The dreaded data breach notification letter has just landed in your mailbox. You know — the letter from your medical provider, government, insurance agency, employer or even your car dealer — explaining your data was included in a recent data breach. The letters have become so ubiquitous that fake versions are now being sent by criminals in an effort to steal your information.
So how can you as an individual protect your data when big institutions with cyber security staff can’t even prevent breaches?
According to the U.S. Government’s Cyber Security & Infrastructure Security Agency (CSIS), there are ways you can protect your information and minimize data loss. Cyber criminals look for easy targets, specifically people who don’t take basic precautions. They are the easy marks and even the most benign information is valuable to them. That is why CSIS recommends you implement the following four measures that will go a long way in protecting your personal information.
1. Recognize and Report Phishing
Phishing occurs when criminals try to get you to open harmful links, emails or attachments that could request your personal information or infect your devices. Phishing messages usually come in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organization, to get us to respond.
The good news is you can avoid the “phish hook” and keep your accounts secure by recognizing phishing, resisting the urge to click on links or open attachments, and deleting the message without clicking on unsubscribe links. Here are the details.
RECOGNIZE
Look for these common signs of phishing:
- Urgent or emotionally appealing language, especially messages that claim dire consequences for not responding immediately
- Requests to send personal and financial information
- Untrusted shortened URLs
- Incorrect email addresses or links, like amazan.com
- Poor grammar or misspellings once were a telltale sign, however in the era of artificial intelligence (AI) some emails will now have perfect grammar and spelling, so look out for the other signs.
RESIST
If you suspect phishing, resist the temptation to click on links or attachments that seem too good to be true and may be trying to access your personal information. Instead, report the phish to protect yourself and others. Typically, you’ll find options to report near the person’s email address or username. You can also report via the “report spam” button in the toolbar or settings.
DELETE
Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. Just delete.
Remember, if a message looks suspicious, it’s probably phishing. However, if you think it could be real, don’t click on any link or call any number in the message. Look up another way to contact the company or person directly:
Go to the company’s website and capture their contact information from the verified website. Search for the site in your web browser or type the address yourself if you’re sure you know it.
Use another way to reach the person to confirm whether they contacted you. For example, if you get a strange message from your friend on Facebook, and you have their phone number, text or call them to ask if they sent the message.
2. Use Strong Passwords
Create long, random, unique passwords and use a password manager.
Simple passwords, such as 12345, or common identifying information, like birthdays and pet names, are not safe for protecting important accounts holding personal information. Using an easy-to-guess password is like locking the door but leaving the key in the lock. Weak passwords can quickly be broken by even the most novice computer hacker.
While it may not be impossible to remember a unique strong password for every account, a reputable “password manager” will help. It is one of the easiest ways to protect yourself from someone logging into your accounts and stealing sensitive information, data, money or even our identities.
3. Enable Multi-Factor Authentication
Turn on Multi-Factor Authentication for every account or app that offers it.
Multi-Factor Authentication provides you with extra security by confirming identities when logging in to your accounts, like entering a code texted to a phone or one generated by an authenticator app. It increases security and can make you significantly safer online. Even if your passwords become compromised, unauthorized users will be unable to meet the second step requirement and will not be able to access your accounts.
How to Turn on Multi-Factor Authentication for account or app:
Go to Settings. It may be called Account Settings, Settings & Privacy or similar.
Search for and turn on Multi-Factor Authentication (MFA). It may be called two-factor authentication, two-step authentication or similar.
Confirm. Select which Multi-Factor Authentication method to use from the options provided by each account or app. Examples are:
- Receiving a numeric code by text or email
- Using an authenticator app: These phone apps generate a new code every 30 seconds. Use this code to complete logging in.
- Biometrics: This uses our facial recognition or fingerprints to confirm our identities.
4. Update Software
Fix security risks by installing updates and turning on automatic updates.
Many people might select “Remind me later” when we see an update alert. However, software updates are created to fix security risks. Keeping software up to date is an easy way to stay safer online. To make updates even more convenient, turn on the automatic updates in your devices or applications security settings.
By taking these steps, you have a fighting chance of warding off cybercriminals. Vigilance is key, criminals are intent on stealing your personal and financial information. Not only are they after your life savings they want your emails, your online retail accounts and even your medical information. Don’t make it easy for them.