft

Financial identity theft may be the most common fraud encountered, but medical identity theft is actually the fastest-growing type of attack out there, and credit monitoring provides no protection for those whose medical records or insurance information has been stolen.

What’s more, the help credit monitoring does offer victims of identity theft is reactive and often only identifies irregularities after significant damage has been done. We can do better than this. The key is to stop a burglar before they enter your home, not after they’ve made off with your valuables.

No system may be impenetrable, but the negative effects of an identity compromise can be stopped before things get too bad. We can detect and dismiss the threat at its earliest stages through a multifaceted approach where credit monitoring is just one part of the strategy.

For example, ID Experts’ product, MyIDCare, employs multiple types of web monitoring and identity tracing to remediate the damage done by a data-compromising event. This certainly involves examining credit reports, but it also involves medical claims transactions, Social Security number associations, and monitoring of other public record sources. In addition, the CyberScan service is constantly scouring the dark web for the sale or trade of stolen information, looking to catch fraudulent activity before sensitive information can be fully exploited.

Cybercriminals are constantly adapting and creating new ways to penetrate online fortresses where valuable data is held. Cybersecurity has to evolve with them. According to the authors of a Verizon Insights 2017 report, it takes roughly one month to discover a breach, but data can be exposed within minutes or hours.

ID Experts, and indeed much of the identity protection world, is investing in technology that allows for nearly real-time activity monitoring. New developments, like improved machine learning, can be put to use to distinguish more quickly and accurately between normal and abnormal web activity. Updates and patches to security gaps can be implemented automatically, using a collaborative approach involving various tech disciplines. Additionally, we can encourage legislators and government actors to consider carefully the standards to which our information banks are held.

There’s still more to be done, in both private industry and public sectors, to ensure the best possible response to a breach. Perimeter defense should not be the last line of defense, nor should credit monitoring be the first, as the Equifax data compromise made plainly and painfully clear. The most valuable thing you own – your identity – depends on taking a more robust approach.