Bruce Harris (not his real name) still doesn’t know how it happened. In December 2014, his wife checked their online bank accounts and discovered the one holding their daughter’s tuition money ($10,000) had been drained. “Someone had gotten my Social Security number—I have no idea how,” Harris says. “With that one piece of information, they were able to get into our accounts.”
The money had been withdrawn from ATMs in increments of $500. The bank implemented extra security measures for the couple’s accounts, but the thief breached security again and drained another account of $8,000. “[The thieves] called the bank seven times in one week, and each time were able to find a weak link among the [employees] to let them into the account,” Harris says.
The bank ultimately refunded the $18,000, but the couple’s nightmare continues. “This person has access to all our information,” he says. “I’ve had to change virtually every password for everything I do online, from email to canceling my PayPal account. I’ve had to tell my payroll department at work, Social Security and all of the credit agencies. Every week I think of something else I need to worry about. It’s never-ending.”
There were 783 major data breaches—cases in which thousands of individuals’ information is exposed—in 2014, up 27.5 percent from the previous year, says the Identity Theft Resource Center. Are you putting your personal data at risk every time you bank or shop online, use social media or even surf the web? Yes—but following a few simple steps will greatly increase your security.
First Safety Steps
Start by ensuring your home computers and mobile devices are current. Install updates to your web browsers, apps and programs such as Java and Flash as soon as they appear, says Jocelyn Baird, content manager at NextAdvisor.com, which provides independent reviews and research on online services for consumers and small businesses. It’s especially important to install updates to your operating system immediately, Baird warns: “Many are critical updates designed to patch security flaws.”
Install Internet security software to protect your computers, network and devices. But hackers will still be a threat, warns Stu Sjouwerman, a hacker-turned-computer security expert and CEO of KnowBe4, which provides online security awareness training for businesses and home users. He says almost 400,000 new malware strains are created per day.
And don’t assume you’re safe because you use a Mac. Sjouwerman says Apple computers now get hacked as often as PCs.
To practice “safe Internet,” he says, start by protecting your home network with a secure password so outsiders can’t access it.
Using obvious passwords such as 123456 or password or using the same password for all your online accounts is asking for trouble. Create strong, unique passwords for each online account, and change them regularly. A strong password incorporates at least six letters (both lowercase and uppercase), one numeral and one special character (like # or $). To simplify things, Sjouwerman suggests coming up with a “pass phrase” you can remember easily, then creating passwords using the first letter of each word in the phrase plus a number and a character. For instance, “I adore my basset hound Olivia” can generate passwords like 1IambHo!, 2IaMbhO! and so on.
If that’s too tough to remember, a password manager program can help. Password manager software stores and encrypts all your passwords securely and works for computers and mobile devices. You use a master password to access the other passwords; the software fills in passwords for each account automatically.
Some even generate passwords or let you test how secure your passwords are. Internet security programs, such as Bitdefender, Kaspersky or McAfee (which generally cost about $80 to $100 to protect your computers and all your devices), have password managers that work especially well, says Baird, but you can also download standalone password managers such as Keeper (prices start at $9.99 per year), Passpack (prices range from free to $40 per year), LastPass (prices range from free to $12 per year), or RoboForm (free to $19.95 per year).
Dollars and Sense
When shopping or banking online, play it especially safe. Although it may seem extreme, Sjouwerman advises never shopping or banking on any mobile device or Wi-Fi network, even at home. His family uses a desktop computer plugged into a router for all shopping or financial transactions. Look for an Internet security program (or suite) that opens up secure, separate browser windows for you to use when shopping or banking, Baird says. BitDefender and Kaspersky are two that have this feature.
Never save your credit card information online, Sjouwerman says. Also check credit card statements, watching for small charges that aren’t legit: “$2.95 a month adds up.”
Be wary about clicking on any link in emails from retailers. “That email may be ‘spoofed.’ Clicking might get you to a website that looks just like the real one, but then it says your login failed and asks for your username and password again,” he says. “Now you’ve given that information to the bad guys, who immediately log in as you and make a bunch of purchases.”
