Looking to protect your data? We've compiled 101 data protection and data privacy tips to to keep your data safe.
Keeping your passwords, financial, and other personal information safe and protected from outside intruders has long been a priority of businesses, but it's increasingly critical for consumers and individuals to heed data protection advice and use sound practices to keep your sensitive personal information safe and secure. There's an abundance of information out there for consumers, families, and individuals on protecting passwords, adequately protecting desktop computers, laptops, and mobile devices from hackers, malware, and other threats, and best practices for using the Internet safely. But there's so much information, from using a virtual private network (VPN) to using unique and strong passwords or an antivirus software, it's easy to get confused, particularly if you're not tech-savvy. We've compiled a list of 101 simple, straightforward best practices and tips for keeping your family's personal information private and protecting your devices from threats.
Table of Contents:
- Securing Your Devices and Networks
- Data Protection Tips for Mobile Devices
- Protecting Data While Working Remotely and Working from Home
- Protecting Your Identity
- Protecting Your Credit
- Protecting Your Data on Social Media
- Protecting Your Online Privacy
- Data Protection Following a Data Breach
Securing Your Devices and Networks
1. Encrypt your data
Data encryption isn't just for technology geeks; modern tools make it possible for anyone to encrypt emails and other information. "Encryption used to be the sole province of geeks and mathematicians, but a lot has changed in recent years. In particular, various publicly available tools have taken the rocket science out of encrypting (and decrypting) email and files. GPG for Mail, for example, is an open source plug-in for the Apple Mail program that makes it easy to encrypt, decrypt, sign and verify emails using the OpenPGP standard. And for protecting files, newer versions of Apple's OS X operating system come with FileVault, a program that encrypts the hard drive of a computer," explains John Naughton in an article for The Guardian. Looking to protect data on a laptop against theft, for compliance, or on a USB thumb drive? UC Irvine's Information Security department has tips how. X: @UCI_OIT
2. Backup your data
One of the most basic, yet often overlooked, data protection tips is backing up your data. Basically, this creates a duplicate copy of your data so that if a device is lost, stolen, or compromised, you don't also lose your important information. According to iland, now 11:11 Systems, only 54% of organizations in 2021 had a documented, company-wide disaster recovery plan. That's troubling, especially when unplanned downtime can cost some of the the world’s largest companies $400 billion a year, or roughly 9% of their profits, according to Splunk. X: @splunk
3. Make your old computers' hard drives unreadable
Much information can be gleaned through old computing devices, but you can protect your personal data by making hard drives unreadable before disposing of them. "Don't think that reformatting your disk will wipe it. That only resets the indexes. Most of your data will remain. Likewise, don't imagine that reinstalling your operating system will do any better. That will only overwrite the start of your disk, leaving most of your data untouched," according to iFixit. "Physical destruction is the quickest, surest and most satisfying method." X: @ifixit
4. Secure your wireless network at your home or business
A valuable tip for both small business owners and individuals or families, it's always recommended to secure your wireless network with a password. This prevents unauthorized individuals within proximity to hijack your wireless network. Even if they're merely attempting to get free Wi-Fi access, you don't want to inadvertently share private information with other people who are using your network without permission. "If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router," says FCC.gov in an article offering data protection tips for small businesses. X: @FCC
5. Use a firewall
"Firewalls assist in blocking dangerous programs, viruses or spyware before they infiltrate your system. Various software companies offer firewall protection, but hardware-based firewalls, like those frequently built into network routers, provide a better level of security," says Geek Squad. X: @GeekSquad
6. Encrypt data on your USB drives and SIM cards
Encrypting your data on your removable storage devices can make it more difficult (albeit not impossible) for criminals to interpret your personal data should your device become lost or stolen. USB drives and SIM cards are excellent examples of removable storage devices that can simply be plugged into another device, enabling the user to access all the data stored on it. Unless, of course, it's encrypted. "Your USB drive could easily be stolen and put into another computer, where they can steal all of your files and even install malware or viruses onto your flash drive that will infect any computer it is plugged in to. Encrypt your SIM card in case your phone is ever stolen, or take it out if you are selling your old cell phone," according to Jay Leonard in an article on Business2Community. X: @B2community
7. Disable file and media sharing if you don't need it
If you have a home wireless network with multiple devices connected, you might find it convenient to share files between machines. However, there's no reason to make files publicly available if it's not necessary. "To turn off file sharing, you'll just need to make a quick change in Network and Sharing Center (Windows 10) or Settings (Windows 11). It's just as easy to turn off internet connection sharing, as well as disabling your mobile hotspot if you're sharing your connection over Wi-Fi," says WikiHow. X: @wikihow
8. Create encrypted volumes for portable, private data files
HowToGeek offers a series of articles with tips, tricks, and tools for encrypting files or sets of files using various programs and tools. This article covers a method for creating an encrypted volume to easily transport private, sensitive data for access on multiple computers. X: @howtogeeksite
9. Overwrite deleted files
Deleting your information on a computing device rarely means it's truly deleted permanently. Often, this data still exists on disk and can be recovered by someone who knows what they're doing (such as, say, a savvy criminal determined to find your personal information). The only way to really ensure that your old data is gone forever is to overwrite it. Luckily, there are tools to streamline this process. Here, Microsoft looks a tool, Cipher, and process for overwriting old data on older Windows operating systems. X: @pcworld
10. Don't forget to delete old files from cloud backups
If you're diligent about backing up your data and use a secure cloud storage service to do so, you're headed in the right direction. That said, cloud backups, and any data backups really, create an added step when it comes to deleting old information. Don't forget to delete files from your backup services in addition to those you remove (or overwrite) on your local devices. This Intego blog digs into how to clean out old iCloud and Finder backups for added efficiency. X: @Integosecurity
Data Protection Tips for Mobile Devices
11. Consciously check and configure app privacy settings
Most apps offer privacy settings for users, enabling you to determine how much and what types of information are shared or stored. Always choose the least amount of data-sharing possible. Casey Chin from Wired explains, "You probably spend a lot of your day inside apps: catching up on the news, playing music and movies, keeping in touch with friends, racing cartoon characters around a track, and so on. Every once in a while though, it's worth running an audit on these apps to make sure they're not overreaching and going beyond their remit—collecting more data about you and controlling more of your devices than you'd like." X: @WIRED
12. Enable remote location and device-wiping
"If your gadget is lost or stolen, tracking apps can tell you exactly where your phone is. These apps also let you wipe sensitive information remotely. If your phone does end up landing in the wrong hands, you can at least make sure they don't get your information," says Kim Komando. X: @kimkomando
13. Take care of privacy settings immediately upon setup
When configuring a new device or operating system, configuring privacy settings should be the first order of business. This ensures that you're not inadvertently sharing sensitive information as you set up your standard apps and services. "The best way to launch your cybersecurity journey is to fire up your device’s security and privacy settings," writes the National Cybersecurity Alliance, "Every computer, laptop, tablet, and phone have security settings the user can change. Remember, software and hardware manufacturers might have default settings that may not be at the level of security you want. Review your security settings on a regular basis and audit what apps are using your data." X: @staysafeonline
14. Double check your phone permissions
"Sometimes, especially when you’re in a hurry, it’s easy to accidentally give permission for an app to access data it doesn’t really require. Does your note-taking app really need to see your contact list, for example? ... It’s well worth your while to do a regular audit of these permissions just in case you’ve previously allowed a permission you now want to revoke or vice versa. It’s not difficult to change your settings, and it gives you an extra layer of privacy and security." The Verge has tips on how to double check your iPhone permissions and your Android permissions. X: @verge
