From shopping to banking and investing to working, much of our lives can be conducted online these days, and many consumers are taking full advantage. Yet many aren’t aware of best practices for protecting their private information. Having one’s personal data stolen is a devastating experience that can take years to correct. Some people even volunteer information online—particularly on social media—that can give the unscrupulous an inside look at their personal lives.
Fortunately, there are steps everyone can take to make their online transactions and interactions more secure. We asked experts from Forbes Technology Council to share their best tips.
1. USE HARDWARE SECURITY KEYS AND COMPLEX PASSWORDS
Add a hardware security key, such as YubiKey or Google’s Titan, to every account that supports it. Two-factor identification with SMS is very insecure and easily hacked, but it’s better than a password alone. Computers easily crack passwords less than 50 characters long: Thieves break into sites, copy the password files and crack them offline. Use password managers to generate and keep track of complex passwords. – Sandra Carrico, Glynt.AI, a business unit of WattzOn
2. DO A YEARLY CHECKUP
This is an easy, yet often overlooked, hack: Do a yearly audit of the sites you’re using. If you use a password manager like LastPass, you can export all the sites it has saved. Go through those sites and make sure that you have secure passwords (and two-factor authentication), then close out any accounts you no longer use. – Michael Zaic, Wild Sky Media
3. LIMIT WHAT YOU SHARE ON SOCIAL MEDIA
Stop sharing so much personal information online, including your location, pictures, birthdays and trips. Hackers love this stuff, and considering how sites like Facebook are now admitting that employees and vendors had access to these profiles, it is even more important to not include as much personal information on social media profiles. – Chalmers Brown, Due
4. CHECK YOUR BANK AND CREDIT PROTECTION POLICIES
There is no absolute data privacy when it comes to any online activity. If you transact any business online, you should make sure bank and credit accounts have policies to protect you in case of fraud. You do not want to self-insure if your account is hacked and being misused. Finally, never allow your browser or websites to remember your login or payment information—that is a recipe for disaster. – Wayne Lonstein, VFT Solutions, Inc.
5. HAVE A STRONG PASSWORD STRATEGY
It’s too easy to reuse passwords when setting up online accounts, which leaves you vulnerable when sites are compromised. I have found that using a password management tool like LastPass provides an additional layer of protection by allowing you to set strong, complex passwords. By relying on a password manager to fill in your information, you become less dependent on your “go to” and can create unique passwords for each account. – Nathan Nordby, Velma
6. DON’T SHARE YOUR SOCIAL SECURITY NUMBER
A surprising number of services will ask for your social security number (SSN), ranging from car rental companies to doctor’s offices. They want your SSN because it allows them to tie your data together with many other sources very reliably, but legally you are not required to provide it to anyone other than the federal government. Refuse to share it and you will keep your data safer. – Sean Byrnes, Outlier
7. USE MORE THAN ONE EMAIL ACCOUNT
To best protect your data online, you should be creating and using more than one email account. For example, you should have one email address for sensitive information like banking, and you shouldn’t give that email out to just anybody. You should have a second email account to sign up for email lists, to receive retail coupons, for online games, etc., and a third for communication with friends and family. – Thomas Griffin, OptinMonster
8. READ THE FINE PRINT AND ASK QUESTIONS
Consumers must recognize that protecting personal data is a joint responsibility between themselves and the brands they frequent. For their part, consumers should read and question the privacy policies of the websites/apps they use to clarify how and why it will be used. In turn, brands should have documented privacy policies and guidelines and have the ability to effectively address any concerns. – Michael Ringman, TELUS International
9. BE AWARE OF SCAMS
It would be so easy if there was only one thing that consumers could do to protect their data, but hackers’ tactics are constantly evolving, and the average consumer cannot evolve that fast. We see a lot of clients/consumers falling for phishing scams. Clients should just take a minute to stop and think before they react to an alarming email asking them for their data or asking them to “click here.” – Warren Finkel, ACE IT Solutions
10. SET UP MULTIFACTOR AUTHENTICATION
Perhaps the most basic thing that can be done to protect private data is to ensure that you set up multifactor authentication. Most email providers and banks will allow you to turn it on somewhere in settings. Some may then ask you to scan a QR code with an app to enable multifactor authentication. If you have the choice, I recommend Authy. – Justin Morgenthau, Triax Technologies, Inc.