Best Practices

Best Practices

Every year, about 15 million Americans become victims of identity theft, one of the most pervasive and expensive crimes around the world. Another 100 million Americans face the potential for identity theft due to the exposure of personally identifiable information, like your home address and log-in credentials, via data breaches and consumer negligence. Whether you’re listening to your favorite album on Pandora, shopping for the perfect tea set on Amazon, messaging friends on Facebook or checking your balance on the Bank of America app, your information can be snatched in the blink of an eye – and you could become one of those 15 million people.

Hackers use a combination of tried-and-true methods and new techniques to steal social security numbers, email addresses, credit card info and passwords right out from under our noses. Extortion scams and schemes to manipulate data are among the newest and fastest-growing techniques used by today’s cybercriminals.

Unfortunately, sometimes it’s a simple issue of lax security measures and ignorance on the part of the victim. Clicking on links from unknown senders, for example, is a good way to introduce malware into your computer. In 2014, there were nearly 1 million new pieces of malware released every single day. Malware is software that causes huge problems in the form of viruses and worms. Hackers depend on negligence and complacency to bypass systems, and more often than not, they’re rewarded for their efforts.

Most identity theft victims don’t have their entire lives stolen. In 2014, unauthorized misuse or attempted unauthorized misuse of an existing account made up the majority of identity theft instances. But even those who only lose a credit card or access to their bank account will spend weeks, possibly months resolving the issue. Credit scores plummet, mortgage payments are missed, and people have to put their lives back together one piece of data at a time. Every instance of identity theft totals $3,500 in losses, and while there’s no way for an individual to purchase cyberinsurance that might help them to recoup these losses, there are steps that you can take to protect yourself from harm in the first place, prevent cybercrime in general and remain vigilant as you navigate the Internet.

Put the Right Safeguards in Place

Protecting Your Devices

First and foremost, you need good antivirus software for all of your devices, including desktops, laptops, tablets and your mobile phone. Most people install antivirus software on their primary computers, but it’s easy to forget about your smartphone or tablet. Hackers don’t forget about them. In fact, they count on you to browse the Internet over an open Wi-Fi spot so they can hack into your device and steal your data. Mobile hacking is on the rise, and there are some scary things that sophisticated cybercriminals can do with smart technology, including invade your home, spy on you, hear the keys that you type on a nearby computer keyboard and record your conversations.

Buying good antivirus software is essential to safeguarding your identity online, but it’s not always easy to sift through the technical specs to find the right one. Consumer guides like PC Mag and Tom’s Guide offer reviews of the best software available on the market, but here are some general things to consider when buying protection for your devices:

  • Your Internet service provider (ISP) may offer free antivirus software when you subscribe, and it may actually be better than the brand that you can buy via retail. Before you pay for software, check with your ISP to see if they offer any free versions or discounts.
  • Even if your ISP doesn’t offer antivirus software, there are several free versions that work pretty well for basic computing. If you operate a home business, store sensitive client data or need extra security, you may want to upgrade your suite. Read reviews and specifications carefully to see if the free versions might work for you.
  • You’re looking for the following features in a software suite: antivirus protection, spyware detection, a strong firewall, good spam filters, the ability to customize your scans, and additional protection for web browsing.
  • Don’t rely on the pre-installed firewall that comes with your computer. While it’s better than nothing, the basic firewall doesn’t always alert you to some of the trickier pieces of malware that slip through undetected.

Installing antivirus software and keeping it updated will go a long way toward preventing your devices from getting attacked. But there are also ways to keep yourself safe while you’re online. Turn on the “private browsing” feature of your Internet’s browser. In Firefox, for example, this feature is under the menu. From here, you can open up a new private window. Private browsing allows you to visit all the sites you love without the browser keeping track of your cookies.

In a regular session, all of your information will be stored to make it easier on you next time, such as when you’re entering passwords or typing in a web address. Unfortunately, this convenient feature comes at a price. Businesses can use your cookies to track your data. If you’ve ever been shopping on Target’s website for a pair of boots and suddenly see more ads for boots even when you exit the site, then you’ve experienced the result of targeted advertising. This isn’t actually a bad thing in and of itself, but the more third parties know about your browsing habits, the more likely it is that your info could fall into the wrong hands.

Certain antivirus software suites, like Kaspersky Internet Security, let you use a different browser when visiting sites that contain sensitive information, such as your bank or any website that takes payments. A message will pop up asking if you want to log in to your financial institution using a secured, private browser. If your software suite doesn’t offer this feature, then consider enabling private browsing to keep your data under wraps.

Along these lines, you should always make sure that any site that requires transmission of sensitive data – such as a lender, your broker or a shopping cart checkout screen – has an “https” at the start of the web address and a padlock symbol somewhere on the screen. These signs indicate that your address is secure and that your details will be safely transmitted.

