JPMorgan Chase, Domino’s, Home Depot, P.F. Chang’s, eBay — the list of targets continues to grow.
Information breaches that would have been difficult to fathom years ago are now common. And people are rightfully worried. After all, if the federal government can get hacked and its employees’ data stolen, how vulnerable is a personal account held at a bank or brokerage?
My friend Jack Vonder Heide, president of Technology Briefing Centers and one of America’s leading authorities on technology-related risks, says the image of cyberattackers as hipster kids in a basement hacking into websites for fun is a dangerous misconception. Cybercriminals, he says, are highly educated operatives of well-funded overseas groups, mostly based in China and Russia.
So what actions can you take to protect yourself in what feels like an endless battle to keep your data secure? Here are five steps to consider:
1. Diversify your passwords — and change them
For convenience’s sake, people often use the same password across multiple websites. Big mistake. It’s like giving an intruder a key that opens every lock. You want to make it extremely tough for a hacker to access your sensitive information. So create a different password for every financial website — brokerage, bank, credit card, mortgage account and so on. Create unique password combinations that include letters, numbers and, if possible, symbols. Establish a biannual schedule to change them. Security must be an ongoing endeavor.
2. Use an online password manager
All those hard-to-crack passwords can be a nightmare to try to store, recall and keep secure, so use a reputable password manager. The best managers include password generators that create strong, unique choices. Most password managers allow you to sync your passwords across all electronic devices, making it easy to maintain multiple passwords. Select one that includes two-layer authentication for additional protection. Check out PC Mag’s best password manager selections for 2015. Many come with an annual fee — but they’re affordable and worthy protection against hackers.
3. Make life hard for crooks
Cross-shredding confidential documents, avoiding simplistic passwords and keeping sensitive information off of unsecured channels like email are modest but effective actions. Thoroughly checking credit statements for suspicious activity and being aware of your surroundings when using ATMs are basic security measures that remain effective.Don’t let your guard down.
4. Check your credit reports at least annually
Periodically checking your credit report is a smart way to stay ahead of the bad guys — but many people don’t because of common misconceptions, such as the belief that you have to pay a fee to see your report, or you must subscribe to a service.
The fact is, federal law entitles you to a free copy of your credit report once a year from each of the three consumer credit reporting bureaus — TransUnion, Equifax and Experian. You can get these reports at AnnualCreditReport.com. If you want to be especially vigilant, spread out your requests, so that you are looking at a different report every four months instead of all three at once every year. Increasing the frequency will help you catch suspicious inquiries earlier since credit activity customarily gets reported to all three bureaus.
The goal is to check for discrepancies, inconsistencies and inaccuracies that might suggest identity theft. It’s not difficult to correct errors. The credit bureaus have improved their service and request response times. The Federal Trade Commission provides easy-to-follow instructions to dispute errors.
5. Keep your guard up when it comes to e-mails
Be wary of any email that requires you to click on a hyperlink to update a password or confirm confidential material. Such e-mails are often “phishing” expeditions seeking to scam you. They appear to come from your bank or brokerage firm, an online retailer — even the IRS.
The best rule to follow is that regardless of how real an e-mail looks, never click on such links. Contact the alleged sender’s customer service or fraud department directly to check the legitimacy of the email. Don’t use the phone numbers provided in the suspect email. Always use the contact information provided on your monthly statement or listed on the company’s website. It’s also advisable to forward the email to an organization’s fraud department.
What about inquiries from the IRS? That’s easy. The IRS does not initiate taxpayer communication through email or other electronic channels, period.
It’s understandable to feel helpless in an age of smart criminals who conduct endless assaults on privacy. But simply putting the threat out of mind is no solution. Nor is deciding that it can’t happen to you.
Learn more about Richard on NerdWallet’s Ask an Advisor.