Six steps to safeguarding your digital identity
We lose a bit of our digital privacy with every data breach that occurs. A breach like the one at AT&T -- which exposed Social Security numbers and other personal information needed for identity theft -- is particularly serious in the landscape of data breaches. The percentage of users with Social Security numbers exposed in our data bases following the AT&T breach increased from less than 1 percent to almost 15 percent. Sensitive personal information getting out -- especially when it's easily accessible on the public internet, not just the dark web, which requires special software to be accessed -- opens you up to a huge risk of abuse.
The most notable threat users face is the potential for identity theft, where malicious actors access email, bank, and credit card accounts to impersonate victims. This can also include gaining unauthorized access to accounts by resetting passwords and even taking control of your phone number to bypass text message confirmations. What’s more, if a thief has access to your personal details, they might go as far as taking out loans or credit cards in your name -- a tactic that remains one of the most common types of identity theft.
And it gets scarier -- it's not unheard of that the stolen information can put someone at risk of physical crimes rather than simply online fraud. Thieves can gather personal information from online data and the dark web, which can lead to dangerous real-life consequences, such as theft or worse.
Given the escalating threats as technology evolves, it's crucial to take strong measures to protect personal information against data breaches and identity theft. Here are six simple steps to mitigate the risk of falling victim and preserve peace of mind.
1. Use multi-factor authentication everywhere
Turning on multi-factor authentication (MFA) everywhere possible is the number one thing you can do to reduce the likelihood of a cybercriminal gaining access to your account with some sources sharing that your account is 99.9 percent less likely to be compromised if you use MFA. By requiring additional verification steps, such as codes sent by text, email or through inserting a USB authenticator key into your device, multiple steps for authentication enhances account protection and guards against compromised credentials.
2. Manage password risk
If I had to rank which passwords require more thought and care, I would suggest prioritizing your major online accounts, like Google, and financial accounts, like banks and credit cards, to make sure these have unique, strong, and long passwords. Aim for passwords that are at least 15 characters long and include a combination of uppercase letters, lowercase letters, numbers, and symbols. Length is key for password strength! Expert tip: try to think about a phrase from a song you like.
Now that you've created unique, difficult-to-guess passwords for each account, leverage a trusted password manager to securely store and manage them for you. A password manager can also generate complex passwords on your behalf.
Similarly, make sure to create a separate "junk" email for those less important sign-ups. Filtering junk email provides an added layer of security, plus, in the event of a data breach affecting your secondary email, the impact on your sensitive information and primary accounts is minimized.
3. Use protection across your devices
Leverage trusted antivirus (AV) across your desktop and mobile devices. While a lot of people don’t think about having AV on their phones, we tend to use these devices as portable computers. Many store credit card information and access to key accounts.
4. Secure your surfing
Be mindful of how much information you are sharing -- and with who. Browse incognito mode when possible. Filling out the answer to your first pet’s name might seem harmless, but what happens if that site is involved in a data breach? Use false information where you can and, better yet, use that second email address alongside a different name, date of birth and answers to any security questions.
Also, when you’re on public Wi-Fi or even at home, be sure to use a virtual private network (VPN). It will mask your location and encrypt the data being shared on the local network.
5. Regularly monitor
Continually monitor your online accounts and finances for suspicious activity. Consider Identity Theft Protection services to do the work for you and keep your data secure. Utilize readily available, free online services to monitor the status of your personal information, including whether it has been compromised or posted on the dark web. These services scan databases for any instances of your email address being linked to data breaches, alerting you to potential security risks in seconds.
6. Stay vigilant
Keep alert for phishing and social engineering schemes, including deceptive emails or calls. If you think you’ve received something suspicious, verify by reaching out directly to the company or organization in question through their official website. Avoid using links or contact information provided in unsolicited messages. Ask yourself, did I reach out or did someone reach out to me asking for this info. If the latter, proceed with caution and find contact information via your own search.
Sometimes, despite best efforts at prevention, scams still happen. With just your email login and password, cybercriminals can ransack accounts -- gaining access to sensitive information, such as passport information and other forms of ID, as well as credit card numbers and bank account details. Posing as you, they can change your password and lock you out of your accounts forever.
To avoid this, it’s important to react swiftly in the event of a data breach, to prevent any further damage and potential monetary loss. Knowing your online weak spots is key. Once you identify the areas malicious actors might target, such as predictable passwords or a lack of multi-factor authentication, you can quickly make the necessary fixes.
Taking a more cautious and diligent approach to identity protection means that even if your data's out there -- and there's a high chance it might be -- you've got your bases covered. With these measures, you can rest assured that you've taken proactive steps to protect your sensitive information from cyber threats, diligently safeguarding your digital footprint.
Image Credit: Shmeljov / Dreamstime.com
Oren Arar is Vice President of Consumer Privacy, Malwarebytes.