Avoid being a target online with these seven tips.
Each product has been selected and reviewed by our editorial team; however, we may receive affiliate commissions from some links to the products on this page. Prices listed are subject to change by the retailer. Promotions in this article are subject to availability, expiration and other terms as determined by partner.
vvAs technology advances, so does the opportunity for security breaches online—according to the Identity Theft Resource Center, “credential-cracking” attempts that exploit consumers’ log-in information increased by 126% in 2018. In November 2019 alone, large companies like Macy’s, T-Mobile, Facebook and Disney+ all experienced significant breaches of customer information. This is why data protection and data security should always be top of mind while using your computer or mobile devices to prevent threats to your personal data.
“There’s lots of evidence that there are adversaries out there who try to take advantage of people who aren’t as technically savvy, so there’s some reason to be concerned with potential threats,” says Andrew Reifers, PhD, senior lecturer in cyber security at the University of Washington Information School.
Since attackers typically look for easy opportunities to access your data—such as simple username and password combinations, which Reifers calls “low-hanging fruit”—it’s important to make yourself a more difficult target and ward off the threat of a data breach. Here are a few simple ways you can improve your online data protection and data security and keep your sensitive data more secure.
See if your personal data has already been compromised
Data theft doesn’t always involve identity theft, so you might not always know that your sensitive data was compromised. To find out how vulnerable you are to attack—and see if you’ve already been attacked—Reifers recommends entering your email address on HaveIBeenPwned.com, a reputable security breach-tracking website run by web security expert Troy Hunt. On top of seeing if any of your personal data has been stolen, you can also find out if any of your passwords are on the list of most common passwords.
If you learn your personal data has been breached, don’t panic: Reifers says it happens to almost everyone. Use this knowledge to change your passwords and, if possible, your email addresses on accounts that have been compromised. If you’re still concerned about online security risk and want to put additional tools for data protection in place, some companies offer identity theft protection services for a monthly fee.
Question the validity of websites asking for information
Creating websites or emails imitating companies is one of the major ways hackers gain unauthorized access to consumer information. Don’t automatically share your personal data just because a site looks reliable. Reifers says it’s always a good idea to question the validity of any website or email asking for your personal data or password information. “Don’t get caught up in aesthetics. Just because something looks pretty, doesn’t mean it’s safe,” he says.
Don’t click email links you’re not sure about
Phishing scams, where hackers attempt to collect your personal information in an email or by phone, are another common data security risk—according to the FBI’s Internet Crime Complaint Center, Americans lost $30 million to phishing in 2017.
If you get an email requesting personal information like your credit card or social security number, don’t click on anything. “The number one thing you can do is never click on a link in an email, but go back to the company website and see if there’s a notification there,” Reifers says.
While it’s never a good idea to click potentially risky email links, you can check out the validity of the sender by clicking on the email name. For example, the sender field might say “Amazon Prime,” but if the actual email address isn’t from the Amazon.com domain, it’s not authentic.
Slow down when you’re online
Sometimes, data breaches happen behind the scenes, but other times, hackers can gain unauthorized access to your information through phishing or malware, software designed to cause damage to a computer or mobile device. If you’ve ever accidentally downloaded a virus, you’ve experienced malware.
Reifers says this usually happens when people are in a rush. “Often, something looks suspicious, and you start clicking on things, and you’re walking through the path an attacker set up for you,” he says. When you’re online, do your best to slow down. Think and read everything carefully instead of mindlessly clicking or scrolling, especially if you suspect you could be at risk for data security threats.
To further prevent malware like viruses from infecting your computer or mobile devices, you may want to look into security measures such as purchasing antivirus software.
Create complex passwords to thwart security threats
For more information security, follow password best practices. Simple passwords are easier for hackers to guess with software, so instead of using a dictionary word, use a memorable passphrase. “I recommend people use phrases and then fill in spaces with special characters, alternate letters out for numbers, and mix up the cases,” Reifers says. For example, instead of “ILoveTacos,” go for a more complicated passphrase like “I#L0v3#T@c05.”
Use an encrypted password locker
Not sure you’ll remember all the complicated passwords you create? Try not to keep your passwords anywhere using simple text (like a Word document or an iPhone note). An encrypted password locker like 1Password (think of it like a secure password vault) will manage your passwords for you using one master password. “Virtually every security professional I know recommends using a password locker,” says Reifers. “The passwords are encrypted, which means it’s concealed so it can’t be viewed by attackers, even if they get a hold of the data,” he says.
Use multi-factor authentication for maximum data security
Since it’s unlikely that a hacker would have access to both your password and your mobile device, Reifers suggests using multi-factor authentication to add another layer of security to your data. It’s pretty simple: Typically, if you set up two-factor authentication for your Google or Apple data, when you enter your password, you’ll also receive a text code to enter online.
While you may not always be able to prevent a data breach, Reifers says it’s important to stay vigilant about keeping your sensitive data secure. “Unfortunately, information sometimes gets exposed, that’s just part of the world we live in,” he says. “That doesn’t mean we should stop using online services. We just need to pay attention to what we put out there.”