The only sure thing in the world of information security is that there is no such thing as a failsafe solution. It’s crucial not only to keep abreast of the latest threats out there, but to also act as though the mission is to find your way to safety from the middle of a lawless demilitarized zone that’s lousy with enemy snipers.
Sound extreme? Remember that Cold War classic “A Few Good Men” when Colonel Jessup (played by Jack Nicholson) tells Tom Cruise’s character “You have the luxury of not knowing what I know”? It applies here. I’m not saying I have all the answers, mind you. If anything I think the opposite. But I do know that I don’t know what’s going to happen next in the land of Data Insecurity, and that gives me a better chance of staying safe.
Symantec just reported more than 500 million digital identities were stolen in 2015 while fake tech support scams increased by 200% and ransomware attacks increased exponentially as well. Hackers are getting better at their game—ensuring better results with better techniques and technology.
Want more? Dell SecureWorks annual report was recently released. The takeaway? Hackers are getting organized and entrepreneurial. Want to get access to a U.S.-based email account? It doesn’t matter if it is Yahoo, Google, or Hotmail, they’re all available for a pretty decent price: $129. (Note the market-appeal pricing!) According to the report, it costs a little more to get into a corporate account—understandably—and a little less to get into a Russian email account.
Also on the menu: access to Facebook and Twitter accounts—and for the same price as an email hack! There’s a panoply of services on offer out there—ranging from malware that aids snooping to doxxing— that opens up the possibility for all kinds of identity-related crimes.
So What Can You Do?
There is plenty you can do. The first thing is to change your life. I mean it. You have to completely change the way you approach your life as it intersects with things digital.
I’ve mapped out a way to do this in my book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves, which provides different discussions and strategies for specific situations ranging from identity-related tax fraud and medical identity theft to phishing and child identity theft.
But if you read nothing else on the topic, there are three simple things you should bear in mind, which I call the Three Ms.
- Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction. Don’t over-share on social media. Be a good steward of your passwords, safeguard any documents that can be used to hijack your identity and consider freezing your credit.
- Monitor your accounts. Check your credit report religiously, keep track of your credit score, and review major accounts daily if possible. (You can view two of your credit scores for free every month on Credit.com.) If you prefer a more laid-back approach, sign up for free transaction alerts from financial services institutions and credit card companies, or purchase a sophisticated credit and identity monitoring program.
- Manage the damage. Make sure you get on top of any incursion into your identity quickly and/or enroll in a program where professionals help you navigate and resolve identity compromises—oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions and HR departments.
Beyond the Three Ms, here are a few common-sense changes you can make to your daily digital life that will make you a moving target for identity thieves.
- Beware phishing. Never click on a link sent to you via text or email from a stranger. If you get a link from someone you know, first check if that person actually did send it, because they may not even know that they got hacked and have become a font of malware. Assume the worst!
- Be smart about passwords. Never use the same password for different accounts, and do not keep all your passwords saved behind a single password (like on your computer). Make your passwords complex, long and make sure they contain punctuation marks, numbers and other random symbols.
- Use multiple-factor authentication. You may have received a notice recently from your email provider asking for a phone number that can be used to contact you in case your account is hacked—that’s multiple-factor authentication. If you are given this option, use it. Security is sacrificed on the altar of convenience way too often, and a little extra effort can make a huge difference in vulnerability.
- Consider encryption. It’s not as hard as you may think to start using a pretty good privacy-based encrypted mail system, and the upshot is that you will be much harder to hack.
- Tighten your privacy settings on social media accounts. Never post anything that will make it easier for a fraudster to guess things about you, because that could compromise any account that’s protected by security questions.
We all occupy a digital privacy landscape that is treacherous. It’s a no man’s land where criminals not just figuratively, but in actuality, hold sway over the good orderly direction of daily life. Whether you become a statistic may be out of your hands, but there are ways to improve your odds of staying safe, and it’s very much worth your time.
Adam Levin is co-founder of CyberScout and Credit.com, where this post originally appeared.