Key takeaways
- The likelihood of a breach is increasing, but understanding your digital footprint and taking steps to prevent personal data from being hacked can help limit the damage
- Getting your digital life organized can help protect and secure your financial life. Ensure that you protect your passwords by using strong, hard-to-guess passwords, not using the same password for multiple accounts, and enabling two-factor authentication
- Hackers can exploit weaknesses and flaws they find in operating systems, enabling them to gain access to your devices. Ensure you are updating your systems
- You should always be prepared if something happens to one or more of your online accounts. Have a contingency plan in place in case a breach does occur
With new reports of hacking and data breaches in the news, your most important personal information is increasingly vulnerable. This includes your financial information, passwords, photos, and even your online identity, which can be stolen in seconds.
In the U.S. alone, Americans lose $15 billion yearly from identity theft. On a global scale, that number totaled $6 trillion in 2020. And individuals aren't the only targets in cybercriminals' sights. In 2015, an IRS hack resulted in over $50 billion in refunds stolen from 104,000 taxpayers. Many of those taxpayers spent months trying to get their refunds.
While you can’t stop hackers from trying to steal your identity, credit, or money, these safeguards can help protect your private information and keep it safer.
Take inventory of your personal and financial data
What this means
To protect your sensitive information, you should first learn what you have and where it is. Start by following these three easy steps to getting financially organized.
Why it’s important
You can’t protect your most sensitive financial and personal information if you don’t know what and where it is. If you’re the victim of identity theft or a data breach, a list of all your accounts and login information will make preventing, identifying, and recovering much easier.
What to do
- Organize your financial information. Make a list that includes every aspect of your financial life: earnings, workplace benefits, taxes, savings, borrowing/debt, investments, and all of your legal and financial paperwork, such as your estate planning.
- Regulate your digital data. Prioritize sites that hold your most sensitive information. Take note of all your login credentials for online banking and similar accounts that contain your personal data.
- Think about each item on your list. When was the last time you reviewed it to ensure it was current, accurate, and reflective of your needs and lifestyle? Review and update your financial and legal situation regularly.
- If an account offers password or account recovery protection, such as a text to your phone, enable it. Review and use services to monitor for potential account breaches using free or paid services (e.g., haveibeenpwned, Firefox Monitor, Google Password Checkup).
Protect your passwords
What this means
Simple measures can make it much less likely that your passwords are stolen, sold on the Dark Web, or used by a hacker or criminal to defraud you or steal your identity.
Why it’s important
With your email address and password, hackers can impersonate you and gain access to your accounts. Protecting your passwords can offer an extra layer of protection.
What to do
- Use two-factor authentication, which makes it more difficult for someone to impersonate you online. It usually requires a second login step beyond supplying a username and password, such as entering a code that’s been texted to your phone, the use of an authenticator app, or a security key. Many sites offer it as optional protection, and the small amount of extra time and effort to log in to a site is worth it.
- Create strong passwords and never share them. Use a different password for each site, so hackers can’t use your information to compromise multiple accounts.
- Protect your physical assets, such as credit cards and your Social Security number, and never carry your Social Security card or a list of passwords in your wallet.
- Use a password manager. Passwords are easily forgotten, but using a password manager takes the worry out of having to remember multiple login credentials. Use the built-in password manager in your browser of choice or consider using a third party password manager (for example: 1Password, LastPass, or KeePass).
Protect your credit
What this means
A lot of your most important financial information is stored by the major credit bureaus who use your financial information to calculate your credit score.
Why it’s important
Scammers often use hacked or stolen personal information to enter fraudulent accounts in your name. However, there are two simple steps you can take to protect yourself.
What to do
- Sign up to access your credit report at no charge from all three credit bureaus. By law, each bureau has to provide a credit report for free at your request once a year. Instead of checking all three simultaneously, check one credit bureau every four months and look for accounts you didn’t open.
- Place a credit freeze on your credit bureau accounts. It’s free, and it won’t affect your credit score. It blocks access to your credit reports, and you can easily lift your credit freeze when you need to apply for a loan, a credit card, or other credit. You must contact each credit bureau individually (Experian, Equifax, TransUnion) to set up a credit freeze. Don’t confuse a credit freeze with a credit lock, which offers less protection and may not be free.
Update and secure your devices
What this means
Most manufacturers update their security measures regularly, often as part of the device’s operating system.