15. Lock your smartphone and tablet devices
Practically everyone has a smartphone, tablet, or both these days. All it takes is a single mishap where your device slips out of your pocket or briefcase at a restaurant or on public transportation, and your data could wind up in the hands of someone who will use it maliciously. You can take steps to protect your data in the event of a lost or stolen device, however, beginning with locking your device. When your device is locked, a thief must crack your password before gaining access to your apps or personal information, adding a layer of protection. Unfortunately, some people don’t lock their devices, according to Monica Anderson, Colleen McClain, Michelle Faverio, and Eugenie Park of Pew Research, "Among smartphone owners, 16% say they never use a security feature to unlock their phone, such as a passcode, fingerprint or face recognition." X: @pewresearch
16. Disable automatic uploading
Some devices automatically backup your data to the cloud, and some apps used on smartphones or tablets store information in remote servers. Yes, having a backup of your data is a good thing, but the backup should be accessible only by you or someone you authorize. You can prevent your devices from sharing your personal photos and other information with the cloud for the world to see by disabling automatic backup settings on your device and on individual apps. In an article on BBC, Colin Barras explains, "As cloud services grow it’s becoming common for devices like smartphones to upload user data to remote servers by default. If you’re at all worried about some of your photos falling into the hands of malicious parties it’s probably not a bad idea to check your phone settings to see what data is being automatically backed up to the cloud, and disable automatic uploading." X: @BBC_Future
17. Disable Bluetooth when you're not using it
Bluetooth technology has offered incredible conveniences to the mobile world, but it also opens the door for vulnerabilities. Most threats exploiting Bluetooth connectivity are dependent on the active Bluetooth connection, and while they aren't typically devastating or dangerous, they're certainly inconvenient and can be serious. "While Bluetooth is beneficial for many applications, be careful how you use it. My advice: Turn off Bluetooth when you’re not using it. Keeping it active all the time makes your device more discoverable. As a bonus, keeping Bluetooth off will increase your device’s battery life," advises Kim Komando. X: @kimkomando
18. Get anti-virus or anti-malware protection for your mobile devices
Anti-malware protection software is a given for most computer users, but many consumers still overlook the importance of protecting mobile devices from the growing number of malware programs impacting all types of mobile devices. Just a few years ago, however, built in security options for mobile devices offered mediocre protection against threats, at best. "Google Play Protect, the antivirus built into Android, aims to protect your devices from malware. As far as the independent testing labs have found, it does a terrible job," reports PCMag. X: @pcmag
19. Check your push notification settings on mobile devices
Push notifications are notices posted to your device homescreen so that you don't miss important information or updates. "Push notifications can be an incredibly useful feature. They help inform you about updates and offers, and provide critical information almost instantly. However, dealing with a lot of pop-up messages across all of your devices can be overwhelming. Fortunately, you can customize and curate which push notifications you see on your devices and browsers," writes Kinsta. X: @Kinsta
20. Enable Face ID if you use an Apple device
"Apple introduced Face ID in 2017 as a way to unlock the new iPhone X with facial recognition instead of the older Touch ID method. Since then, Apple has expanded the feature to each new iPhone and the iPad Pro. Beyond using Face ID to unlock your device, you can use it to sign into apps and websites, temporarily disable it, and more," PC Mag writes. X: @pcmag
21. Set up content filters
If you have children who use mobile devices, check into security options such as content filters that can be activated either through your wireless provider or on the physical device. These filters restrict access to certain types of content, ensuring that your children cannot inadvertently go to websites or download apps that contain either inappropriate or malicious content. Verizon Wireless, for instance, offers a number of content filters and security options for families through its Smart Family service and a partnership with Mobicip, a leader in content filtering technology. X: @VerizonWireless
22. Set your device to automatically lock after a period of inactivity
Most smartphones and tablets enable you to set a specified time frame, after which the device automatically locks if it's been inactive. This means if you lose your smartphone but it wasn't locked, it will lock on its own, ideally before a thief obtains it and attempts to access your personal information. Cornell University has a list of requirements that students need to follow to secure their devices; while the instructions are technically for students, they could help anyone looking to further lock down their devices. Curious? Read Cornell University's IT Department's breakdown of tips on how to lock your computer screen automatically. X: @Cornell_IT
23. Prevent your smartphone from being stolen
While remote wiping and location-tracking solutions are great for finding your device and protecting your data if it's been stolen, the ideal solution is to avoid having your smartphone or other device stolen in the first place. "One of your best 'grab-prevention' options is a wireless proximity alarm system. These handy app/device combos let you know when your phone gets more than the pre-set distance limit from the proximity device (which is usually small enough to fit on a key ring)," ComputerWorld recommends. X: @computerworld
24. Use an on-device, personal firewall
Firewalls aren't just for servers and browsers; you can get a personal firewall for your mobile device, too. The University of California's Tech News site suggests installing "an on-device personal firewall to protect mobile device interfaces from direct attack." X: @uctechnews
25. Be mindful of eavesdroppers when shopping via your mobile device in public
If you have time to kill on your morning commute, you might browse the virtual shopping aisles, but be mindful of who is sitting beside you or behind you. Criminals can easily peep over your shoulder and watch as you enter passwords, credit card details, and other information. "A long commute on a bus or a train is the perfect time to get some holiday shopping done, but beware of that stranger sitting next to you. Your neighbors might try and read your screen and steal your credit card number or other information. Investing in a privacy screen or filter can significantly reduce the risk of peeping thieves. "Privacy screen protectors work as dark shields that you can use on your phones or tablets to keep other people from seeing what is on your screen. To fully see what is on a smart device with a screen protector, you have to be holding it directly in front of you, making those looking at it from an angle completely blind to the screen," says Cyber Guy. X: @CyberGuy
Protecting Data While Working Remotely and Working from Home
26. Consider using a VPN
A VPN can help keep your data and personal information secure, especially for those working on less secure networks. "Just like with ISPs, VPNs encrypt the internet traffic that passes through the router. Even those with network-level access can’t see what you’re doing online. VPNs also let you bypass your router’s firewall, allowing access to websites that your router has blocked. However, VPNs use certain transport protocols and ports when transmitting data. Network administrators can monitor these ports to check if anyone within the network is using a VPN," reads security.org X: @securitydotorg
27. Maintain physical control over your devices
Theft of devices such as laptops and smartphones is prevalent in some public locations. “When traveling, keep your device with you. Meal times are optimum times for thieves to check hotel rooms for unattended laptops. If you are attending a conference or trade show, be especially wary—these venues offer thieves a wider selection of devices that are likely to contain sensitive information, and the conference sessions offer more opportunities for thieves to access guest rooms,” explains CISA. X: @CISAGov
28. Use a personal hotspot
A personal hotspot can be set up with most major wireless carriers and provides a more private alternative compared to public Wi-Fi. Critical Insight explains, “Although your web traffic will be unencrypted between the hotspot and its destination, using a hot spot does eliminate the problem of getting hacked by people on the same public Wi-Fi. With most major carriers, you can pay a nominal fee for the capability to set up a private Wi-Fi network with your cell phone. Of course, it will count against your data, but the cost is minimal relative to the potential downside of a significant hack to your company’s systems or computer.” X: @detectrespond
29. Maintain clear separation between personal and work devices
