The new year has only just begun and already four major brands -- Snapchat, Target, Skype (owned by Microsoft) and Yahoo! -- have fallen victim to hackers. They join a seemingly endless list of other businesses, from big (Google, Sony, Lockheed Martin, Visa, RSA, Barnes & Noble, T.J. Maxx, etc.) to small that have been breached by attackers over the past few years.
With the onslaught of seemingly unstoppable cyber attacks against major companies, is there anything consumers can do to protect themselves? Although these days a lot of our personal and financial information is held by private companies and the average person has little to no control over how it is stored, used and protected, there are a few steps you can take to limit the damage that may result from a hack attack.
Here are five consumer takeaways from the Snapchat and Target hacks:
Debit Cards are Risky - The U.S. is way behind other developed nations when it comes to the security of debit/credit cards. We presently use magnetic strips on the back of our cards that store account information in a way that can be easily stolen by hackers. In the European Union, debit/credit cards use more secure "smart chips" that generate a unique code every time they're used, making it significantly harder to hack them. As a consumer, you need to be aware of the risks of using outdated, vulnerable American cards. The best way to protect yourself is to avoid using debit cards altogether -- use a credit card instead. Although a credit card uses the same technology and is just as vulnerable to hacking, it's much easier to call your bank and dispute an unauthorized charge, as opposed to a debit card which immediately takes the money out of your account. If a credit card isn't an option for you, consider lowering the withdrawal limit on your debit card, change your PIN every few months, sign the back of your card and sign up for your bank's fraud protection services.
Monitor Your Credit and I.D. - In addition to monitoring your bank accounts for unauthorized activity, you should also regularly check your credit report for fraudulent activity. Under the Fair Credit Reporting Act, the three national credit bureaus -- Equifax, TransUnion and Experian -- are required by law to provide you with one free annual credit report each year. Given the higher incidences of hacking these days, every consumer should check their credit report at least once per year to make sure they're not a victim of identity theft. An even better way to do this is to request a free credit report from one of the credit bureaus every four months, that way you're able to monitor your credit report for free throughout the year. Identity theft protection services are another option available to consumers, and they're worth looking into. While they can't prevent you from becoming a victim of identity theft, these services will alert you if there is a problem. These generally cost between $10 and $25 per month. However, before paying out of pocket for this, check with your bank or insurance company to see if they offer these services at a reduced cost.
Protect Your Passwords - These days, everyone needs to learn how to do effective password management to better protect their online accounts. First, don't use the same password for multiple accounts. Try to change your password every few months. And make sure you're writing a strong password to begin with -- 10 characters long, using a combination of letters (upper and lower case), numbers and symbols. By following these tips, you'll lower your risk of getting hacked and you'll also reduce the damage that might be caused if one of your accounts is hacked. Remembering all these different passwords for multiple accounts is hard -- so use one of the many password management programs out there (such as LastPass and PasswordSafe) that store all of your passwords in an encrypted file.
There's No Such Thing as Online Privacy - By now, everyone should realize that online privacy is a myth. Whether it's a messaging app that promises to "erase" or securely store everything you share, or a social networking site, email or online shopping account, nothing is 100 percent private and 100 percent safe all of the time. Therefore, don't share information online or via mobile apps that you wouldn't want someone else to see. Assume that everything you do on the web will be public knowledge. Some other steps you can take: force websites to encrypt your online session using HTTPS (such as HTTPS Everywhere or ForceTLS) and consider adding an extra layer of encryption to your online surfing by using a Virtual Private Network (VPN).
- It's "When," Not "If" - First of all, it's important to realize that there is no such thing as a 100 percent safe company, website, app, card reader, etc. Instead of closing your eyes to the risk of hacking or hoping it doesn't happen to you, assume that your debit cards, credit cards, online accounts, email, etc. will eventually be compromised. As a result, everyone should have a contingency plan in place for what to do after they've been hacked and how to mitigate the damage. For instance, do you know how to file a fraud alert with the credit bureaus or to initiate a credit freeze? Do you know how many of your online accounts share the same password or are linked through your email? Do you have alerts set up on your bank account to warn you about large withdrawals? When was the last time you changed your PIN? These are just some of the questions you should start asking yourself now.
It's not just small companies that have security breaches. Even Fortune 500s and government agencies are regularly breached. As a consumer, make sure that you understand the risks to your personal and financial data. Whether it's a hack against your PC or a hack on a back-end server at a major retailer, the cyber criminals are out there actively targeting us every day -- and they often succeed. While you can't prevent every attack, you can reduce your risk exposure by being proactive with password management and debit card usage, and monitoring your accounts and credit history.