With the Equifax breach making headlines (and more information about the extent of the compromised information trickling out every day), it's natural to be thinking about how to safeguard our personal information. The potential breach joins a long line of scares that has us all scrambling to check our credit card and bank accounts.
Here's the bad news: writing down our passwords on Post-it notes, swiping our debit cards willy-nilly and even answering the phone could be putting our most crucial data at risk.
No need to get extreme and build an underground bunker, though. Experts say there are simple things you can do today to better safeguard your data right away. Read ahead for their advice.
Change your passwords
It sounds basic, but making sure passwords for your email and financial logins are complex and non-repetitive is key, experts say. This means not using your Social Security number as a password, as well as avoiding using information that is readily accessible on social media accounts as the answer to a security question. (If your Twitter bio includes your love for your hometown of Chicago, "WindyCity123" is not a good password.) "Everybody talks about this issue," says Rajesh John, principal of global management consulting firm A.T. Kearney. "But this continues to be a constant problem … people tend to repeat the same passwords and use very simple terms. This is the first basic thing [to do to protect yourself]."
One of the dangers with having less-than-secure passwords is criminals gaining access to personal information via your email, or using your email to gain access to financial accounts, says Richard W. Paul, president of registered investment advisory firm Richard Paul & Associates LLC. "They can gain access to your brokerage accounts and we've seen that happen," says Paul, who added that in his experience he has had criminals (unsuccessfully) attempt to withdraw tens of thousands of dollars from a client's account via a hacked email address.
One of the dangers with having less-than-secure passwords is criminals gaining access to personal information via your email.
Because we live so much of our lives on our phones and emails, it might be tempting to send personal information like our Social Security or bank account numbers electronically — a no-no, according to Peter J. D'Arruda, president and founding principal of financial advisory firm Capital Financial & Insurance LLC. Instead, he recommends going vintage and using an electronic fax service if you have to send around a document with sensitive info.
Don't rush things
It makes sense to act fast if the jacket you've been lusting after goes on sale. When it's not a good idea to act fast? When handing over financial information — particularly given the scams that pop up after major data breach events. Take your time when reading an email asking for your personal information. Is it riddled with spelling or grammatical errors? Then it's likely a scam. "Legitimate companies won't send emails with errors," says Jonas Sickler, director of operations at ConsumerSafety.org. Additionally, if someone from a company reaches out and wants information stat, pause before acting. "Be aware of the sense of urgency — if the message tells you to 'act immediately' or else your 'information will be at risk,' (or something similar) delete the email," he says.
Another note on emails: Think twice before opening attachments, as they are an easy way for scammers to infect your computer with viruses and malware, Sickler says. (As much of a pain as security updates on your computer can be, doing it can help to protect you from malware, Paul says.)
Ignore unknown phone calls
When it comes to phone calls, scammers can spoof their number to make it look like it's coming from a specific company, Sickler says, adding that you can only be sure that it's coming from, say, your utility provider or credit card company if you've initiated the call. If you see a number that looks suspect, press ignore and go back to playing Candy Crush instead. If you do accidentally pick up, as soon as you realize it's someone asking for information, hang up before handing over anything.
Shop on secure sites
Before entering any sensitive information on a website (like your credit card number on a store's website), take a look at the browser. If the web address starts with "https" instead of "http," then you know it's a secure site. (The "S" stands for secure.) "That ["S"] ensures that all the communication with the website is encrypted," Paul says. "Smaller sites may not give you that option, and you're a little bit higher risk than with the bigger retailers." (And avoid entering any personal information while using any public Wi-Fi — sorry, no more online shopping while sitting at Starbucks!)
Use safe payment methods
So much focus is on security when shopping online, but that doesn't mean you should let your guard down in person. D'Arruda recommends keeping only one or two cards on you at all times (to minimize the damage if your wallet is stolen, and so you know which ones they are if they're lost). If you have a choice, he recommends opting to swipe a credit card over a debit card — since the former usually have more protections for consumers. "If you're using a debit card, [a criminal] can drain your account," he says.
If you have a choice, swipe a credit card over a debit card — since the former usually have more protections for consumers.
When it comes to getting cash, stick to ATMs at banks — not ones at restaurants or gas stations. "If you're about to stick your card in and it jiggles, it could be a skimmer [and your card information could be compromised]," D'Arruda says.
Meanwhile, Paul says to take care when using checks — particularly if you're mailing them. "Always drop them off at the post office," he says. Because they have your bank account number and your routing number on them, criminals can gain access to your money via this "old school" fraud method if an envelope is just hanging out in your mailbox.
Monitor your credit
Given that so much sensitive information has been compromised recently, monitoring your credit regularly is a must. At a basic level, you should know what your credit score is — and be aware if there is a drastic change, according to John. "A lot of banks are offering that as a free activity and service, so people have the ability of doing at least that level of analysis," he says.
You can also get a free credit report from each major credit agency (Experian, Equifax, TransUnion and Innovis) once per year. "They talk to each other, so don't get them all at once," D'Arruda says. "Spread them out throughout the year … that way you can get one every few months." Go to a reputable site like Credit Karma or AnnualCreditReport to do so.
If you're not confident that you'll keep tabs on it yourself, you can also sign up for a credit monitoring agency like LifeLock. Those types of companies will alert you anytime there is suspicious credit activity under your name.
Finally, if you're feeling particularly jittery you can take the more serious move of freezing your credit. You can do that yourself by contacting the major credit agencies — this means no one will be able to get credit in your name while the freeze is intact, D'Arruda says. (Some states allow the agencies to charge a small fee to do this.) But that also means you'll have to remove the freeze if you want to apply for an auto loan or get a new credit card.
The bottom line: Staying vigilant is the best way to make sure that your details remain under lock and key.
"We're seeing things roll out and we don't know all the happenings with Equifax yet," John says. "It's still early, and [information] about the timeline of the breach and the timeline of the information [breached] could change … My view is that people should be proactive and engage the services [that are] available to monitor their online and financial activity." By keeping your eyes peeled, you're one step closer to making sure your information is safe.
Want to get a BETTER hold on your finances? Try these simple tricks:
- The 2-Minute Rule I Use to Effortlessly Manage My Money
- How to Create an Emergency Fund in Just 90 Days
- Why Scheduling a 'Money Date' Can Turn Your Finances Around