Employees that have dedicated devices for work should use those devices only for work purposes. “The temptation to use personal devices for work purposes (and vice versa) can be much higher for employees that work from home, and that’s why education is key. Many companies routinely install updates, complete antivirus scans, or block websites on verified work devices, but these safeguards won’t make it to personal laptops and phones. Stay proactive about following all the cybersecurity guidelines your company has in place, including keeping your work devices separate from your personal life. In the event that you do need to use a personal device for work, contact your company security team to ensure you have as many safeguards set up as possible,” FormAssembly recommends. X: @FormAssembly
30. Implement a cyber security policy
It’s crucial for companies to not only implement a cybersecurity policy for remote workers but also ensure that employees are aware of their role in keeping company data secure. “The policy document should cover the reasoning behind having a policy in the first place, as well as details outlining all of the various security protocols employees are expected to comply with, how the company will support them in complying (i.e., which tools and resources they will provide), and a place for the employee to sign their commitment to following the policy,” explains Laura Spawn, CEO and co-founder of Virtual Vocations, in an article published by Reworked X: @getreworked
31. Use encryption
Scale Technology suggests encrypting emails, as they are often a target of cyberattacks. “Through encryption, content is disguised, so any sensitive information that comes up in a conversation will be seen only by the designated recipient. Password management can also be encrypted. By using a system to encrypt password management, sharing passwords can be made simple among team members. Individual passwords get shared without anyone seeing the actual password. This is especially helpful if a team member leaves the business for any reason.”
32. Implement access control
Remote employees should have access only to the systems and data that they need to perform their job duties. Nira explains, “Implementing limited remote access to confidential and sensitive data on a need-to-know basis can help reduce security risks and prevent a severe security breach from occurring when working remotely.”
33. Use a mobile device management platform
IBM suggests organizations roll out mobile device management technology, something that can help grant workers when it comes to mobile productivity while keeping corporate data secure. “With a mature MDM platform, IT and security departments can manage all of a company’s devices, regardless of their operating system. An effective MDM platform helps keep all devices secure while keeping the workforce flexible and productive. ” X: @IBM
34. Follow security best practices when using video conferencing applications
Videoconferencing is now a staple of the modern workplace, but if security practices aren’t followed, sensitive data may be at risk. JD Supra explains, “With the number of meetings being conducted virtually, it is important to secure video conferencing applications, including by checking meeting links, requiring a password to enter each meeting, using virtual waiting rooms, locking rooms once a meeting has started, ensuring that screen sharing/recording and file sharing are controlled solely by the meeting organizer, and consistently reviewing attendee information during a meeting to ensure that only those invited are participating.” X: @JDSupra
35. Ensure that remote workers are educated about phishing
Remote workers are often a target of phishing attempts. According to an article published by Business News Daily, “Many scammers send phishing emails with the intent to steal sensitive information from the recipient or the company. Especially in complicated times – like the novel coronavirus pandemic – phishers are hoping to take advantage of trusting victims. They’ll often pretend they’re someone within the company, like the CEO or a manager, to establish false trust. Remote workers are easy targets because they’re not in the office and, therefore, hackers are hoping they won’t check to see if the email is legitimate.” X: @BNDarticles
36. Consider using hardware security keys
SSO solutions are increasingly popular to centralize the access control of various systems, but they can pose additional risks. Time Doctor explains, “But that’s not a reason to avoid using an SSO solution. It’s a reason to eliminate passwords as a weak point to be exploited by attackers. And it’s quite a weak point." According to the 2024 Verizon Data Breach Investigations Report, nearly 38 percent of analyzed breaches used compromised credentials—more than double the breaches that used phishing and exploitation report. "The good news," Time Doctor explains, "is that there’s a solution to the problem: hardware security keys. These are physical devices that contain complex, encrypted passwords to access digital systems. By giving them to employees and making them the default method of authentication with an SSO solution, two-factor authentication, the odds of a data breach go down dramatically.” X: @ManageYourTime
Protecting Your Identity
37. Decide what you define as Personally Identifiable Information (PII)
At one point, ComputerWorld asked six privacy experts for their recommendations around protecting data in the modern digital age. "'The traditional definition of personally identifying information (PII) -- health records, credit card numbers, social security number, etc. -- is so 20th century. The big data age of the Internet is upon us, and even data not previously considered to be PII can feel very personal when viewed in a broader context. 'Bits of data, when combined, tell a lot about you,' says Alex Fowler, chief privacy officer at Mozilla. Those aggregated bits, which constitute the new PII, may include such information as your email address, browsing history and search history. 'The definition of PII -- information that a person has a legitimate interest in understanding and protecting -- is going to be broadened as we move further into the information society,' said Fowler. 'It's a different footprint than what your parents ever thought about. Think about what you consider personal information,' Fowler adds. 'You need a working definition.'" X: @Computerworld
38. Use secure passwords
Passwords are easily cracked by hackers, particularly if you don't use sound password-creation practices. The best passwords contain uppercase and lowercase letters, numbers, and special characters. You should also avoid using easily guessed words or alphanumeric combinations, such as the names of children or pets, birth dates, addresses, and similar information that can be easily guessed by someone looking at your Facebook profile or through a Google search. "The shorter and less complex your password is, the quicker it is for cybercriminals to come up with the correct combination of characters in your password." suggests the CSA Alliance. X: @CSAsingapore
39. Don't use Social Security numbers, phone numbers, addresses, or other personally identifiable information as passwords
Don't use numbers or combinations associated with other personally identifiable information as all or even part of your passwords. "Don't use any part of your social security number (or any other sensitive info, like a credit card number) as a password, user ID or personal identification number (PIN). If someone gains access to this information, it will be among the first things they use to try to get into your account," Bank of America advises. X: @BofA_News
40. Be overly cautious when sharing personal information
This tip applies to both the online and offline worlds: Who is asking for your personal information, such as your Social Security number or credit card information? Why do they need it? How will they use it? What security measures do they have in place to ensure that your private information remains private? According to the Department of Justice, “Sharing personal information with others you do not know personally is one of your biggest risks online. Sharing sensitive information such as your address, phone number, family members’ names, car information, passwords, work history, credit status, social security numbers, birth date, school names, passport information, driver’s license numbers, insurance policy numbers, loan numbers, credit/ debit card numbers, PIN numbers, and bank account information is risky and should be avoided. Consider removing your name from websites that share your personal information obtained from public records (including your phone number, address, social media avatars, and pictures) with anyone on the internet.” X: @NDGAnews
41. Watch out for impersonators
Related to the previous tip, there are many impostors who attempt to trick unsuspecting consumers into giving out their sensitive personal information by pretending to be the individual's bank, credit card company, or other entity. This can happen by phone or online, via phishing emails or websites designed to mimic the authentic company's look and feel. "Make sure you know who is getting your personal or financial information. Don’t give out personal information on the phone, through the mail or over the Internet unless you’ve initiated the contact or know who you’re dealing with. If a company that claims to have an account with you sends email asking for personal information, don’t click on links in the email," advises the First Federal Bank.
