How Safe are your Digital Assets?
How to create a Digital Legacy to protect you and your family.
Is there anything more frightening than watching media reports of the phone company you've been loyal to since its inception 30 years ago losing your data to hackers? You receive a letter saying it is OK: None of your ID documents was breached but your name, address, and phone number were lost to the hackers. Passwords are easy to change but this revelation sent me scurrying to strengthen our digital moat.
How safe are your digital assets? Baby Boomers are the first generation to have to think seriously about a digital legacy but it should apply to all ages.
Recently we attended a webinar on Digital Legacy and while I had already started the process, it revealed some potential leaks in our moat I hadn't considered. It also provided a roadmap to create a comprehensive Digital Legacy as we age so that our family will be able to access our online presence and deal with it according to our instructions along with our will.
For a lot of people, their online presence is a nebulous blob of stuff they take for granted. Let's take a Facebook account for a start. If you pass away, do you want well-meaning FB friends sending birthday greetings as a reminder pops up on their FB feed? How might your family feel about that? Do you know that unless someone has access details for that account, it will remain there sending out annual birthday reminders maybe forever? Do you know how to handle these social media accounts to ensure it doesn't happen to you? Do you know how many online accounts you have in total? Do you have access details for all of them or are there some forgotten ones?
Let me take you through our process. Take what you need to build your digital moat.
Your digital presence can be divided into categories:
Email accounts: Many of us run more than one personal email account, possibly with different providers like Google or Microsoft.
Social Media accounts: Facebook, Instagram, Pinterest, Twitter, Tick Tock (you don't, do you?) YouTube, Linked In, Meetup, Reddit, Quora
Gaming accounts
Communication accounts: What's App, Slack
Financial accounts: Banking, Superannuation, Taxation, Paypal
Shopping accounts: Amazon, eBay, Etsy
Entertainment subscriptions: eg. Netflix, Stan, Kayo etc
Digital Purchases/Assets: eBooks, movies, music, data on whatever platform you use eg. iTunes, Evernote, Dropbox
Digital Photos, and videos. eg Apple photos or even those on a backup disk
Education Assets: Courses you have purchased and reside on the creators' or a third-party platform. eg Udemy
Internet of Things (IoT) assets: eg. Alexa, home security/lighting systems, robot vacuum cleaner
Blockchain wallet: If you have a blockchain account you are probably on top of this
Phew! Betcha you didn't know how much of a digital presence one person can have. And every one of them has a strong unique password. Right! Or are they the dog's name and all the same?
The massive hacks we are seeing right now put your life as you know it at risk. Nobody wants an identity fraud to suck your time, attention and money for a very long time.
So let's get started.
Step 1: Make a list
You can make a manual list or you can go with a safer option - Password Manager (PWM) software.
What is a Password Manager (PWM)?
Software that stores all your passwords securely and keeps your data safe from prying eyes. There are many Password Manager choices but stick to the big companies like One Password, Dashlane.
A PWM generates unique, very strong passwords like - za$e9SxY&4fFSHY& - for every online account you have, stores them and logs you in using them without you having to know or remember the password. They can be up to 20+ characters, any combination of letters, capital letters, numbers and symbols. However, some companies have special requirements like only 8 characters, no special characters etc. All you have to remember is the master password that you create.
Our PWM scans the dark web and reports any data linked to up to 5 email addresses that may have been compromised. However, recently it was reported that most of the hacked data is not even getting to the dark web. It is being boldly sold in full view. Did you know that each piece of your data has a value? An email address is worth so much; a phone number has a value; together they may fetch more.
In addition, a PWM can store important information like documents and instructions for your Digital Executor to handle your digital presence should you pass away. You can even give them access to the account while you are alive. If they try to log in you can stop the access within 24 hours. However, if you pass suddenly, they can log in and after 24 hours get full access to your instructions and data to start the wind-down process.
This is perhaps the best thing we did in relation to our online presence. With 400 passwords, it is impossible to manage them any other way. We pay around $50 a year for a family account for up to 10 users (they can't see each others passwords unless they intentionally share with the other person). If you have under 50 passwords, you can get a free account.
