As cyberthreats continue to evolve, so does the severity of personal data breaches. Follow these best practices to help prevent identity theft and safeguard your personal accounts.
- Evaluate the source of email. It’s important to cautiously review personal and work email across all devices and consider the source before opening messages.
- Why? The first step for many hackers is sending a phishing email in an attempt to capture login credentials or download a file — especially zip files — to your computer. A malicious downloaded file can collect and pass private information from your computer to a hacker or lock down your computer in a ransomware attack. The best prevention often starts with a healthy dose of skepticism. Were you expecting the email? Do the email address and URL sources for embedded links appear legitimate? Be extra cautious of attachments or embedded links asking you to provide information. A common and increasing email threat is fake alerts from retailers warning you’re locked out of your account and asking you to click a link to reset your credentials. That link could unknowingly connect you to a cybercriminal’s server. Instead of clicking embedded email links, it’s always best to go to the actual website URL for your retailer or service provider to log in and make any necessary updates. If in doubt, verify with sender by using an alternate medium, such as a text message or phone call.
- Change your passwords regularly. A best practice is to change your passwords at least every 60 to 90 days. Other password tips:
- Don’t use the same password for multiple accounts — if your password is accessed by hackers on one account, it makes it much easier for them to attack additional accounts.
- Be sure to use a combination of symbols, letters, and numbers to strengthen your passwords.
- It’s okay to use a reputable password manager app that uses strong encryption to store your passwords but always use one that has dual-factor authentication functionality.
- Don’t share your passwords with anyone, including your administrative assistant.
- Clear your browsing history and all cookies regularly. It’s a best practice to perform this action weekly to clear stored passwords and other data from websites and forms in your history.
- Use dual-factor authentication. Where available, use dual-factor authentication to help ensure that people trying to gain access to your online account are who they say they are. This is very important for sensitive accounts such as investment accounts.
- Set up alerts for all your financial accounts. The alerts will notify you of changes to personal settings like password changes, address changes, or account transactions over a preset amount.
- Use off-computer storage for critical documents. Where are your sensitive digital documents stored? For example, do you keep copies of your tax return or quarterly investment statements on your laptop or in a folder in your email? It’s best to save them on a secure encrypted drive or folder.
What should you do if you suspect your computer has been hacked or you’re notified of a breach of an account or your personal information? If you suspect a cyber breach, follow these steps:
- Change your passwords immediately. This is especially important for financial accounts.
- Alert your financial advisor and bankers. They can watch for any suspicious activity on accounts.
- Consider closing and reopening new bank and financial accounts.
- Set up alternate password types and PIN numbers where possible. Some custodians will allow you to set up a verbal password for any transactions. You can also set up a personal identification number as a requirement to file tax returns in your name. This provides added security from tax return fraud.
- Check your credit report often for suspicious activity. By law, you’re entitled to a free credit report from all three major credit reporting agencies (TransUnion, Equifax, and Experian) each year. You can also use monitoring services that provide unlimited access to your credit information year-round.
- Consider “freezing your credit” with the credit reporting agencies. If you don’t plan on setting up a new line of credit soon, freezing your credit can prevent cybercriminals from applying for credit in your name.
Cybercrime is on the rise, and so is the need for extreme vigilance over your personal digital security. The measures outlined here — once considered by many to be an overreaction to a negligible threat — are based on the hard experiences of real-life users and are now considered a minimum standard for cyber protection. Remember, cybersecurity starts with you.