42. Share passwords carefully
This is a data protection tip that's been emphasized by many security experts, yet there are still many people who fail to follow this advice. The truth is, it's impractical in the modern environment. Families need to share passwords to bank accounts, credit cards, and other online services with spouses, and many share a single login to services like Netflix. In the workplace, there are abundant reasons why co-workers may need to share login credentials. You shouldn't give out passwords without concern; rather, determine when another person legitimately requires access to your personal information or account and grant access on a case-by-case basis. If another person needs access for a single, isolated purpose, change your password when the task is completed and they no longer require access. Another option, suggested in an article on PCMag, is to use a password manager that can share single login credentials with other people without them actually being able to view or interpret the login information. X: @PCMag
43. Don't use the same password for more than one account or service
A password manager seems like an even better idea when you consider the fact that you should never use the same password for more than one account or service. Think about it: If a hacker cracks your password on one website, they suddenly have cracked your password for a dozen more. But remembering the slew of passwords the average person would need to recall to access the many accounts and services most people have these days is no simple feat, unless you have a photographic memory. In lieu of a password manager, you could follow Nuxnik’s Lab’s advice and create your own password algorithm that makes it simple to remember all your passwords without ever using the same one twice.
44. Watch out for theft of your government-issued identification numbers
Thieves don't always go after credit and debit cards; sometimes, they steal important government-issued identification numbers, such as driver's license numbers or Social Security numbers in attempt to assume another individual's identity. "If you are notified of a breach involving your driver's license or another government document, contact the agency that issued the document and find out what it recommends in such situations. You might be instructed to cancel the document and obtain a replacement. Or the agency might instead 'flag' your file to prevent an imposter from getting a license in your name," suggests PrivacyRights.org. X: @PrivacyToday
45. Don't write your passwords down
It's tempting to keep a written list of passwords, or even a single password written down in a notebook or, worse yet, a sticky note. But this is a bad idea, as it makes it extraordinarily easy for someone else to steal your login information and access your accounts without your permission. "Writing your password on a 'sticky-note' and sticking it on your monitor makes it very easy for people who regularly steal passwords to obtain yours. Hiding it under your keyboard or mouse pad is not much better, as these are common hiding places for passwords. However if you must write something down, jot down a hint or clue that will help jog your memory or store the written password in a secure, locked place," says Switch Technologies.
46. Organize your passwords in logical groupings
By using a different system for creating passwords for different types of websites, such as social networking websites, financial institutions, and other membership sites, you ensure that should a hacker crack one of your algorithms, they won't immediately be able to crack all of your accounts' passwords. "First up, group your passwords by function — social media, financial information, work — and use a different approach for creating passwords within each group. That way, if a hacker figures out your Facebook password, he won’t be just clicks away from your bank account," explains an article on Boston Globe. X: @BostonGlobe
47. Avoid faxing sensitive information unless absolutely necessary
Faxing can be a convenient way to send information quickly, but it's not possible to ensure that the intended recipient is the person who receives the document on the other end, or that the information isn't visible to someone else in the process of transporting it to another department or individual. "Personal information should not be sent by fax unless it is necessary to transmit the information quickly. It is important that sufficient precautions are taken to ensure that it is received only by its intended recipient," says BCMJ.org. X: @BCMedicalJrnl
48. Shred old documents and statements
Most consumers receive an abundance of mail largely considered junk mail. Credit card statements, bank account statements, notifications regarding other accounts, credit card offers, and more plague the mailboxes of consumers across the U.S. While online access to accounts has made printed statements practically unnecessary, many consumers simply toss these items out when they're received. But doing so without first shredding them could put your personal information in the hands of thieves. "Each day, the U.S. Postal Services delivers more than 187 million pieces of mail, and much of that correspondence contains sensitive personal information. A lot of it may seem like junk mail, but it could be a useful tool for identity thieves. Even a partial account number, coupled with the name of your bank, or other information can be matched with any other info that’s been gleaned to open accounts in your name. That’s why it’s important to shred mail or other documents containing potentially sensitive information.," explains Certified Financial Group Inc. X: @certifiedfingrp
49. Get rid of old data you no longer need
Keeping your computer and mobile devices clean is a good practice to ensure usability, but it's also wise to eliminate old data you no longer need. Why give potential criminals more info than absolutely necessary? "As long as the hardware still exists, the sensitive data on it is at risk for misuse. Failing to include old computer hard drives, retired servers, unused flash drives, external hard drives, and outdated mobile devices in your information security strategies increases the risk of a security breach, which could lead to major financial, reputation, and compliance ramifications," explains Shred-It. X: @shredit
50. Properly dispose of electronics
It's true that nothing is ever really deleted permanently from a computing device; hackers and technologically savvy criminals (and, of course, the FBI) are often able to recover information from hard drives if they haven't been properly disposed of. "There are a variety of methods for permanently erasing data from your devices (also called sanitizing). Because methods of sanitization vary according to device, it is important to use the method that applies to that particular device. Before sanitizing a device, consider backing up your data. Saving your data to another device or a second location (e.g., an external hard drive or the cloud) can help you recover your data if you accidentally erase information you had not intended to or if your device is stolen (this can also help you identify exactly what information a thief may have been able to access). Options for digital storage include cloud data services, CDs, DVDs, and removable flash drives or removable hard drives (see Using Caution with USB Drives for more information)," the Cybersecurity & Infrastructure Security Agency says. X: @CISAgov
Protecting Your Credit
51. Sign when using debit cards, don't enter your PIN
