On December 14, tech leader Yahoo issued a statement that was bound to disconcert the company’s many customers: As-yet unidentified hackers had breached Yahoo’s cyber defenses in 2013, stealing “data associated with more than one billion user accounts.”
Yahoo began taking steps to alert users about the potential threat to their personal information and to mitigate the damage, but the news is a grim reminder that today’s world of electronic communications, cloud computing, mobile devices and always-on connectedness-while offering an array of benefits-has made all of us more vulnerable to hackers and data thieves.
Yahoo is not the first to suffer this type of data breach. Over the last several years, similar attacks have targeted corporations, government agencies, health care organizations, political groups, non-profits, small businesses-the list goes on.
It may seem impossible to protect yourself from such cyber-attacks, and in reality, it’s not easy to ensure the security of your data in an interconnected world. But there are steps we can all take to at least reduce the possibility of being a target, and to minimize the harm if you are hacked.
Greater awareness of cybersecurity isn’t just for government agencies and corporations-individuals, families and small businesses also need to protect themselves. So let’s get a good start in 2017 by boosting our own cyber defenses:
Get smart about strong passwords. It may seem convenient to use simple passwords like “qwerty,” “123456” or “password” to access your accounts. But these passwords are child’s play for even an amateur hacker or data thief. Worse yet, many of today’s hackers are backed by computing technology that allows them to “code break” passwords, so “simple” too often means “vulnerable.” You need something stronger.
Consider mnemonic strategies that allow you to craft and remember longer, less hackable passwords. Lifehacker offers helpful suggestions of various approaches, including using passwords based on memorable sentences. If you really want to get serious about strong passwords, try a random password generator. Additional critical steps include:
Never use the same password twice. Note that in the Yahoo breach, hackers accessed users’ passwords. That means that if you had used the same user name and password on other online accounts, the hackers now have an open door to access more of your personal information in those accounts.
Of course, most of us don’t want to juggle multiple passwords, but there is a solution: password manager apps. These work as an encrypted storage locker for your passwords, and can help you to simplify your online life by keeping your passwords accessible in a single secure location (no more Post-it notes on the desk!). Wired Magazine offers a rundown of several password managers here.
When possible, enable two-factor authentication for your accounts. Two-factor authentication (also called two-step verification) adds an extra layer of security by requiring you to enter information in addition to your password. So, for example, you type in your password to your bank account and then receive a numerical code via text message on your phone that you enter to continue access to your account.
Here’s an example of how to set up two-step verification on a Google account-check your other accounts to see if they offer similar options. Granted, it’s an extra step to log in and does create a small inconvenience–but it does help to protect your account against interlopers.
Practice smart computer hygiene when visiting unknown sites, clicking on links, or opening unfamiliar e-mails. Even if you’re familiar with common online and email scams (like the classic Nigerian prince e-mail or overseas lottery scams), you’d be surprised how frequently people fall for these frauds-to say nothing of less easily recognizable scams.
Beware about clicking on links from unknown sources or suspicious sources; that lead you to suspicious sites; or request personal information, including account numbers or passwords. This August 2016 PC Magazine article is a timely reminder about how to keep an eye out for phishing scams and other fraud. Also, keep using reliable anti-virus software to detect threats to your data on connected devices, and be sure your software and apps on your devices are updated regularly.
Take special care when logging on to public or unsecured wireless networks. Widespread availability of wireless networks in public places like shopping centers, restaurants, coffee shops, airports and libraries may be convenient, but remember that those same networks are available to bad actors.
“To protect your information when using wireless hotspots, send information only to sites that are fully encrypted, and avoid using mobile apps that require personal or financial information,” the Federal Trade Commission warns. And when possible, consider sidestepping open networks entirely-wait till you’re someplace safe, like home or the office, before logging on.
Be vigilant about checking your online accounts for signs of fraud. “Online banking makes it easier and faster to monitor your accounts. This is important, because the sooner you can detect a problem with a transaction, the easier it should be to fix,” says the Federal Deposit Insurance Corporation (FDIC) guide to cybersecurity. Regular reviews of your accounts are essential to protect against fraudulent activity before it becomes a crisis.
The financial industry is working to address data vulnerabilities through more effective cybersecurity policy, as Project Invested reported earlier. But for many of us, the most important steps we can take are to protect ourselves – don’t just wait for Congress and regulators to act, but get proactive about your security.
To be sure, while steps like these will certainly help, they won’t necessarily protect you against every type of cyber incident. They would not have saved you from the aforementioned Yahoo breach, for instance, which targeted information on the company’s servers (although since the Yahoo hackers acquired access to passwords, you can see the wisdom of using different passwords on different sites).
Still, security starts with taking the right steps to protect yourself. The reality is that if you’re living part of your life online-and at this point virtually all of us are-you’re going to be at risk of having your data compromised. By taking a few affirmative steps today, you can at least limit the possibility of serious damage to your privacy and financial information.
Other helpful resources for individuals, families and entrepreneurs:
FDIC’s Bank Customer’s Guide to Cybersecurity
SIFMA’s Guidance for Small Firms: How Small Firms Can Protect Their Business
Small Business Administration top cybersecurity tips for business owners
Wall Street Journal’s One-Hour Cybersecurity Drill