If it seems like your personal data is constantly being accessed in ways that compromise your privacy, you'd be right. From last year's massive Equifax breach, which exposed Social Security numbers, birth dates and addresses of about 143 million Americans, to Facebook sharing data on an estimated 87 million users' "likes", it's pretty clear that basically anything you share online can be used in ways that are not okay.
Even more troubling: While both the Facebook and Equifax breaches have been talked about ad nauseum, neither incidents have changed how people safeguard their personal data security in a productive way. “[The Equifax hack] raised an issue, people talked about it, but unfortunately the habits that preceded it are still being repeated,” Robert Beggs, CEO of cybersecurity firm Digital Defence, said.
And the leaks keep coming. In April, KrebsonSecrurity reported that Panera Bread "leaked millions of customer records — including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number." That's in addition to similar breaches of customer data from MyFitness Pal (150 million accounts compromised), Saks Fifth Avenue (5 million people affected), Sears, and Delta Air Lines.
With that in mind, here are some tips for monitoring your personal information to keep it from getting into the wrong hands.
Be a sleuth
The surest way to find out if something fishy is going on with your financial data is by checking your credit report and monitoring your credit score for any big changes.
Checking your credit score is easy, as many credit cards offer that service when you log onto their website. If yours doesn't, try a free service like Credit Karma. Any big downward movement is a red flag. If you're not sure what happened, first take a look at all your credit cards for any suspicious charges. If you see one you did not make, immediately dispute it with your card issuer, either by calling them on the phone or through their website.
Next, take a look at your credit report, which you can get for free at AnnualCreditReport.com. You're looking for any accounts you did not open or unpaid loans that have been reported in error. If you find a mistake, dispute it directly with both the credit reporting bureau you got it from as well as from the card issuer or lender in question.
The Facebook leak is a important reminder to be extra cautious with any information you share. “We have a phrase in the information security industry called, ‘minimum necessary’ which [means] don’t give out your information unless absolutely necessary,” said Vinny Sakore, CTO of the cybersecurity firm, NetDiligence.
Start by throttling back on giving out your Social Security number to anyone who asks for it. “If I’m going to get a loyalty card and they ask for my social security number, I just say: ‘No, there’s no reason a loyalty card needs to have my social security number,” he told me.
The same goes for filling out basically any form online. Many websites will ask you for everything from your annual income to your date of birth hen they don't really need it. Leave those sections blank, whenever you can. If the information is "required" enter false information that you can easily remember. Government websites and financial institutions are pretty much the only places that need your real information, so don't give it out to any place that doesn't really need it.
Limit your losses
Because our data has been shared so openly, people should be evaluating the risk they’re opening themselves up to when conducting financial transactions.
Take credit card skimmers, which are devices installed over the card slot of a card reader, ATM, or terminal, that records information like the card number and expiration date from the chip or magnetic stripe, at gas stations. “When you use your credit card to buy gas, that’s the number one place where you’re seeing credit card abuse and capturing of credit card data,” Beggs said. “Although we know this to be a fact, most people, for example, don’t have a disposable credit card or a small [limit] credit card, [people] use their regular credit card in locations such as this.”
To limit your potential losses, consider using a back up card that has a hard limit on how much money can be withdrawn or even a prepaid visa card to use in riskier transactions. “Buy one that has a limit you can afford to lose,” Beggs recommended.You can also use digital payment services like Apple Pay or Google Pay to avoid skimmers altogether.
Mix things up
Creating strong passwords, and rotating them often, is crucial to protecting data. Using the same password in many locations opens one up to unnecessary risks. For those who have trouble creating new passwords, Beggs advises avoiding words that can be found in a dictionary by, for example, taking the first letter of every word from the first two lines in your favorite song and then adding a number that’s important to you: a birthdate or the year you got your first car.
When in doubt, apply the underwear rule: “Keep passwords to yourself and change them frequently,” Beggs added.
And, for the love of God, stop using the word “password” as your password.
While following these guidelines and basic practices will help to protect your data, it’s important to note that the onus should not be fully on the customer or consumer. Companies like Equifax, who—for the record—haven’t really been punished, should be held accountable for breaches continually, not just when the breach happens.
Government should be putting continuous pressure on these companies and not, for example, introducing a bill that has provisions which deny those who are currently active duty military and receive free credit monitoring the right to sue agencies when a breach occurs. The more pressure we put on the government to hold companies like Facebook and Equifax accountable, the more likely we are to see real change.