When possible, ask cashiers to process your debit card as a credit card transaction. Not all retail stores allow this (it results in a small processing fee to be paid by the retailer), but most do. It's often simpler just to enter your PIN, but it also makes it easier for thieves to steal all the information they need to make unauthorized purchases using your card. "Not entering you PIN into a keypad will help reduce the chances of a hacker stealing that number too," says Craig Young, security researcher for software maker Tripwire. "Crooks can do more damage with your PIN, possibly printing a copy of the card and taking money out of an ATM, he says. During Target's breach last year, the discount retailer said hackers gained access to customers' PINs. Home Depot, however, said there was no indication that PINs were compromised in the breach at its stores," explains Joseph Pasani in an Associated Press article appearing on USA Today. X: @USATODAY
52. Sign up for email alerts for transactions
If your bank or credit card company offers this service, sign up to receive an email alert when your card has been used for a transaction. This makes it easy to pinpoint charges you didn't make, and allows you to take rapid action to cancel cards. "When you receive a potential fraud alert, you’ll be asked to confirm whether you’ve made the purchase in question — and if you haven’t, your card issuer will work with you to report the fraud and reverse the transaction." says Bankrate. X: @Bankrate
53. Review your statements regularly
"It's easy to overlook what's happening with your bank account on a day-to-day basis, particularly if you're confident there's enough money to cover your expenses. Why check your bank account every day if you think everything's going smoothly, right? The unexpected can happen, though. Regularly checking your bank account can help you stay on top of your spending, verify deposits and withdrawals, look for fraud and boost your savings... Looking every day at your bank balance gives you a chance to verify whether deposits and withdrawals are being made properly." advises Experian. X: @Experian_US
54. Keep an eye out for small transactions
Fraudsters don't always make major purchases with stolen cards. "A consumer recently complained to the Wisconsin Department of Agriculture, Trade and Consumer Protection (DATCP) about an unexpected charge of nearly $13 on his credit card from an unfamiliar company. This fraudulent charge included a foreign transaction fee of $0.37. This situation is similar to another recent scam where consumers worldwide found unauthorized charges of $9.84 on their monthly credit card statements," according to Fox 6. "Consumers should closely review their monthly credit card statements. If you find an unauthorized charge on your statement, immediately contact your financial provider (using the number on the back of the credit card) to report the fraud and to request a new card." X: @fox6now
55. Be wary of offers of help following a data breach
It's an unfortunate reality that a data breach impacting a major corporation and, therefore, hundreds of thousands of its customers, spells opportunity for thieves. "Be alert to suspicious messages, which may be sent some time after the breach is made public. Remember, your bank (or any other official organization) will never ask you to supply personal information," suggests NCSC.gov.uk, Things to look out for include: official-sounding messages about 'resetting passwords', 'receiving compensation', 'scanning devices' or 'missed deliveries', emails full of 'tech speak', designed to sound more convincing, being urged to act immediately or within a limited timeframe. X: @ncsc
56. Get a one-call fraud alert
Calling one of the three major credit bureaus (Experian, Equifax, and TransUnion) and asking for a one-call fraud alert is a great way to stay on top of suspicious activity. "You only need to call one of the three credit bureaus. The one you contact is required to contact the other two. This one-call fraud alert will remain in your credit file for at least 90 days. The fraud alert requires creditors to contact you before opening any new accounts or increasing credit limits on your existing accounts. When you place a fraud alert on your credit report, you are entitled to one free credit report from each of the three credit bureaus upon request," suggests Office of Minnesota Attorney General Lori Swanson.
57. Shop on familiar websites
There are hundreds of thousands of online retailers, known as e-commerce vendors, some more credible than others. Always opt to shop with a well-known retailer you're familiar with, rather than smaller, unfamiliar sites that could merely be a facade for credit card theft. "It’s best to shop directly with online retailers you know and trust. Bookmark your favorite shopping sites to get there quickly and safely. Avoid typing the name of the retailer into your browser bar. That’s because a tiny typo could land you on a fake site that looks just like the real one. Make a “purchase” on an illegitimate site and you may unwittingly hand the scammers your credit card number and other personal info.," according to LifeLock. Additionally, major online retailers are more likely to offer fraud protection options and the ability to return damaged or defective merchandise. X: @LifeLock
58. Get a free credit report
The FTC recommends getting a copy of your credit report annually. "Mistakes on your credit report might be a sign of identity theft. Once identity thieves steal your personal information — information like, your name, date of birth, address, credit card or bank account, Social Security, or medical insurance account numbers — they can drain your bank account, run up charges on your credit cards, get new credit cards in your name, open a phone, cable, or other utility account in your name, steal your tax refund, use your health insurance to get medical care, or pretend to be you if they are arrested." This allows you to pinpoint suspicious activity and identify accounts that you haven't opened. X: @FTC
59. Be careful shopping online
Because shopping online is one of the easiest ways to get your credit card number stolen, some experts suggest paying not with a credit card but instead with a "third-party digital wallet," NerdWallet says, "such as Apple Pay and Google Pay," "[They] can offer added protection because they don’t provide your credit card information to the merchant. Instead, they serve up a one-time virtual account number for each purchase, a process called "tokenization." Apple even goes as far as not storing your account number on your device or on Apple servers, according to its website." X: @Nerdwallet
Protecting Your Data on Social Networking
60. Don't share too much information on social networking platforms
Social networking has become a way of life for many individuals, but sharing too much personal information on your social media profiles can be dangerous. For instance, many hackers have successfully guessed passwords through trial-and-error methods, using combinations of common information (such as children's names, addresses, and other details) easily found on users' social media profiles. "Do not post information that would make you vulnerable, such as your address or information about your schedule or routine. If your connections post information about you, make sure the combined information is not more than you would be comfortable with strangers knowing. Also be considerate when posting information, including photos, about your connections," advises the United States Computer Emergency Readiness Team (US-CERT). X: @CISAgov
61. Customize your social networking privacy settings
"All social media accounts start out with the default privacy settings when you open your account. Before your very first post (tweet, etc.), you should adjust the level of privacy to match your preferences. To do this, log in to your account and find the Settings (or, in some cases, Privacy, or Settings and Privacy) section (often found under your profile icon or a “gear” or “tools” icon, or use the Help or Support features to find and understand the platform’s features and tools)." suggests consumer-action.org. X: @consumeraction
62. Don't trust "friends" who claim to be mugged or have other unbelievable stories
