Reading about massive IT security events like the recent Target point-of-sale data breach, Microsoft Internet Explorer or Heartbleed security vulnerability can leave users and consumers feeling confused, frustrated, helpless and powerless to avoid becoming a victim.
The fact is, there are a number of things you can do in the event of a future data or security breach to help minimize your risk.
1. CHANGE YOUR PASSWORDS
This one is often the most frustrating, but it’s also the most effective. If you’re not using a password with at least eight characters, a mix of letters, numbers and symbols, now is the perfect time to start.
One tip to creating a password that’s easy for you to remember but difficult to crack is the phrase method. Create a sentence that’s easy for you to memorize, such as “Hi, my name is Sean and I was born at 123 Oak Avenue.”
Then take the first letter of the sentence and write it out, including all capitalization, grammar and numbers. In this case, you would have: H,mniS&Iwb@123OA.
That’s 16 characters and a mix of letters, numbers and symbols. It’s impossible to memorize the way it is, but easy to recall if you just remember the phrase. This would be an extreme example above, but consider a simpler phrase that uses the same method for your own passwords.
2. MAKE EACH PASSWORD UNIQUE
Want to make your logins as secure as they possibly can be? Don’t forget this last step: Make each one unique. That doesn’t mean you have to have completely original passwords, it just means that they should be different.
One way of doing this is to add the first letter of the site you are accessing to the front or back of your password. Facebook would get an “F” in front or back, Google would get a “G”, etc.
This may be a simple code to break if a malicious hacker spent some time analyzing your password. But hackers like to run routines that try thousands of combinations at high speed. Looking at each password individually and trying to crack it is simply too inefficient and difficult to be effective.
Once you have your own method of individualizing each login, begin with your most important accounts (banks and financial institutions, email accounts, Avnet logins, even social media) and replace what’s there with your new password.
After a few repetitions, you’ll have a newer, much stronger password at your disposal.
3. USE TWO-STEP AUTHENTICATION WHEN IT’S AVAILABLE
For maximum security, more websites are moving towards what is known as “two-step authentication”. In step one, you log in to your account as you normally would. But instead of letting you access your account directly, the website sends a short string of numbers or letters to your mobile phone number on file. Once you receive this text, you then key in the code and are granted access upon acceptance.
Two-step authentication is simple and fast, and it requires any malicious hacker to have both your login information as well as access to your working mobile phone account. It’s not foolproof, but it’s much more secure than single-step authentication and more sites are embracing it for that reason.
If given the option, accept two-step authentication for your most valuable accounts.
4. MONITOR YOUR INBOX
Most websites today generate an email in the event that somebody tries to change your login information. If you begin to receive these auto-generated emails without your involvement, that’s a sure sign somebody’s trying to take over your account. Be sure to check your spam folders as well!
DON’T click on the link in the email in case the notification is actually a sophisticated phishing scam. It’s much safer to open your browser and manually type in the site address to log into the account in question. Then make sure you change your password using the new, improved combination you came up with in steps #1 and #2 above.
5. WATCH YOUR ACCOUNT ACTIVITY
Keep a close eye on your account activity, especially after a major security breach. Log in to bank accounts and debit and credit cards accounts regularly to ensure that you alone are responsible for all activity - large or small.
Report anything unusual right away through phone support using the phone numbers provided on the official website or back of your card. Do not call any numbers provided in the email; it can be part of a phishing scam.
Check your social media accounts from time to time as well, to make sure that all the content is yours.
Check and monitor your credit and debit card statements.
You may want to consider an identity and credit monitoring service such as LifeLock, Identity Force or Identity Guard that can monitor account activity for you.
6. USE CREDIT CARDS, NOT DEBIT CARDS
Simply put, debit cards give you access to your money, while credit cards give you access to the bank’s money. As a result, credit cards offer far more protection than debit cards, and the bank can monitor the transactions more closely.
In the event of a card fraud event, credit card companies can be made aware of it in minutes, while debit cards can take weeks to detect. Use cash or credit cards whenever possible to minimize your exposure, and check your national laws regarding credit and debit card exposure in the event of fraud.
You may also want to consider the following as well to minimize your exposure:
- Use multiple cards – if one account gets compromised, you’ll still be able to make purchases.
- Use multiple types of cards – Carry VISA, MasterCard, and/or American Express in case one vendor’s systems are compromised.
- Use different institutions – Don’t carry cards from one bank; use multiple institutions to spread your exposure.
Major IT security breaches can be a real source of frustration, fear and even helplessness. But by following the six steps above, you’ll be doing everything you can to minimize your chance of exposure and damage in your online and offline activities.