Cyber crime headlines are challenging conventional crime headlines when it comes to grabbing attention. Unfortunately, the cyber crime trend will continue as long as computer systems and users continue to exist. Human action, whether by hacker or unwitting users, is the key to perpetuating these crimes.
Here a few tips to make you less of a phish and minimize the damage should you compromise your own information. Please note that some of these recommendations may seem like a lot of work. They are. Ease of access to your information not only is convenient for you, but is also convenient for hackers.
Cars have crumple zones to minimize shock and impact to passengers. Ships have bulkheads to seal off areas in the event of a hull breach. Both minimize damage when catastrophe strikes. Compartmentalizing your online profile may do the same for you if your information is compromised by yourself or a third-party (like a hacked merchant or service provider).
Segment your online presence by using a unique email address and password for each service provider or category of service. For example, one email address for merchants accounts, a different email address for news channels, a totally standalone/not used for anything else email for your bank accounts, etc.
Enable Two Factor Authentication (2FA)
Two Factor Authentication (2FA) is a multi-step process for verifying a user’s identity before a system allows the user total access to his/her online account. Users receive a verification code when attempting to login from an unknown (i.e., unverified) browser or device. The verification code may be sent via many different channels with SMS to a mobile device being most common. You may also opt to generate verification codes during account set-up or ad-hoc from an app on your mobile when attempting to login.
Whichever method works for you, consider this an essential countermeasure against hacking for all of your online accounts—especially anything that creates exposure to your financial or personal data.
Upgrade Your Password
You should know this already; it’s 2017. Yet people are still being hacked because they are too lazy to upgrade from “password” as their password. Take the rest of the day off and update your passwords across your accounts. Below, a few tips for doing so:
- Make it at least 12 characters long.
- Mix in a numeral, capital letter, and a special character.
- Never reuse passwords.
- Do not use your birthday, the last four digits of your SSN, or your house number/PO Box in the numeric component.
- Use a passphrase that incorporates numbers as letters, like “d0nth@ckmef#ck3r5” or “h0rs3b@tt3r13s”
Upgrade Your Security Questions & Answers
Online service providers have used security questions—those questions and answers you provide during account set-up—to verify your identification for years. The stalwart What’s your mother’s maiden name? is still in use as are derivatives asking for your dad’s middle name, the street you grew up on, your first pet’s name, etc.
You may not always be able to vary the questions, but you are not beholden to tell the truth on the answers. In other words, answer the questions with a response that you can remember and that is not the correct, factual response that can be derived from information on your Facebook page or other social profiles. For example, you may choose to list “Wayne” as your mother’s maiden name if you always wanted to be Batman, or “Augusta” if you need a grandmother’s first name.
Below, a few other ideas:
- Select and use the maximum number of questions for verification.
- Use the last four digits of your neighbor’s phone number instead of the last four of your Social Security Number (if possible).
- Use a favorite word instead of your mother’s maiden name. “Yes, my mom’s maiden name was actually ‘xylophone’” seems like fun conversation to have.
- Use info from favorite literary or fictional characters for names, dates, and friends. Try to avoid common favorites like Batman, Superman, Wonder Woman, and Halle Berry.
- When faced with choosing an answer from a drop-down, pick something that corresponds to the first letter of your dog’s name. For example, your beloved lab is named Max. Choose “Maltese” from the list instead of “Labrador Retriever.”
Use a Burner Email & Phone
Your main email address and phone number are firstname.lastname@example.org and 713-555-5555. Everyone knows them. Do not use these for anything. Instead create disposable accounts for email and phone. Ditch them when they are compromised. Updating your online accounts with new info is a PITA, but not as bad as trying to reclaim your identity, stolen funds, or both.
- Create an email alias, or disposable email address, for your existing account. Here are instructions for two options on Gmail and Yahoo.
- Create a disposable phone number with Google Voice.
Safeguard Your Credit Card Info
Storing your credit card in your online profiles makes completing transactions a breeze. Unfortunately, those transactions may be completed by unauthorized users of your account.
- Opt out when asked if you’d like to store your credit card number on your account; or
- Complete online transactions using a reloadable debit card.
- You control the amount on the card, and getting a new number is as easy as going to the drug store.
Review Your Accounts Periodically
Any open account is an opportunity for a hacker to access your data. Review your online accounts and subscriptions once every two months and close any unused accounts. This should also reduce the spam and bacon in your inbox.
Create a Data Breach Plan
You’ve probably got some sort of strategy for the next hurricane or tornado strike, right? What are you going to do when your online accounts are hacked? At a minimum, you should:
- Contact the account provider to shut down or reclaim the account. You do know who to contact to start fixing the situation, right? Below, where to go for the biggest accounts:
- Amazon (took forever to get an answer; had to chat with a CSR to confirm there is no clear answer online other than contacting the company via phone at 1-866-216-1072 or online)
- Hotmail / Microsoft
- Contact your financial institutions and request account monitoring and alerts.
- Inform your contacts to avoid proliferating the hack.
- Take a deep breath, and try to remain calm.