The big idea and why it matters: We can pretend to have peace of mind through avoidance (not good). Alternatively, we can use the concept of antifragility to grow stronger from difficult experiences (better). But, our real goal should be achieving “robustness,” which we can develop proactively before difficult situations occur (best).
“The fragile wants tranquility, the antifragile grows from disorder, and the robust doesn’t care too much.” -Nassim Taleb
Big Breach
If you do a quick Google search for “recent hacks” or “data breaches,” you’ll find an assortment of websites with the latest updates on this topic. Most of these incidents don’t make major headlines; odds are, you didn’t even know they occurred. Recently, however, a breach of “a company named National Public Data could have made billions of personal financial records vulnerable” and got the attention of many people, including some of our clients. Thanks to Jonathan S. and others for reaching out with questions and inspiring today’s topic. With that, let’s look more into the data breach for insights on applying the concepts of antifragility to both cybersecurity and portfolio management to help increase our collective robustness (the basis for peace of mind – to Mr. Taleb’s point). Here we go!
Private or public?
As the above article points out, National Public Data (NPD) compiles data it finds “on the line” (aka online). But what has become “public” for each of us over the years could amount to very sensitive information like addresses, dates of birth, and – yes – even our social security or other ID numbers.
If you’ve had the pleasure of doing cybersecurity training, then you may already know this data as PII – or Personally Identifiable Information. The more pieces of it that someone (like a hacker) has in their possession, the easier it is to steal one’s identity. If NPD has done the work of neatly packaging this PII in a database that has been breached, you can ascertain why it may be a problem. Thanks, NPD!
Whatever happened to good ol’ physical theft?
The five readers who have stuck with Alt Blend for the past year may recall that – in the span of one week in November of 2022 – my family had our safe stolen (home burglary), and I separately had my wallet stolen (pickpocketing), which I covered in Be Better than Me in 2023. It’s still worth the read for some of the takeaways and potential action items from that experience.
The good part of those incidents was that I immediately knew my information had been stolen. And, while it took nearly a year to rebuild our arsenal of social security cards, passports, and other documents, at least we were able to take action right away. Had we not known that essentially every sensitive piece of our PII had fallen into the wrong hands, who knows the amount of damage that could have ensued? There could be a fake Steve Tresnan, now retired on a superyacht in international waters, solely based on the value of those thirty Don Mattingly baseball cards in our safe. Instead, we took action, so I assume my name has done them no good. Thus, they’ll just have to be content being super-rich from those Donny Ms (am I laying on the sarcasm thick enough to convey the wasted effort of holding onto worthless baseball cards for over 30 years?).
You can be antifragile…
The problem (or one of the problems) with online theft is that we usually don’t know it’s occurring. And, if we do learn of a data breach, it’s usually long after the incident, so it’s likely too late to do anything about it. Therefore, we need to be more proactive and increase our robustness! Because of our theft incidents, we added home security, subscribed to credit monitoring and identity theft services, increased the strength of important passwords, and now keep our credit locked/frozen at all times (other than when we actively unfreeze it for credit checks). Thus, when my sister-in-law told us about the NPD hack and that our information was exposed, it’s not an exaggeration to say I couldn’t have cared less. What else am I realistically going to do?
…or you can be robust!
While I feel like we’re in a relatively good place with regard to our digital/credit security, we only did it because we were faced with an adverse situation that affected us directly. We’re like the kid who only did her homework because she was threatened with losing her iPad (her name is Ruby if you’re wondering) instead of just doing her homework because it’s the right thing to do.
In contrast, a friend of ours installed a complete home security system after hearing about our robbery. And recently, while he and his family were overseas, their home was burglarized. However, the burglars had less than two minutes to leave before the police arrived. Do you think Leo was thankful for the proactive measures he took?
We essentially became more robust via antifragility. That challenging experience truly made us stronger and more prepared for future incidents, which is good, but – take it from me – it’s far from ideal. You can instead increase robustness proactively, like Leo.
What can you do?
First, on the physical/anti-burglary front, I’d encourage you to go back to my 2023 blog link above and review what we learned from that incident.
On the virtual side, there are also plenty of basic measures you can take (feel free to reach out to me for specific solutions):
- Use a password management tool. This can make using stronger and unique passwords for each website you access easier. I know people under age 40 who use a spreadsheet to log their passwords. Seriously (not mentioning any names, Matt). If you continue doing that, at least write down hints to the passwords rather than the passwords themselves and try to password-protect the document. I assure you the password manager solution is better and more manageable.
- Use passkeys or multi-factor authentication (MFA) to access websites/apps. You’ll see more and more of it being offered. I recently wrote briefly about passkeys here. The idea is to use something local and specific to you (like your phone, face, fingerprint, etc.) instead of passwords. Passkeys are harder to replicate, and there’s no password to remember, so it seems to be where the puck is going.
- Freeze your credit. The three agencies that comprise your credit score are Experian, Equifax, and TransUnion. They are essentially gatekeepers lenders must go through to check your credit.
- Go to each website, create an account, and freeze/lock your credit (they use different terminology). Use a password manager or passkeys to ensure you can easily get back into these sites in the future. Also, download their apps.
- You can check and review your credit for free. Make sure nothing looks weird (it says you have a GAP credit card, but you’ve never shopped at the GAP? Probably not good..). They also have additional services related to credit monitoring and ID theft protection.
[Note: my family pays for identity theft and monitoring services because I wanted someone to call, as well as a layer of insurance coverage if anything ever happens. I think it would be difficult to go through local law enforcement or other gov’t entities to address such situations]
- Beware the Internet of Things. More and more physical devices are connected to the internet. Each can represent a gateway into networks, servers, and sensitive information. Ensure these are all encrypted. Your wifi software may allow you to monitor all the devices on your home network, and the IT-savvy can even partition the network for increased security (more about that in this Dashlane article).
- Keep software updated. It’s not hard, and computer systems or apps often force this upon us. Just do it.
- Beware Keyloggers. As another Dashlane article points out, this is another reason to use a password manager, as no keystrokes typically need to be used for logins.
I’m already way over the target length for today, so I hope some valuable ideas are in the (non-exhaustive) list above. Like feeding and bathing your kid, the least you can do is freeze your credit and keep your software up to date. Good luck out there.
In Part 2, we’ll apply these concepts to portfolio management and, ideally, even some Alts.
Until next time, this is the end of alt.Blend.
Thanks for reading,
Steve