“Few people have even basic security enabled on their mobile devices,” Baird says. Install a multi-device Internet security suite such as Bitdefender, Kaspersky or McAfee to protect your phones and tablets as well as your bigger computers. Don’t connect to public Wi-Fi networks if you can avoid it, Baird advises: “These are usually not secured.”
Mobile apps pose a risk, too. Always get mobile apps through an official site such as the Apple Store or Google Play. “Even then, some malicious apps have been uploaded to those stores,” says Baird, who suggests checking the reviews of any app you want to download and researching any company you’re unfamiliar with. “Be careful about the permissions you enable on apps,” she cautions. “Some apps track your location, or [they] store or share your personal data.” Every few months, uninstall apps you aren’t using.
If you don’t have a multi-device Internet security suite, Baird says, download a mobile security app from a reputable Internet security company such as Kaspersky, Bitdefender, McAfee or Norton (most have free and paid versions; the latter generally cost $9.99 to $19.99). A useful feature to look for includes a privacy manager that tells you what information your apps are sharing, lets you password-protect or lock apps, and provides antitheft protection for devices.
Is it safe to use cloud storage services such as Google Drive, Dropbox and iCloud for personal data and documents? “Like anything online, a lot of the security is up to you,” Baird says. In addition to creating strong passwords for cloud services, she recommends enabling two-step authentication. “This requires you provide two types of identification when logging into your account, usually in the form of your password, followed by a unique code sent to your cellphone via text message.” Most of your online accounts—including social media such as Facebook, cloud storage services such as Dropbox, and payment accounts such as PayPal and your bank—will offer this option within “Settings”; you just have to turn it on.
Of course, you also should be cautious about storing any photos, files or other information you wouldn’t want others to see.
What about when creating an account for an app? Do you really need a new password, or is it safe to log in with your Facebook, Twitter or Google+ account? Sjouwerman advises against social logins: “It’s like using the same password for all your websites.”
Baird isn’t quite as wary. “Many social logins are benign and don’t actually let the website or app access your account,” she says. “However, it is important to strengthen your privacy settings on the actual social network to ensure your information is safe from anyone you don’t wish to easily access it.”
Social logins aside, Sjouwerman notes using social media itself makes you vulnerable to social engineering. “Exercise common sense. [If you post] too much data, it’s easy for a hacker to look at what you’re doing on social media and send an email or text from someone you know. You click on it, your device is infected, and the next thing you know, your bank account is compromised.”
Make sure any site where you input personal information—even just your username and password—is encrypted, Baird says. “The easiest way to check this is to make sure the URL starts with https://—the S stands for secure.” Internet security software will indicate a site is secure by showing a symbol, such as a padlock or a green check mark.
No. 1 Number
If there’s one piece of personal data to protect at all costs, it’s your Social Security number. “[This] is the most crippling piece of identity that can be stolen, so it’s vital you keep it safe,” Baird says. “If you can avoid sharing it, do so.”
Offline, she says, you can often refuse to share it even on forms where it is supposedly required, like your doctor’s office. Online, don’t enter your SSN unless the webpage you’re visiting is encrypted. Never share your SSN over email, text message or phone.
For an additional layer of security, consider an identity-theft protection service; you can find companies, ratings and reviews by searching online. “Although [they] can’t prevent your identity from being stolen, they can help alert you to suspicious activity much sooner than you might have otherwise noticed,” Baird says.
“These services keep an eye out for personal information, such as your Social Security number, on the Internet’s black market and public records to ensure it isn’t being used, traded or sold.” Many also provide credit report monitoring and help you recover lost money and restore your identity.
You can find these services, reviews and ratings—and pricing—with an online search.
Help Is a Click Away
For an online tutorial, check the Federal Trade Commission’s Privacy & Identity page. The FTC provides information about computer security, children’s online security, protecting your identity and repairing identity theft.
So what’s the latest from Bruce Harris?
He’s now using security software with two-step authentication for his bank account—something he admits is a “pain.”
Still, at the time of this interview, he had just received notices from Kansas and Colorado that his state income tax returns lack adequate information. “I’ve had to call and explain I’ve never lived or worked in either state.”
This article appears in the July 2015 issue of SUCCESS magazine.