Facebook has become a dangerous platform for users who aren't careful. Scams have been attempted, some successfully, on the social network, involving thieves masquerading as users on an individual's friends list, asking for financial help after supposedly being mugged in a foreign country. Non-suspecting users who merely want to help their friends may wire money to these criminals, failing to recognize the ploy. According to Kim Komando, “As with phishing emails and scam text messages, Messenger is often the preferred way for criminals to find new victims. Whether it is to steal money or personal details, the more victims they entrap, the more profits they make. It can be so lucrative that criminals reuse old scams in new ways.” Never trust anyone who cannot verify they are, in fact, the person they claim to be. Ask strategic questions to which the answers are not readily available on the user's profile or easily located online. If it seems suspicious, get in touch with the person via phone or another communication method to try to verify the story. X: @kimkomando
63. Block suspicious or shady users on Facebook
For users you don't know outside of Facebook who befriend you and then make you uncomfortable by asking repeated, personal questions or pressure you to meet them offline, blocking them is a viable option. "When you block someone's profile on Facebook, that profile will no longer be able to do things such as tag your profile or see things you post on your profile," says Facebook. Blocking shady users means they cannot message you, contact you, or see that you're online. In fact, they cannot view your profile at all. X: @facebook
64. Protect your Tweets
If you're using X to promote your business, you might want your Tweets to be publicly available. However, if you use X for personal communications, you have the option of setting your Tweets to private, meaning only approved followers are able to view your content. Read more about the difference between public and private Tweets here and how to change your settings here. X: @twitter
65. Check your privacy settings regularly
Privacy options are always changing on social networking platforms, so be sure to check your personal settings regularly and make adjustments as needed. "Because of the growing risks, social media privacy settings are crucial to your online safety. By protecting your private information and keeping your social media accounts secure, you can make yourself a much less susceptible target for cybercriminals," according to Aura. Click through to the full article for a breakdown of what to look for when updating your privacy settings across social media. X: @Aura_Protects
66. Know who your friends are
Don't accept random friend requests on Facebook from people you don't know. "Social networks can be used for a variety of purposes. Some of the fun is creating a large pool of friends from many aspects of your life. That doesn’t mean all friends are created equal. If you’re trying to create a public persona as a blogger or expert, create an open profile or a “fan” page that encourages broad participation and limits personal information," advises StaySafeOnline.org. "Use your personal profile to keep your real friends (the ones you know and trust) up to date with your daily life. Also, you don’t have to accept friend requests from everyone. If you don’t know someone, it’s perfectly fine not to accept their request to connect." X: @StaySafeOnline
67. Use two-step verification for LinkedIn
"LinkedIn members can enable duplicate authentication for their accounts, and then require a password and a verification code when a login attempt is made from a device that LinkedIn does not recognize. This code is sent by SMS to the user's mobile number. In other words, any invalid or unauthorized login attempt requires a password and access to your mobile phone.," according to a post on LinkedIn Pulse. This ensures that should someone crack your account password, they will be unable to login unless they can't access your account unless they also gain access to your code -- meaning they'd have to also be in possession of your mobile device. X: @LinkedIn
68. Contact the social network to regain access, and let your friends know if you've been hacked
Sometimes, having your social networks hacked means your friends could be being conned by criminals pretending to be you. Or, you could even be blocked from your own account if they've changed the password or conducted activities that have led to your account being banned by the service. "If you’re locked out of your account or blocked from accessing it, many Web services have steps in place so you can get back in. For example, Facebook has a system where you can use a trusted source like a friend to take back your account. Search each service’s help section for specific instructions. Speaking of friends, you should let your contacts know that you’ve been hacked, and report the issue to the site. Also, run a scan of your computer or mobile device using a trusted and up-to-date antivirus program," advises Vox. X: @voxdotcom
Protecting Your Online Privacy
69. Avoid sensitive transactions on public Wi-Fi
Working at the local coffee shop may have some appeal, but relying on a public Wi-Fi connection means your data is interceptable by outsiders. Avoid conducting banking transactions and sending other sensitive information over a public Wi-Fi network. As the FTC notes, "If you use an unsecured network to log in to an unencrypted site — or a site that uses encryption only on the sign-in page — other users on the network can see what you see and what you send. They could hijack your session and log in as you." X: @FTC
70. Use website privacy settings
Websites other than social networking platforms also offer some privacy options. YouTube, for instance (which could arguably be considered a social networking platform, as well), allows users to make videos private or viewable only by specified persons. "Ultimately, the best way to control your personal information online is not to hand it over in the first place. Recognizing that it may not always be practical or possible to withhold information, one way to try to contain the potential privacy implications is to use privacy settings. It is important to remember that privacy settings are not a silver bullet for privacy protection, but they can and should help you increase the control you have over how your personal information is handled online, such as what information an organization collects and who can see what you post.," recommends the Office of the Privacy Commissioner of Canada. X: @PrivacyPrivee
71. Don't forget to sign out
Signing in to online services is necessary when you need to access your personal accounts, but many users forget to sign out when they're finished using a service. It may sound like common sense but try to remember to log out every so often. "...Even if you think your accounts are safe, it’s a good idea to do this regularly (once every month or so), just to make sure you’re the only one with access to your apps and services. And if you want to go the extra mile while you’re at it, make sure third parties are well and truly excluded by changing your password." according to popsci.com. X: @popsci
72. Don't open emails from people you don't know
If you receive an email from a source or individual you don't recognize, don't open it, and definitely avoid clicking any links or file attachments. "There is a golden rule to dealing with spam emails: if it looks like a spam message, it probably is — so delete it without clicking or downloading anything. Such messages may contain software that tells the sender you've opened the email, confirming you have an active account, which may lead to even more spam messages. Some malware programs can steal your email address and use it to resend spam messages under the guise of a legitimate address. For example, imposters could pose as someone you know, like a friend, relative, or colleague. If the message in question appears to come from someone you know, contact them outside of your email,” Norton suggests.
