Scammers, hackers and identity thieves are always looking for ways to steal your personal information – and your money.
Fortunately, there are steps you can take to protect yourself, like keeping your computer software up-to-date and giving out your personal information only with good reason. Here are the basics.
Use well-known security software that updates automatically
The bad guys constantly develop new ways to attack your computer, so your security software must be up-to-date to protect against the latest threats. Most security software can update automatically; set yours to do so. Also, set your operating system and web browser to update automatically.
Don’t know where to start? You can find free security software from well-known companies here on the StaySafe.org site, from the National Cybersecurity Alliance.
If you let your operating system, web browser, or security software get out-of-date, criminals could sneak bad programs – malware – onto your computer and use it to secretly break into other computers, send spam, or spy on your online activities. (See here for steps you can take to detect and get rid of malware.)
For example, don’t buy security software in response to unexpected pop-up messages or emails, especially messages that claim to have scanned your computer and found malware. Scammers send messages like these to try to get you to buy worthless software, or worse, to “break and enter” your computer.
Treat your personal information like cash
Don’t hand it out to just anyone. Your Social Security number, credit card numbers, and bank and utility account numbers can be used to steal your money or open new accounts in your name. So every time you are asked for your personal information – whether in a web form, an email, a text, or a phone message – think about whether you can really trust the request.
In an effort to steal your information, scammers will do everything they can to appear trustworthy. (Learn more about scammers who “phish” for your personal information here.)
Check out companies to find out who you’re really dealing with
When you’re online, a little research can save you a lot of money. If you see an ad or an offer that looks good to you, take a moment to check out the company behind it.
Also type the company or product name into your favorite search engine with terms like “review,” “complaint,” or “scam.” If you find bad reviews, you’ll have to decide if the offer is worth the risk. If you can’t find contact information for the company, take your business elsewhere.
Don’t assume that an ad you see on a reputable site is trustworthy. The fact that a site features an ad for another site doesn’t mean that it endorses the advertised site, or is even familiar with it.
Give personal information over encrypted websites only
If you’re shopping or banking online, stick to sites that use encryption to protect your information as it travels from your computer to their server. To determine if a website is encrypted, look for https at the beginning of the web address (the “s” is for secure).
Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, the entire account could be vulnerable. Look for https on every page of the site you’re on, not just where you sign in.
Always protect your passwords
Here are a few principles for creating strong passwords and keeping them safe:
The longer the password, the tougher it is to crack. Make your password long, strong and complex. That means at least 12 characters, mixed with uppercase and lowercase letters, numbers, and symbols. Avoid common words, phrases or information in your passwords.
Consider using a passphrase of random words so that your password is more memorable, but avoid using common words or phrases.
Don’t reuse passwords you’ve used on other accounts. Use different passwords for different accounts. That way, if a hacker gets your password for one account, they can’t use it to get into your other accounts. (By the same token, don’t use passwords that follow a specific formula that someone could figure out if they discovered two or more of your passwords.)
Use multi-factor authentication when it’s an option. Some accounts offer extra security by requiring something in addition to a password to log in to your account. This is called multi-factor authentication. The “something extra” you need to log in to your account fall into two categories: Something you have — like a passcode you get via an authentication app or a security key; and something you are — like a scan of your fingerprint, your retina, or your face.
Consider a password manager. Most people have trouble keeping track of all of their passwords. The longer and more complicated a password is, the stronger it is, but a longer password can also be more difficult to remember. Consider storing your passwords and security questions in a reputable password manager. To find a reputable password manager, search independent review sites, and talk to friends and family for ones that they use. Make sure to use a strong password to secure the information in your password manager.
Pick security questions only you know the answer to. If a site asks you to answer security questions, avoid providing answers that are available in public records or easily found online, like your zip code, birthplace, or your mother’s maiden name. And don’t use questions with a limited number of responses that attackers can easily guess — like the color of your first car. You can even use nonsense answers or the information of someone you know (like a great-grandparent or childhood friend) to make guessing more difficult — but if you do, make sure you can remember what you use.
Change passwords quickly if there’s a breach. If a company tells you there was a data breach where a hacker could have gotten your password, change the password you use with that company right away, and on any account that uses a similar password.
Don’t share passwords on the phone, in texts, or by email. Legitimate companies will not send you messages asking for your password. If you get such a message, it’s probably a scam.
If you write down your passwords, keep them in a secure place, out of plain sight. Even when you do write it out, consider using clues for yourself instead of spelling the password out — such as “Street where Aunt Ellen used to live” instead of “Main.”
Back up your files
No system is completely secure. Copy important files onto a removable disk or an external hard drive and store it in a safe place, or use a secure cloud storage service. This way, if your computer is compromised, you’ll still have access to your files.