Protecting Your Phone Number

As dependent as we are on Internet technology, phones also present their own set of challenges when it comes to data safety. Hackers can not only get into your phone and steal the information there, but they can also use basic, publicly available information – like your phone number – to create a fake identity. Here are some tips for keeping your phone information safe:

  • Opt out of telemarketing calls. Enroll in the federal Do Not Call registry. This free service is available for personal home and mobile phones, and it can take up to 31 days for telemarketers to stop calling. If a telemarketer continues to call you after 31 days, you can submit a complaint on the agency’s website.
  • Keep your cell number private. Don’t give your cell phone number out without asking why it’s needed. According to the Federal Trade Commission, it’s against the law for businesses to make you enter a cell phone number when completing an order, so find out why someone needs the digits before jotting them down.
  • Get an alternate number. Use Google Voice or a similar service to protect your real phone number. With Google Voice, you’ll get a number that’s separate from but connected to your real number, allowing you to give businesses, potential employers and other entities your number without actually giving them your number. There are some other good features with this service, including the ability to have voicemails transcribed and the option to forward calls with rules, but one of its strengths is protecting your real phone number from cybercriminals.

Protecting Your Identity

After putting the right protections in place for your devices and phone, you need to amp up the safeguards that you use for your personally identifiable information, especially your social security number. This 9-digit series might seem like a random assortment of numbers, but it’s actually a code that can give criminals some clue to where you were born – as long as it was issued prior to the randomization initiative. Until 1972, the first three digits of a social security number represented the area where the card was issued. After 1972, the Social Security Administration started issuing numbers from its main office in Baltimore, and the first three digits represented a person’s state of residence at the time of the application.

In an effort to prolong the social security system, the SSA implemented a randomized approach to issuing social security numbers beginning June 25, 2011. A good side effect of this is that new social security numbers won’t tell criminals where a person was born, but a social security number is still an intensely valuable piece of information. A few simple precautions can keep it from falling into the wrong hands:

  • Lock it up. Keep your social security card locked up in a safety deposit box at your bank or in a private safe, and don’t share the code with anyone else. Never carry your social security card with you unless you need it for a specific purpose. When you do carry it, keep it on your person at all times.
  • Ask questions. If a form requests your social, ask why. Many doctor’s offices and government agencies request your SSN to verify your identity, but you may not have to write it down on a piece of paper. Ask if you can relay the information verbally instead. If not, ask how they intend to use your social and what their procedures are for destroying the information after they’re done. Never give out your social to anyone who requests it over the phone. Even the last four digits can help a criminal uncover your identity.
  • Work smarter. If you’re self-employed as a freelancer or contract worker, then apply for a tax ID number from the IRS. It’s free to people who work independently, either as sole proprietors or employers, and it only takes a few minutes. Having a tax ID number will allow you to fill out various forms, such as loan applications or W-9s for independent contracting work, without having to divulge your SSN.

When thinking about personal ID protection, it’s easier to remember data that comes in text form, but images are just as important to protect when you’re online. Social media lets us connect with our friends, family and coworkers, but it can also allow hackers to gain access to images that they can use against us. To protect your visual likeness from becoming the face of a cybercriminal, use an avatar whenever possible instead of a real photo of you in your profile. Adjust the privacy settings on sites like Facebook, Twitter, Instagram and Google+ to prevent non-friends from seeing your profile. Taking these preventive steps may seem extreme, but hackers can and will use any piece of information they can get to steal your identity.

Take Appropriate Preventive Measures

Protecting your information before you log on to your favorite websites is an important first step in thwarting cybercriminals, but there are other preventive measures that you need to take in order to reduce your risk. A certain level of paranoia is acceptable when guarding your information from would-be thieves. After all, if large companies with high-end security suites can be compromised, then it should come as no surprise that individuals face the same or even worse threats. Start with your paper trail. Lots of personally identifiable information gets stolen from traditional sources – your trash can, for example. Once a thief has your info, she can sell it on the virtual black market.