Why it’s important
Hackers can exploit weaknesses and flaws they find in operating systems, enabling them to gain access to your devices.
What to do
- Update your operating systems and other software, such as web browsers, document editors, and PDF viewers, regularly, especially when an update contains security enhancements. To make your life easier, enable automatic updates when possible. By doing so, you will receive periodic updates without having to worry about manually updating each system individually.
- Turn off tracking in your operating system settings. Your operating system (Windows, macOS, iOS, Android) tracks a lot of activity about you.
- Take some time to learn about SIM-swapping attacks and check on your cell phone provider's ability to lock down your account in the event of an attack.
- Update your mobile settings and apps.
- Turn off location services for all apps on your phone unless you absolutely need them. Wherever possible, only allow those critical apps to use location services when you’re actively using the app.
- Update your contact information in your critical apps, so people know how to contact you if your info has been compromised.
Update privacy settings and limit information shared online
What this means
Many companies, such as Google, track your online activity for various reasons; in many cases, you may prefer they didn’t.
Why it’s important
Companies use your online activities to build surprisingly detailed profiles about you; hackers can capture and compromise your information by leading you to certain websites.
What to do
- Update your browser privacy setting. Turn on “Do Not Track” settings in your browsers. Switch from Bing or Google to search engines that offer more privacy, such as DuckDuckGo or Brave. Check your plug-ins to see what data they collect, and turn off any you don’t need. Use an adblocker, such as uBlock Origin. Don’t be lulled into a false sense of security if you use a virtual private network (VPN). A VPN can still leave you vulnerable.
- Limit what you share on social media, and avoid activities such as posting vacation photos while you’re away. That’s a sign to fraudsters that your place may be empty; they can use the info you’ve posted to figure out where you live. Be aware that the more online presence you have, the more likely you may become the target of bad actors.
- Control digital assistants. Siri, Alexa, and Google Home collect a lot of data about you even when you’re not using them. All of them offer settings that enable you to limit how much data they collect.
Avoid insecure networks, websites, and suspicious links
What this means
Public networks, such as those in coffee shops and stores, often aren’t secure, and information transmitted via those networks isn’t always protected.
Why it’s important
Hackers can “intercept” internet activity on public networks, including passwords and other sensitive information.
What to do
- Avoid public WiFi. Don’t use open, untrusted networks; never log in to sites such as your bank or brokerage accounts on public WiFi.
- Be aware of risks with emerging technology. New technologies and platforms such as cryptocurrency and NFTs may be tempting, but the underlying platforms and technology are largely unproven, untested, lack consumer protections, and are ripe for exploitation. Know that the risk is exponentially greater using these platforms and products.
- Guard against phishing. Phishing is when a hacker uses some believable pretext, such as an email that appears to come from your bank, to trick you into giving up information or allowing access to your system. Be suspicious of all emails, especially those you weren’t expecting. If you use Gmail, pay attention to any warning flags. Look for a mismatch between the sender domain and the email content. If you receive a notice from a business (such as your bank or brokerage firm), don’t click on the link in the email. Instead, visit the site and log in to your account to see if the message is legitimate. Never respond to a request to share your password or other sensitive information.
Have a contingency plan
What this means
You should always be prepared if something happens to one or more of your online accounts.
Why it’s important
An emergency plan will help you or your family gain access to accounts or recover from identity theft or a data breach.
What to do
- Set up password contingency. If something happens to you or you’re unavailable, make sure someone you trust has access to your passwords and other information to access your accounts, whether that means providing the primary password for your password manager or a printed list.
- Set limits on accounts wherever possible and practical, such as how much money can be transferred or withdrawn from an account.
- Keep a list of account numbers and alternative ways to contact institutions, such as phone numbers, so if hackers compromise an account and you’re locked out, you can still contact that institution.
- Think seriously about signing up for an identity theft or monitoring service, but understand their limitations. They can’t always protect your identity or sensitive online information from being compromised, but they can often provide a timely alert if something happens.
Final word
Getting your digital life organized can help protect and secure your financial life. The likelihood of a data breach or some other security compromise is increasing, but understanding, limiting, and protecting your digital footprint and online accounts can help mitigate the potential damage. Securing your financial health by taking steps to protect your sensitive financial information can help you avoid problems over time.