While there are a thousand resolution-worthy action items out there, the time is always now for the things that need to change in our lives. Never were truer words spoken when it comes to our potential vulnerability to hackers.
The number of breaches and the granular nature of the data exposed in those attacks over the past year are both unprecedented. The Equifax breach alone included everything (and then some) that a scammer needs in order to buy a house or a car, pay for college or medical procedures, steal a tax refund or any other transaction.
But that’s not the only reason you should be on high alert. Technology is the friend of the hacker. Cybercriminals make a living being up-to-date on the latest security protocols and protections. They are also the most common spur for innovation, discovering the latest “eureka” moment in cybersecurity while reverse-engineering existing ones to steal data.
Side by side with the general threat is a “pre-set” attitude prevalent among consumers. Breaches and the identity theft that flows from them have become the third certainty in life, right behind death and taxes. The attitude tends to be, “There’s nothing I can do about it,” or “If it happens, it happens.”
I get it. I own a company that among other things, helps consumers resolve the fallout of identity theft. But working on the front lines of what amounts to a war of attrition against the bad guys, I can tell you that consumers can, and should, be doing more.
Here are my suggestions:
Avoid Account Takeover with Better Password Tactics
According to a recent survey, more than 80% of people 18 and older re-use the same password across multiple accounts—a practice called daisy-chaining.
Here’s the scary part: You will almost certainly be able to guess the most popular password used by consumers in 2016. (It was “123456.”) Consider, there are affordable machines on the market today that can hit a website’s authentication system with billions of passwords per second. “Password” isn’t going to do much in the way of keeping you from getting got.
Even if your personal email address hasn’t been exposed in a data breach—you can check on Haveibeenpwned.com—you need to take extra precautions.
Here’s why: If a scammer gets control of your personal email, they can commandeer many, if not all, of your accounts—retail, financial and beyond. For this reason, whenever possible, do not use your name or email address for login purposes. Rather, treat it like another password (but bear in mind, many sites will not allow you to do this).
If that seems like a hassle (remember, security and convenience aren’t always compatible) there’s an automated solution offered by a start-up called Joinesty that offers a Chrome extension that randomizes the email addresses used for login on various accounts thereby rendering your personal email address useless to a hacker.
Use 2-Factor Authentication
Do you use 2-factor authentication on all your accounts that offer it? It’s a relatively seamless process whereby every account login requires both a password and a six-digit code that is emailed or sent to your smartphone via SMS.
It is not failsafe. If a criminal has control of your personal email account or possession of your phone—and your password—they can beat 2-factor authentication. That said, you are a much less attractive a target—the predator equivalent of a spiny hedgehog waddling down the road with an excessively plump piglet. Which one would you rather be?
Turn Off Location Services, and Don’t Overshare
Remember the bumbling duo in the holiday classic “Home Alone?” It used to be that burglars cased a neighborhood. With oversharing on social media, including location data posted in photographs that permit geotagging technology and-or volunteered by way of preference settings, we are constantly “casing” ourselves for the would-be thief.
An added layer of complication here is that even if your social sharing doesn’t include location data, other members of your family might be sharing it. Remember, you are only as secure as your most insecure family member.
The conversation about cybersecurity should be ongoing with those closest to you, because increasingly we’re all connected in ways that can get people robbed.
Have Nothing to Ransom
Ransomware is going to continue to plague consumers in 2018.
Ransomware is a form of malware that occupies a victim’s computer and then encrypts every file on its hard drive. There are few things scarier than a ransomware attack, especially when the victim has no idea what just happened.
First rule of thumb: never make a payment to get files back (or stop someone from sharing embarrassing files—another prevalent scam). Contact a resolution expert first.
Second rule: Back up your files daily.
If you want to be one-hundred percent unaffected by ransomware, back up your hard drive on an encrypted, long-and-strong password-protected external drive and store a mirror backup on a cloud server. Then when your would-be extortionist demands cryptocurrency (which if you own any, should also be stored on an external wallet), you can say: “No,” and go on with your day.
Enroll in Transaction Alerts and Identity Monitoring
There is no better way to calm fears of account takeover than transaction alerts. All banks and credit card companies offer them for free. They make fraud a momentary crisis that’s easily contained, since the moment a fraudulent charge occurs, or a scammer attempts to open a new line of credit, the consumer is notified.
Think of it as an under-age keg party that gets shut down by the police—a quick burst of annoying nothing, and then everything is back to normal.
There is an added benefit to transaction alerts: Every charge you make pops up on your phone or in your email, detailing the purchase, which can help you curb spending since there is a constant—albeit instant—reminder of how much money is going to be due at the end of your billing period.
Practice the 3 Ms
- Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction, don’t over-share on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity, and freeze your credit.
- Monitor your accounts. Check your credit report religiously, keep track of your credit score, review major accounts daily if possible. (You can check two of your credit scores for free every 14 days on Credit.com.) If you prefer a more laidback approach, see No. 5 above.
- Manage the damage. Make sure you get on top of any incursion into your identity quickly and/or enroll in a program where professionals help you navigate and resolve identity compromises–oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions and employers.
The New Year offers the opportunity to turn a now-old threat into new peace of mind.
The dangers out there are manifold, but if you are prepared, even the worst attacks are survivable. The above suggestions aren’t resolutions. They are common sense. At their best, New Year’s resolutions are an arbitrary deadline to change your habits in one way or another. When it comes to hack-proofing your life, were way past midnight.
If you’re concerned about your credit, you can check your three credit reports for free once a year. To track your credit more regularly, Credit.com’s free Credit Report Card is an easy-to-understand breakdown of your credit report information that uses letter grades—plus you get two free credit scores updated every 14 days.