  • Reduce your paper trail. Sign up for automatic virtual statements, have physical mail that contains sensitive information sent to a box at the post office instead of your home mailbox, and pick up your mail as soon as it gets delivered. If you’re going on vacation, put a vacation hold on your mail unless someone’s going to take in your mail each day.
  • Opt out of prescreened offers, such as credit cards or insurance, by calling 1-888-567-8688 or visiting www.optoutprescreen.com. You might miss out on great rates or promotions, but eliminating these offers from your mailbox will prevent thieves from stealing them and signing up in your name. If you want to keep the offers, make sure you shred any that you don’t end up using.
  • Shred all sensitive documents. Incoming mail and other documents that contain sensitive information should be shredded as soon as you’re done with them. This includes old credit cards, bank statements, receipts, utility bills, medical records and prescription labels. Once you’ve shredded them, put the shreds in separate trash bags or separate recycle bins to make it harder for criminals to piece the information back together.
  • Protect your passwords. Never write down passwords on a piece of paper, especially if the paper identifies which password unlocks which account. If you must do this, lock up the document in a safe place, and don’t share it with anyone.
  • Discard old technology wisely. When you need to get rid of old devices, like cell phones or computers, make sure you wipe the hard drives and remove any identifying information before disposing of them. The user manual should tell you how to take out the SIM card if necessary, and your carrier may have a recycle program that can take care of the disposal for you.

Many people have opted out of paper statements altogether, which is a good way to eliminate your information from getting into the hands of criminals. Unfortunately, hackers always find a way to buck the system. The Internet makes it easy to pay bills and shop online, but if you’re not careful, you could be giving cybercriminals everything they need to steal your money and your identity.

Private Email Correspondence

From phishing scams to imposter Facebook accounts, there are too many ways to get taken advantage of online. The more you divulge, the easier it is for even an inexperienced hacker to steal your information. Practice smart cybersecurity techniques to avoid becoming a victim. For starters, configure your email to eliminate junk messages. Most email providers offer spam filters, and you can adjust the strength of these filters to reduce the instances of junk mail. Spam is one of the easiest ways for hackers to get in for two reasons:

  • Most people ignore them completely.
  • The people who don’t ignore them fall for costly scams.

You might think that ignoring spam mail would eliminate the problem, but you do need to take some action. First, you should ignore the temptation to open these emails as they may contain viruses or other malware. But instead of ignoring them completely and letting them sit in your trash folder forever, promptly delete them. Alternately, you can set up your trash folder to automatically empty on a timed basis, say a week or so. Some people don’t like to automate the deletion, however, because sometimes spam filters accidentally let legitimate emails through. Leaving spam in your inbox could potentially allow viruses to seep in undetected.

For people who do open spam emails, the best-case scenario is that a bogus company now knows that your email address is valid and active, and they’ll continue to spam your inbox with ridiculous offers and too-good-to-be-true promotions. The worst-case scenario is that you’ve now opened an email that contains malware, and the hackers on the other end can steal your data.

Never open emails or click on links from an unknown sender. If you do know the sender – such as your bank or a friend you haven’t heard from in ages – then you may be tempted to enter in your login credentials or watch that hilarious cat video, but stop to consider the source. Most financial institutions will not request sensitive information via email. Instead of clicking on a link to give the sender your info, call the institution using the number on your statement and ask if the email is legitimate. Likewise, if it’s been a while since you talked to that friend who sent you a video, then call him up to see how he’s doing, and ask about the link.

You should know that government agencies in particular will almost never ask for your Social Security number, credit card information or other personally identifiable information through email or over the phone. In fact, the IRS will always initiate contact through the mail.

So if you get a phone call or email from a creditor or government agency demanding personal details, ask what the issue is and who they represent. Scammers won’t identify a specific agency. Your best bet is to delete the email, hang up the phone, and look up the contact info for yourself using a separate web search. Once you do, you can contact the entity directly and have them submit a request in writing or verify what it is that they need from you. Usually, though, a government agency will always communicate via mail first.

Essential Password Safety Tips

Strong, difficult-to-guess passwords are the key to protecting your online accounts, whether it’s your email, your Twitter page or your Anthropologie shopping cart. Choosing a simple password with a few numbers is no longer enough to keep savvy cybercriminals or prying eyes away from your stuff. You need to spend some time creating unique passcodes, ones with dynamic letters, punctuation and numbers. Also, never use the same password for all of your online accounts. If one of those accounts gets hacked, then a thief can access the rest of them easily. Here are some additional tips for password safety:

  • Use a password manager. Password managers not only keep your passwords safe, but they also generate unique passwords for you so that you don’t have to remember them every time you want to log in. If you’ve got a lot of accounts to keep up with, a password manager could become your best friend.
  • Create false password hints. Most sites use a “password hint” feature to help you out if you can’t remember your password. Instead of providing real answers, make them up. Don’t give a site your mother’s real maiden name or the real name of your childhood pet. These details might be available on your social media profile, making them easy to guess. Use fake details, and use your password manager to remember them all.
  • Don’t let the browser remember you. Online checkouts are easier if all of your information is already there, but convenience should never override safety. Check out as a “guest” when you’re shopping at places that you might not visit for a while. And when the pop-up screen comes up asking if you want the site to “remember” your password, say no.
  • Log out when you’re done. If you’re on a public computer or a friend’s device, log out of your accounts once you’re finished. If you share a home computer with roommates or children that would misuse your login credentials, log out after a home session too.
  • Use Wi-Fi for fun, not banking. Public Wi-Fi makes life more enjoyable while you’re waiting at the dentist’s office or riding the bus to work, but it’s also a great way for cybercriminals to access your personal data. Use Wi-Fi sparingly, and never check sensitive information, like your bank balance or stocks, while you’re on an unsecured network.