Step 2: Spring clean - get rid of any that you don't use.
Check for the DELETE button on an online account. Quite often it is buried in the Security settings. If not, contact them by email to request an account deletion and confirm back to you that it is done. Remember you can re-create an account easily if you find you need it again.
I even changed weak passwords to strong ones on these sites before I deleted them just in case they didn't actually delete. Once deleted, I check by trying to log in, then delete from my PWM and add them to a spreadsheet so I can see what I originally had.
Step 3: Change the remaining passwords to unique passwords using your PWM
Use the password generator in the PWM software to ensure all are unique and strong.
Also, set up multifactor authentication on your accounts if possible. You can set up to get a code via phone or email as you log on. Or you can also use an authenticator app to generate codes.
Step 4: Create clear instructions on how to deal with your digital presence and assets if you are no longer here.
Either in a manual system - a book with all your accounts listed or preferably within your PWM, draft a set of instructions for your Digital Executor.
Step 5: Appoint a Digital executor as you would appoint an executor for your will
Take as much care with this selection as you would an Executor of your will. They don't need to be the same person but they need to be a little tech-savvy. You may want to get them to help you to put these instructions into place.
Remember a Solicitor or an Executor doesn't automatically have access to your accounts even if there is information in those accounts they need to carry out your wishes.
Name your Digital Executor in your will as well as your Power of Attorney document.
Bequeath your digital assets in your will eg. Apple Music, Amazon Kindle Books in your will
Step 6: Set a schedule for changing important passwords like your PWM Master Password or banking password regularly
This could be monthly or quarterly to be safe. Set a to-do and action it.
Step 7: Get started NOW!
Other useful information:
If you keep your passwords manually, use a phrase rather than a word. Put together things that do not go together, like - CalmCheeseisbad457 -. Use upper and lower case. Add numbers and symbols. Make sure each is unique.
Block fraudulent access to your online Credit Report. In Australia, you can set up a free account with Credit Savvy. Credit Savvy is a subsidiary of CommBank.
Create an account with Credit Savvy, on your computer as well as the Credit Savvy app on your phone/tablet. From either you can access your Credit report.
Now you want to lock your credit report from being accessed by anyone who might have enough of your ID information to fraudulently access credit in your name.
To do this, open the Credit Savvy app on your phone/tablet and set up Credit Shield. This sends instructions to the 3 major Credit Report companies (Experian, Illion, Equifax) to ban anyone from accessing your credit report. They will put an immediate ban on your account for 21 days and then you have to extend it for 12 months at a time.
If you go directly to these companies (Experian etc) they will charge for the service that you can get for free with Credit Savvy.
In this age of very sophisticated hackers, emails, texts and phone calls can look and sound very convincing. We have a rule in our house that when something pops up, we take a breath and walk away. We never respond to the trigger NO MATTER WHAT and NEVER EVER CLICK on a LINK. If you are unsure, make independent contact with the company involved to confirm the validity of the incoming message. You can also check the address of the incoming email by clicking on the sender. You can probably tell straight away, it is not a legitimate email address for that company. Even then, do not click anywhere!!
Did you know that you can actually set your Facebook account to a memorial account on your passing instead of having it deleted? Your choice to make. For this and several other Social Media accounts, you can nominate a Digital Executor within the settings so they can access the account on your passing and deal with it. Alternatively, if they have access to your PWM, they can get full access to your Social Media accounts to deal with according to your wishes.
Phew! That’s a lot of information to digest. My advice is to just start somewhere and chip away at it.
Let me wrap up with a recent experience. I spoke to a person at a company the other day to request the deletion of my account. She commented that they don't send heaps of emails. I said ‘it’s not your emails I am concerned about. I am cleaning up my digital presence on the back of the recent data breaches.’ Her comment 'Hackers won't be interested in a small company like ours'. My comment 'Really!! Get my details off your database pronto.' Interestingly, I received a follow-up email to say my account has been deleted, but I can still access it and see transactions. This tells me that this small online shopping company storing customer credit cards is way behind on cybersecurity.
Great Article - need to do more