Celebrities aren’t the only ones at risk of becoming victims of hackers. Millions of people from all walks of life are the targets of hacking attacks and identity theft every year. In fact, thieves stole more than $18 billion from 13.1 million victims in 2013 by using their personal information, according to the latest figures from Javelin Strategy & Research, a research firm that specializes in online-transaction security.
Hackers use everything from viruses to spyware to infiltrate computers and mobile devices to steal data, such as passwords, Social Security numbers and account information. They then can use that information to access your accounts and drain them, run up debt under your name or steal your entire identity.
Unfortunately, too many people assume they won’t be targets of hackers and don’t take the appropriate steps to protect their personal and financial data, says Jeff Bell, CEO of LegalShield, a provider of identity-theft protection services. To lower your risk of becoming a victim, take these precautions:
Sign up for Kiplinger’s Free E-Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
Create strong passwords. If you’re using simple passwords for your accounts so you can remember them, you’re making it easy for hackers to figure them out, too. Don’t use a sequence of numbers such as "123456," your birthday, you pet’s name or anything else obvious (such as "password"). Instead, Bell recommends creating passwords that include numbers, symbols and upper- and lower-case letters. The more characters you use, the better, he says. You can test the security of your passwords at Microsoft.com/security. If you have to write down your passwords, store them in a lock box or secure place. Don’t store these passwords in a file on your computer or mobile device that hackers could access via spyware you might inadvertently install by clicking on links in spam e-mails, texts or Web sites.
Use multiple passwords. Plenty of people use a single password for most or all of their accounts. If a hacker figures it out, suddenly all of your accounts are vulnerable. Ideally, you should use different passwords for every account. At minimum you should use different passwords for your financial accounts than you use for social networks.
Change passwords frequently. Hackers can use algorithms to constantly run combinations of letters and numbers to uncover passwords. If they succeed, however, it may be months before they actually use the passwords they discover. So Bell says that ideally you should change your passwords every month, or at the very least every 90 days.
Use two-factor authentication. Often you now have the option to provide a second piece of identity authentication in addition to a password to gain access to an account, Bell says. This is called two-factor authentication. Typically, you use a password and then a uniquely created code that is generated and sent to either your email account or phone. Some accounts automatically prompt you to do this, but others require you to take extra steps to set up a two-step verification process.
For example, to establish a two-step verification process for Apple iCloud and iTunes accounts, you can visit the Apple ID management system and click on “Manage your Apple ID.” After you log in, click on “Password and Security” on the left and answer your security questions. Then, you will be given the option to set up two-step verification.
Say no to Social Security number authentication. According to Javelin Strategy & Research, 80% of the top 25 banks and 96% of the top credit card issuers will allow account access if you provide your Social Security number to validate your identity. If hackers get your Social Security number, they can use it to easily gain access to your accounts. That’s why Javelin recommends that you should ask your financial institutions to place notes on your accounts that you will never provide your SSN when requested as a form of authentication.
Opt for guest checkout on shopping sites. Many retail sites offer customers the opportunity to create password-protected accounts with their billing information to make it easier for them to make purchases online. If you do, thieves can gain access to your credit card and other personal information if they hack those sites. instead, after you finish shopping check out as a guest rather than creating a personal account.
Turn off automatic storing of data to the cloud. If you don’t want your private moments to become public (as revealing photos of celebrities recently did), check the settings on your mobile devices, Bell says. For example, with an Apple device, click on “iCloud” under settings and turn off photos and documents if you don’t want them automatically saved to the iCloud.
Set up alerts. An easy way to monitor your accounts for fraud is to set up alerts with your financial institutions, according to Javelin Strategy & Research. Many banks allow you to sign up for and receive alerts when withdrawals from your account exceed certain levels and when checks clear, which can help you spot transactions you might not have made or authorized. And credit card issuers allow cardholders to set up security alerts so that they can be notified, for example, when a charge for more than a certain amount is made or when an international charge is authorized. LegalShield is one service that will for a fee monitor your accounts for signs of fraud. For more options, see Identity-Theft Monitoring Programs Worth a Look.