Keeping Social Media Private

If you tweet about your favorite taco stand, send Facebook messages to your cousins in Clearwater or share photos of your newest puppy on Instagram, then you’re not alone. According to Pew Research Center, 74 percent of American adults who use the Internet also use at least once social networking site, and 65 percent of all American adults have a social media account. In 2005, when Pew began tracking social media usage, just 7 percent of adults had accounts, which means that social media usage has jumped nearly 10 times in just a decade. As social networking grows ever larger, you need to make sure that what you’re putting out there for people to see is only seeable by the people you choose. Here are some tips for staying safe while you’re networking online:

  • Keep profiles bare. As fun as it is to tell everyone about your favorite books and fondest childhood memories, thieves can use this information to create imposter social media accounts, guess your password and steal your data. Simplify your social media profiles by eliminating personal information. If that seems too restrictive, then adjust your privacy settings to max security, and at the very least, nix the demographic information, like your full birth date, home address and phone number.
  • Don’t include sensitive information. Along with the demographic information listed above, don’t include data like your bank account or credit card numbers in your social media account. It might be convenient to have a credit card set up to make purchases easier on Facebook, but this is one more piece of information – and a critical one at that – that a criminal can access if he breaks into your account.
  • Avoid linking too many accounts. Having a social media account makes it easy to sign up for apps and “log in” without creating an account for certain sites. However, linking too many sites together increases the risk if something should happen. Once a hacker has your log-in info for Google+, for instance, she could easily get into any account that you’ve tied with Google+. Make it harder for cybercriminals by setting up unique credentials for each of your accounts.

Keep Track of Your Personal Info

When it comes to cybersecurity, you need to stay on top of your online information, patrolling it on a routine basis to make sure that your data is still safe. Google makes this easier by allowing you to set up a “Google alert” for your name. You can also use Google alerts for other information that you care about, but as a cybersecurity feature, it can be a great way to alert yourself to any unusual activity. Plus, getting alerts sent to your email can help you catch fraudulent activity before it causes any real damage.

If you use your real photo for profile pictures and social media accounts, take some time to run an image search to see how it appears – and where. You may be surprised to see your face on someone else’s Facebook profile. Even worse, you might find a duplicate account that uses all of your information without your permission.

While you’re searching for your image online, run a search for your name using a comprehensive data service like Pipl. Pipl and other similar sites will generate a list of every location that your information appears online, and the results can be pretty shocking. You might see your name, address, and phone number alongside sensitive details like your maiden name or any previous names you may have used, your family members’ names and all of your social media accounts. Using a service like this not only alerts you to any issues, but it will also give you a better sense of what’s available to would-be hackers. Adjust the privacy settings on your email and social media accounts accordingly.

Monitoring for Fraud

Finally, it’s a good idea to check account statements and your credit reports for fraud as soon as you get them. Scan your bank statements, utility account info and credit card bills to make sure that you agree with all of the charges. Thieves can and do sign up for accounts in their victims’ names, and you might get a bill for something you don’t own. Likewise, download a copy of your credit reports from the three major reporting bureaus to check for accuracy. By law, you’re entitled to one free copy from each agency per year, but you don’t have to order them all at once. Some people review one every four months, which is a good strategy for monitoring your credit on a more consistent basis. The only government-approved site that offers consumers their free report each year is AnnualCreditReport.com. Any other site that offers this information is trying to sell you something.

Once you download your reports, look through them carefully. If you see anything amiss on your credit report, dispute the misinformation with both the reporting agency and the entity that reported it. The Federal Trade Commission offers a complete guide, including sample letters, for disputing errors on your credit report. Note that not every error on your credit report is an instance of fraud. Believe it or not, your information might have simply been mixed up with someone else’s. That’s why it’s important to check your credit report and dispute any errors as soon as you see them. Be prepared to offer hard evidence to back up your claim that the information is wrong.

For online problems, you can report instances of identity theft to the Internet Crime Complaint Center as well as your local law enforcement agency. The local police may not be able to help you take down a fraudulent profile or recover your identity, but having a record on file will help in the larger goal of reducing cybercrime in general. Protecting yourself ahead of time, preventing key information from being easily accessible and monitoring your online presence are the best ways to stay ahead of cybercrime and to keep your personal data safe.