73. Use two-factor authentication
Two-factor authentication is an additional layer of security that provides protection in the event that a hacker guesses or cracks your password. Two-factor authentication requires a second verification step, such as the answer to a secret question or a personal identification number (PIN). You should opt for two-factor authentication when given an option. "Smartphones offer a variety of 2FA capabilities, enabling companies to use what works best for them. Some devices can recognize fingerprints, use the built-in camera for facial recognition or iris scanning, and use the microphone for voice recognition. Smartphones equipped with GPS can verify location as an additional factor. Voice or Short Message Service (SMS) may also be used as a channel for out-of-band authentication." explains the TechTarget. X: @techtarget
74. Don't believe everything you read
This tip is important for much beyond data protection, such as protecting your financial assets, your reputation, and perhaps most importantly, your personal confidence or self-worth. Too many people have fallen victim to scams online, by buying into false claims and promises of vast accumulation of wealth. Michael Daniel, on The White House Blog, advises, "Be cautious about what you receive or read online – if it sounds too good to be true, it probably is." Best-case scenario is you lose a few bucks buying into a pyramid scheme that will never net you any profits; worst-case, your personal information is sold and your identity stolen. X: @WhiteHouse
75. Use secure websites, especially for sensitive transactions
When you're conducting a financial transaction or sharing other sensitive information, always use a secure website to do so. Secure Socket Layers (SSL) is a commonly used website security protocol that provides additional protection for data as it's transmitted through the Internet. You can tell if you're using a secure website by looking at the beginning of the URL. Those beginning with https:// are secure. "When you request a HTTPS connection to a webpage, the website will initially send its SSL certificate to your browser. This certificate contains the public key needed to begin the secure session. Based on this initial exchange, your browser and the website then initiate the 'SSL handshake'. The SSL handshake involves the generation of shared secrets to establish a uniquely secure connection between yourself and the website. When a trusted SSL Digital Certificate is used during a HTTPS connection, users will see a padlock icon in the browser address bar. When an Extended Validation Certificate is installed on a web site, the address bar will turn green.," explains Instant SSL. X: @SectigoHQ
76. Avoid clicking on links in emails
Most everyone gets the occasional email from their bank, financial institution, or similar accounts and services. But to be safe, you should always open a browser window and type the URL in the address bar, rather than click on links in emails. Why? Phishing emails are one of the most common ways hackers obtain personal information, tricking users into inadvertently handing over their login credentials to bank accounts, credit cards, and other accounts where they can glean further information, make unauthorized purchases, or even steal your identity. "Phishing is a type of cyberattack that uses disguised email to trick the recipient into giving up information, downloading malware, or taking some other desired action... In a common phishing attack, the target receives an email from a source pretending to be legitimate, such as their bank, coworker, friend, or workplace IT department. The email typically asks the recipient to provide login credentials for their bank, credit card or other account by 1) replying directly to the email, or 2) clicking on a link that takes them to a website or login page. But it’s all fake, designed to scam the recipient into giving away access to sensitive accounts or networks.." CSO explains. X: @CSOonline
77. Be mindful of your online reputation
Any information you enter on social networking websites, accounts, or any other website could potentially be up for grabs in the event of a data breach. In general, the information you put online contributes to your online reputation, which can impact your chances of securing employment, getting into your college of choice, and create many problems if the information is unfavorable. Monitoring your online reputation can also help you pick up on sensitive information that shouldn't be publicly available so you can take action to have it removed. “Think before you post anything online or share information in emails. What you post online, can be seen by anyone. Sharing personal information with others you do not know personally is one of your biggest risks online. Sharing sensitive information such as your address, phone number, family members’ names, car information, passwords, work history, credit status, social security numbers, birth date, school names, passport information, driver’s license numbers, insurance policy numbers, loan numbers, credit/ debit card numbers, PIN numbers, and bank account information is risky and should be avoided. Consider removing your name from websites that share your personal information obtained from public records (including your phone number, address, social media avatars, and pictures) with anyone on the internet,” The United States Attorney’s Office in the Northeastern District of Georgia recommends. X: @NDGAnews
78. Don't download files from untrustworthy websites
Websites like peer-to-peer file-sharing platforms are not only illegal, but they're often rife with malware. Avoid downloading files from any website that you don't trust completely. "The biggest risk of downloading files from the internet is the file itself. There might be a possibility that the file you have downloaded is infected by the virus. This becomes even more serious regarding Peer-To-Peer applications. Downloading data from peer-to-peer platforms comes with many risks. You are shown viruses disguised under attractive names. If these files are downloaded and opened in the system, the whole system will get infected.," The IT Base explains. X: @theITbase_tech
79. Consider using a disposable email
A disposable email account is one created solely for a specific purpose that you'll never use again or for any other account or purpose. "If you need to sign up for a service but don’t want all of the promotional updates that come with it, sign up with a burner email address. Where there’s a risk of getting spammed by email marketing content, you can avoid clogging your inbox by registering for things with a designated ‘spam’ account, and then perusing it at your leisure. This is perfect for when you’re out of the office and need to register an email address to use WIFI in a public space, for example, or need to register to a website in order to access content," GetApp explains. X: @GetApp
80. Take advantage of secure mobile access options
Some online services offer secure mobile access options, enabling users to access services without exposing login credentials. "For best practices, download your financial institution’s app instead of using a browser to get to the site and log in. Apps are designed with greater security than a browser. Some apps offer enhanced security tools, such as Touch ID, use these beneficial tools for added safety.," says First Bank Iowa. X: @FirstBankIowa
81. Opt out of ad tracking
An article on the Electronic Frontier Foundation addresses the issues that arise from ad tracking online: "Advertising is a huge business. We’ve written before about how online ads are used to target you and this goes even further with social media ads. You have to expect a level of this behavior while using the Internet, but there are ways to limit how much information is collected about you." For tips on how to opt out of ad tracking on iOS and Android devices, click here. X: @EFF
82. Don't save passwords in your browser
Another useful tip from Tom's Guide, this advice suggests that the common practice of 'remembering passwords' in browsers can sometimes be a dangerous practice. Indeed, should someone gain access to your computer or mobile device, they'd be able to easily access any accounts for which you've stored login credentials in your browser. "Desktop web browsers, despite their best efforts, tend to do a lousy job of safeguarding your passwords, credit-card numbers and personal details, such as your name and address. Web browsers are fairly easy to break into, and lots of malware, browser extensions and even honest software can extract sensitive information from them." X: @tomsguide
83. Use more than one email address for different contexts
Much like using the same password for multiple accounts, using the same email address for every account is a recipe for disaster. That's not to say that you can't use the same email address more than once, but a good strategy is to use a different email address for different contexts, such as one for personal accounts, one for business-related accounts, one for online retail accounts, and so on. In this tip, which is an "oldie but a goodie," Rich from Securosis says, "One of my favorites is to use different email accounts for different contexts. A lot of security pros know this, but it’s not something we have our less technical friends try. Thanks to the ease of webmail, and most mail applications’ support for multiple email accounts, this isn’t all that hard. Keeping things simple, I usually suggest 4-5 different email accounts: your permanent address, your work address, an address for buying online when you don't trust the store, an address for trusted retailers, and an address for email subscriptions." For more suggestions on the types of accounts to use with each email account, click here. X: @securosis
84. Create a dedicated email address for long-term projects
GetApp.com also offers a list of compelling reasons for maintaining multiple email accounts, suggesting creating a dedicated email account for a long-term project. That way, should you need to hand over the work or the position to someone else, you can simply pass along the login credentials rather than worry about forwarding emails for weeks and months to come. "If you’re working with teams, on projects or even hiring more people, you’ll have a ton of information coming in that’s meant for specific tasks or goals. Having a separate email address dedicated to these workflows makes sense; it’ll not only help you manage communication channels, but you can add more than one person to these email groups so that everyone has visibility into the communication coming in. This also makes it easier for contacting specific teams within the business." X: @GetApp
