By Michael Hall, Chief Information Security Officer
Data breaches have become an almost predictable problem with banks, major retailers and other businesses around the world, including last month’s news that more than 500 million Yahoo accounts may have been compromised.
Properly protecting your personal information greatly reduces the risk of identity theft.
1. Stranger Danger
Be sure you know and trust whomever you might be giving your personal information to. Never respond to blind requests for information over the Internet. Do not open emails or attachments from unknown sources and do not download anything from anybody you do not know.
2. Use Different Passwords for Different Accounts
According to a Gartner study, more than 50% of online visitors use the same password for multiple accounts. As a result, if a criminal discovers the login and password for one account, such as Yahoo, they can then gain access to other accounts with the same login information. This is the easiest way for a hacker to gain access to online bank accounts, healthcare information and other online accounts that carry personal and identity information.
This form of hack is called “credential stuffing.” Not only is credential stuffing the easiest form of hack for a criminal to execute, it is also the easiest hack to protect yourself from—simply use different login information for each online account you manage. It is helpful to use a password management program. Many programs are available to manage your different logins, such as 1Password and others.
3. Secure Storage and Disposal
Store sensitive information securely and permanently dispose of any personal data that you no longer need.
Don’t forget to secure any computer or other data storage devices, like smartphones and tablets, with password protection, spam filters and antivirus software. Be sure to change your passwords frequently and keep your security software up-to-date with the latest upgrades and patches.
4. Pay Attention to Privacy Policies
The fine print can be very revealing, so please read the policy and ask questions if you see anything that’s vague or unclear. What is the information used for? Who has access to it? Are any third parties involved? If you see anything suspicious, ask for clarification. If the answers aren’t convincing, take your business elsewhere.
5. Ask Questions
Ask why any specific information is needed before sharing anything private, especially your Social Security number. You should ask why it’s needed, how will it be used and, most importantly, how will your information be protected. Is any other form of identification acceptable and what happens if you don’t provide your Social Security number?
Remember, there are some situations where Social Security information is absolutely necessary, including reporting wage and salary information from a job, applying for a loan or signing up for a rental property.
6. Two-factor Verification
Hacks into iCloud accounts have recently been on the rise. Protect your iCloud, Apple ID and Google Play accounts with “two-factor verification.”
Once you have it set up, two-factor verification will be required any time you sign in to manage your Apple ID, sign into iCloud or make an iTunes, iBooks or App Store purchase from a new device.
For Android devices, there are “two-factor authenticator” apps available for download through Google Play, such as Google Authenticator.