We’re bombarded with the threat of cyberattacks grabbing headlines and impacting businesses globally, and we know individuals are just as susceptible. Addressing one’s mortality is never a comfortable topic - however, when it comes to cybersecurity protection, it’s an important one. Have you ever thought about the risk of a cyberattack against your estate and beneficiaries when you’re no longer here to protect them? Unfortunately, the threat of cyberattacks on a decedent’s estate is both real and common. Online accounts, passwords, interactions and your digital footprint all make up part of your digital legacy. It can include bank accounts, social media accounts, access codes to safe deposit boxes, photos, devices, cryptocurrency, credit card points, airline miles and medical records.
Though it may seem off putting to consider while very much alive, it is worth planning for what happens when you pass - not least to protect all the online efforts you made in your lifetime, but also so your loved ones are protected in case these “ghost accounts” become susceptible to hackers after you’re gone.
Besides safety, leaving a clear designation of your digital estate ensures all accounts end up in the right peoples’ hands, helping them to maintain your legacy and manage the impacts of your passing by leaving accounts accessible as long as they’re needed.
CEO and co-founder of Keeper Security.
What constitutes a digital legacy?
A digital legacy, also referred to as a digital estate, encompasses an individual’s online identity, which includes all interactions, credentials, posts and activities on the internet. Beyond online accounts, digital estates are also comprised of devices, virtual currencies, credit card rewards, frequent flyer miles, web browser bookmarks, multimedia, medical records and more.
Why plan for a digital afterlife?
Making preparations for your eventual passing safeguards and preserves the digital footprint you've built throughout life, and keeps it out of the hands of bad actors. Here are some compelling reasons to plan ahead:
- Security: According to the Verizon Data Breach Report, 74% of all breaches involve the human element, including weak and stolen passwords. Protecting information from falling into the wrong hands is crucial to shield family and friends from malicious attackers.
- Designation of Digital Estate: Just as your will dictates the distribution of physical assets, planning for your digital afterlife ensures that the right individuals inherit your online assets.
- Preservation of Legacy: While you may not spare your loved ones the pain of your loss, you can ease their burden by leaving accounts accessible for as long as they require.
How to safeguard digital afterlife
To avoid the pitfalls of dormant accounts, careful anticipation and preparation during your lifetime are essential. Here are three steps to secure your digital afterlife:
- Take an inventory Just like you would for your physical estate, take stock of your online presence, credentials and digital estate, including goodwill such as loyalty cards and liabilities such as recurring subscriptions.
- Designate a digital heir Think about how you can make the process of transferring all of your credentials and assets seamless. You should securely store digital versions of important documents such as wills, deeds and tax filings in a secure, encrypted location such as a password manager.
- Come up with a plan Creating a digital estate plan ensures you make provisions for how a digital heir should manage each asset. For example, a plan may specify which accounts they should close, leave open or put on hold, and for how long. A digital estate plan safeguards your online identity and protects against malicious attempts by cybercriminals.
- Establish emergency access to your password manager This is essential in order to provide access to a designated trustee or beneficiary in the event of your passing. It allows them to address, operate and wind up your affairs.
How social apps address digital legacy
Social media plays a prominent role in our internet usage. Here's how various social and communication apps handle your digital presence after your demise:
- Google: Google can notify up to 10 individuals after a specified period of inactivity. Notifications are sent after three, six, nine, 12 or 18 months, depending on your choice. Google then makes your data available for download to the designated accounts with prior permission. You will also receive an alert one month before the inactivity period ends.
- X (formerly Twitter): X does not offer a legacy contact feature. However, relatives can complete a privacy form indicating their relationship with you in order to deactivate your account. If you want friends or family to manage your account, you'll need to provide them with your credentials, emphasizing the importance of using a password manager to safely and securely share your login.
- Microsoft: Microsoft allows you to designate a next of kin but with limited access to login details. Upon verification, Microsoft provides your heirs with a DVD containing your account data. The process begins by emailing msrecord@microsoft.com and providing proof of title and documentation of your death.
- Facebook: Facebook permits the designation of a legacy contact who can access certain account details, pin a post on your timeline indicating your passing, accept or reject friend requests and, with your permission, download an archive of your profile information, photos and videos.
- Instagram: Similar to Facebook, Instagram, owned by Meta, does not offer a legacy contact option. However, there is an option to memorialize accounts, allowing users to view your profile but not making it available on the app's public archives.
How financial institutions handle your digital estate
Financial institutions, including banks, have specific protocols for managing digital estates. They require valid identification of your spouse, family member or administrator and proof of authorization to manage your affairs. Documentation like certified copies of the death certificate, legal name, government identification and banking account information is requested. A deceased individual's checking account can also be held in the name of a trust.
Cryptocurrency exchange platforms like Binance offer the option to disable accounts if proof of your demise, such as a death certificate, is provided. Access to this feature is contingent on the deceased user having completed a Know Your Customer (KYC) Level 2 Verification.
Mortgage providers are mandated by law to allow surviving family members, individuals or entities inheriting your property to make payments without needing to requalify for the loan. Heirs also have the choice to sell the property. In cases where no one takes ownership, the mortgage company initiates foreclosure proceedings.
For business owners in the UK, having a solution for storing digital estates and login details that can be shared with estate administrators is essential.
Digital asset provisions by e-commerce vendors in the UK
As online shopping continues to thrive in the UK, it's essential to understand how e-commerce platforms handle accounts following a user's demise. Take, for example, Amazon. The e-commerce platform permits a spouse, close family member or digital executor to close a deceased individual's account by contacting Amazon support and providing appropriate proof, such as a death certificate. Beyond closure, any subsequent actions on the account require additional documentation to ensure legal validity. Amazon does facilitate the transfer of any accrued points or gift certificates.
Use a password manager for effective digital legacy management
Many of these options will require your digital heir to know your account details, personal documentation such as passport info, birth certificates, etc. Using a dedicated password manager where you can store all your details, credentials and even copies of personal documents in a secure vault makes this much easier. While different apps have their procedures for your next of kin, it can be challenging to keep track of all of your online assets. A password manager can help people manage their credentials and share them only with the appropriate people.
