8 Ways To Protect Yourself From Breaches
OR...Et tu, Best Buy?
Shawn Stewart
Mr. Stewart has 25 years of experience with hundreds of international, commercial, military, and government IT projects. He holds certifications with ISC2, Cisco, Microsoft, CompTIA, ITIL, Novell, and others. He has a Masters in Cybersecurity, a Bachelors in IT, a Minor in Professional Writing, and is a published author.
Consumer breaches occur when companies have personal or confidential data stolen, either from the inside or outside, resulting in that data becoming available on the open Internet or sold on the Dark Web (Read our Dark Web article). Breaches are the primary reason individual accounts get hacked. Your information gets sold, and hackers use it to take over your accounts, transfer money, or charge your credit card. Unless the breach occurs at a bank, health care provider, or involves credit cards, businesses may not be required to tell you! Here are eight things you can do right now to protect yourself from breaches.
- Have You Been Poned? – The PWNED website (www.haveibeenpwned.com), pronounced Poned, like “owned,” allows you to enter your email or phone number to determine if it has been part of a breach. If it has, the database will tell you where. The website, while a thinly veiled advertisement for software, has access to information previously stolen in breaches. It can be eye-opening to realize how often your information is compromised.
- Be Unique – Every online account needs a unique password. You CANNOT use the same password. When your single master password gets stolen, not if, all your accounts are accessible. “But, Mr. Hacker,” I hear you say, “how do I keep track of dozens of different logins because I know I shouldn’t write them down?” I say you’re right. I highly recommend the use of Password Managers. I know, I hear some of you say, “Mr. Hacker, I heard that a big Password Manager software was hacked.” Well, no, the company that runs the application was hacked, but the individual customer data was unaffected, thanks to their layered security. Using a password manager can automate the process of multiple passwords by automatically filling in logins securely on both your computer or smartphone.
- Go Long – Another unpopular recommendation is password length. Increasing computer power and brute force attacks mean that no matter what password you choose, if it’s not long or complex enough, it can be cracked in a matter of minutes! The password needs to be long enough to not be worth the hacker’s time. A 15-character password, with upper and lowercase letters, numbers, and special characters, is recommended as they mathematically take millions of years to crack! (Read our Password Intervention article)
- Change It Often – Security-conscious organizations force users to change passwords every three months, about as often as an oil change for your car. The average user with a strong password may not need to change passwords so frequently but don’t let a password stick around for more than a year. If you receive a notice that a company has been breached, definitely change your password and make it nothing like the last one. Assume someone else knows it.
- I Know It’s You, Margaret – Multifactor authentication sends out a text or uses an authenticator application on your smartphone to verify your identity. Only with the correct login and physical access to the smartphone together grants access to your account. You should enable MFA for every online account you have. If the company doesn’t offer this level of protection, you should replace them with a company that does. Yes, it’s that important. If the company isn’t willing to protect its customers, do you really think they are taking their own cybersecurity seriously?
- Everybody Clean Up – If you aren’t using an account or no longer do business with a company, delete your account or at least clean up the data inside the account. My personal InstaCart account was hacked due to a weak password and a previous breach. I had forgotten about it because I had never used it. I’m STILL in the process of prosecuting the offenders. I have their home address and phone number. But law enforcement is uninterested. If you aren’t using it, lose it! It’s just waiting to be hacked.
- A Secret Identity – You can get a free email from anywhere, like Outlook.com. To really separate your personal and online accounts, use a new, separate email address for your bills and non-personal accounts. This will help separate liability but also allow you to easily spot Phishing emails that come in on the wrong address. This is merely a recommendation if you don’t mind having multiple addresses.
- Keep It Real – Only communicate with companies and vendors through their secure mobile app or website. This one is gaining popularity as it avoids phone calls and email. Companies realize the best way to instill confidence in consumers is by proving their own identity. When you communicate only on the company’s app or website, the communication is secure and only between the listed company and you’re logged-in account. Don’t forget the MFA!
Need Help?
Reach out to us! We’re all in this together. Visit our contact page to submit an inquiry. Also, please follow us on social media for the latest updates.