As if the Monday following a nice vacation isn’t enough of a bummer already, we came back from the Thanksgiving holiday to find that our website had been hacked. Fortunately, we work with a good team and make sure to backup and protect all of our work. Everything was fixed in less than 48 hours, and we’re back up and running again! What could have been a year’s worth of lost work really just turned out to be a minor inconvenience.
Security issues and scams seem to run rampant each holiday season with the increase in online shopping, spending, traveling, etc., and in light of our recent inconvenience, we thought we’d share a few security reminders & precautions we take in order to help you avoid major security breaches. A lack of planning and/or protection from these situations can result in a (potentially avoidable) disaster.
3 Steps You can Take To Protect Yourself:
- Use strong, unique passwords and change them regularly
- Use effective monitoring systems
- Use caution when sharing information
What Makes a Good Password?
This is the most important step! Password selection is critical. You might be surprised to hear how many people actually use “password” as their password. It’s also quite common for people to keep passwords written down in the “Notes” of their phone, and many just use the same password for every site.
Let’s take your email password, for example. On the surface, this may not sound like a huge security issue to you – it’s just your email, after all. But think about what your email account is linked to… social media accounts, accounts with credit card information saved, online banking accounts, etc. A quick click on the “reset password” button on any of those sites, plus access to your email account, could equal disaster.
Such a situation happened to several people who use the Starbucks app (which saves debit/credit card info). And in another story, a hacker used someone’s gmail account to request wire transactions – the victim lost $50,000.
Don’t let that be you! Follow these guidelines to help protect yourself:
- Your password should be AT LEAST eight characters long
- Have a unique password for each site you use
- Change your passwords regularly
- Do not use full words – especially your name, address, spouse, pet, etc.
- Use a combination of letters (upper and lowercase), numbers and symbols
- Depending on your email provider, you may also have an option to set up a 2-step verification process that requires additional steps to access your account (gmail uses this, for example)
Keeping up with this may sound like a burden, but fortunately, there are apps to help you manage these things! LastPass, for example, will help you generate random, unique passwords and store them for you. You must memorize one master password to access the program (make this extremely difficult!), and the rest are stored within the app for you. Some other options are Dashlane, Roboform, and 1Password.
Have Strong Monitoring Systems
To further your protection, consider using these strategies as well:
- Monitor your credit score regularly. You can use sites such as AnnualCreditReport, CreditKarma, or Quizzle
- Use a virus protection software on your devices. Run scans regularly and make sure it’s always up to date.
- Consider getting identity theft protection. You can use a company such as Lifelock, or sometimes you can get this feature as an added bonus through other programs. For example, Identity Theft Monitoring is often an added benefit you can sign up for if you are an AAA member.
Be Cautious About Sharing Information
Finally, be cautious when sharing any personal information. When sending emails, make sure they are encrypted. You can use a free service such as Virtru if you don’t already have one. Make sure you trust the people you are sharing information with, and make sure you trust their systems for securing information.
If you watch or read the newspaper, you probably hear stories about this all the time. Here are a few examples we’ve heard recently:
- Don’t text/email your PIN number, SS#, Credit Card #, etc. unless you have verified that the person on the receiving end is the intended recipient. People lose cell phones frequently – you never know who is requesting the information on the other end. Ideally, this information is communicated verbally. If that is not an option, make sure the recipient disposes of the information properly.
- Be wary of anyone that asks for social security numbers, credit card information, bank account information, says you’ve won something, etc. Ask if you can call back at a later time, speak to a manager, or complete this in person instead. If it’s a legitimate request, one of these options should be made available to you.
- At a recent hotel stay, we were warned that fraudsters have been calling hotel rooms pretending to be the front desk and asking the guests to repeat their credit card information because there was a glitch in the “check in” system. As mentioned above, be wary of anyone requesting such information.
- Keep up with recent scams at websites such as the FTC Consumer Information page.
At the end of the day, it’s just better to be safe than sorry. It may be a pain to go back and reset all of your passwords, download one more new app, store all the new passwords, etc – but those minor inconveniences likely greatly outweigh the potential worst case scenario. I certainly don’t have $50,000 to lose tomorrow – do you?
If you have any stories about being hacked, scammed, etc. – please share your story!