85. Take stock of your digital footprint
Akin to evaluating your online reputation, taking stock of your digital footprint involves investigating your online presence, but to find old accounts that you no longer use. "Even assuming that you don’t reuse passwords, the personal data associated with your old, unused account could still give attackers answers to your security questions on other websites. To protect your privacy, it’s a smart idea to remove your private data from services you no longer use. You can do this by closing those outdated accounts rather than leaving them dormant.," explains How-To Geek. X: @howtogeek
86. Don’t use social media credentials to register for or sign in on third-party sites
It seems like a convenient option: Simply register for a website or online service using your Facebook or LinkedIn account, and as long as you’re signed in to that social network, signing in to the third-party site is fast and easy. Doing so can jeopardize your privacy, however. “Although it is a convenient option, signing into another account with your Facebook username and password can mean giving the other site all the information Facebook has gathered about you. Worse, if someone hijacks your social login information, they can also gain access to these third-party accounts,” explains ReputationDefender. X: @ReputationDef
87. Be careful when searching in categories known for malware
This is a difficult tip to adequately describe in a relatively small number of words, but use caution anytime you're searching for any topic known for spam or malware. This often happens with extremely popular search topics, such as pharmaceuticals, celebrities, popular films, and adult-oriented content. Because so many people search for these topics, it's easy for hackers to set up websites that are essentially fake, designed solely to elicit clicks and execute malicious files. "What could go wrong when your kid searches for their favorite movie? Apparently, a lot. Even the search results for animated movies are a hot mess. Home Security Heroes found over half of the search results for “The Boss Baby,” “Transylvania 2” and “Sonic the Hedgehog” could contain malware," according to this Kim Komando post. X: @kimkomando
88. Don't send passwords or account login credentials over public or unsecured Wi-Fi networks
"Attackers can set up man-in-the-middle attacks or other methods of cyber espionage on public WiFi. To reduce risk, avoid handling or sending sensitive data whenever possible. That means steering clear of financial data, PII, credentials and passcodes, and any restricted or confidential information until you're back on a secured network." warns LastPass. X: @lastpass
89. Store your most sensitive data locally
Instead of backing up all your data in the cloud, particularly a cloud storage provider with security measures you're not completely confident in, consider backing up your most sensitive information locally or on a removable storage device you can keep under tight wraps. "I doubt there’s such a thing as real privacy on the internet, so personally I wouldn’t trust storing my top secret files in the cloud. Call it paranoia, but identity theft is on the rise and I just don’t want to risk any of that. In any case, we probably don’t have to look at our most sensitive data through the cloud on a 24/7 basis. My advice is to keep only those files which you need to access frequently and avoid putting up documents containing passwords for your various online accounts or personally identifiable information (PII) such as your credit card numbers, national identification number, home address, etc. If you must include these information in your files, make sure to encrypt them before you upload," says Michael Poh in an article on Hongkiat. X: @hongkiat
90. Regular password changes might not actually be necessary
Frequent password changes has long been advice offered in security circles, but the practice's efficacy has come into question in recent years. "Many companies require their employees to change their password every 90 days. It’s an inconvenient policy which leads people to ask: Is it really necessary? The short answer is no. Frequent password changes may have been a good idea in years gone by, but they’re not necessary today." says an article on 1password. X: @1password
91. Use an encrypted cloud service
While cloud storage makes for an ideal backup solution, it can also be more prone to hackers if you're not careful about the cloud services you choose. Victoria Ivey, in an article on computerworld.com, suggests encrypting the data you store in the cloud or using a cloud provider that encrypts your data for you. "There are some cloud services that provide local encryption and decryption of your files in addition to storage and backup. It means that the service takes care of both encrypting your files on your own computer and storing them safely on the cloud. Therefore, there is a bigger chance that this time no one -- including service providers or server administrators -- will have access to your files (the so called "zero-knowledge" privacy). Among such services are Spideroak and Wuala." X: @computerworld
92. Choose a safe, reputable email provider
Much like not all cloud storage providers are created equal, neither are email providers. Inc.com interviews Patrick Peterson, Patrick Peterson, the founder and CEO of Fortra's Agari, about data protection, password management, and choosing safe service providers. "Be sure yours provides proper security. 'There's been technology development that stops people from impersonating your ISP, your bank, or your travel site," Peterson says. "You need to make sure your email provider uses technology like DMARC to stop that phishing. The good news is that Google does it, Yahoo does it, Microsoft supports it, AOL supports it, so if you're on one of those, you're on your way to minimizing your risk.'" X: @WillYakowicz
Data Protection Following a Data Breach
93. Immediately change your passwords following a data breach
If a company through which you have an account has suffered a data breach, immediately change your password. An Fulton Bank discusses seven steps to take after a breach including changing your password on any affected sites: "It's a good idea to keep changing your password on a regular basis, but in the aftermath of a data breach, it's especially important to change your passwords to something strong, secure, and unique. And you should have multiple “passwords," not just one. Do not use the same password for all of your online accounts. In general a “strong” password is at least 8 characters with a mixture of letters, numbers, and symbols. Consider using a password manager to help generate and keep track of your passwords." X: @fultonbank
94. Verify that a breach has, in fact, occurred
There are many opportunists who use the likelihood of a data breach to trick unassuming consumers into actually handing over their passwords and other information, when a data breach hasn't actually occurred. Before responding to any requests to update your login info through a link sent to you in an email, visit the company's website by typing the URL into your address bar and confirming the breach occurred, or call the company to verify the information. "First, make sure that your card information has actually been compromised. If you receive a notification via email requesting 'confirmation' of your card information, don’t respond – it could be an opportunistic fraudster. Check the merchant’s website for news about a breach or reach out to customer support for details," says the Electronic Transactions Association (ETA). X: @ElecTranAssoc
95. Request a new card, if applicable
If a data breach has affected a company that has issued you a card, such as a bank-issued or retail store-issued credit card, cancel your existing card and request a new one. This action makes the previous card number invalid, so if it has been stolen by hackers, it is no longer usable and your finances are secure. "Federal law says you’re not responsible to pay for charges or withdrawals made without your permission if they happen after you report the loss. It’s important to act fast. If you wait until someone uses your card without permission, you may have to pay some or all of those charges. Check your statement or online account for the right number to call. Consider keeping the customer service numbers for your bank or credit union in your phone’s contacts, and keep them up to date." the FTC says. X: @FTC
96. Consider a credit freeze
This is a major step, but one that can be especially helpful if you suspect or know your identity has been stolen. It's possible to restrict access to your credit reports, meaning that thieves who are assuming your identity and attempting to open accounts in your name won't be able to do so. "A credit freeze restricts access to your credit report, which means you — or others — won’t be able to open a new credit account while the freeze is in place. You can temporarily lift the credit freeze if you need to apply for new credit. When the freeze is in place, you will still be able to do things like apply for a job, rent an apartment, or buy insurance without lifting or removing it.," according to the Federal Trade Commission. X: @FTC
97. Take advantage of free credit monitoring
If a major corporation suffers a data breach and your account information has been compromised, the company may offer affected consumers with free credit monitoring services. In a CBC article following the recent Ticketmaster data breach, an expert stressed the importance of using any free credit monitoring tools offered by companies. "You should do what they tell you to do, because usually they give you some advice that's intended to empower you to look after yourself and protect yourself," said Arnold, lawyer and data breach counsel with law firm Gowling WLG in Toronto. "It's almost always the same tips and those tips are a good idea," he said, referring specifically to instructions to monitor both the compromised and other accounts for unusual activity, and to sign up for any offered credit monitoring services. X: @CBC
98. Don't ignore reports from friends about mysterious emails coming from your accounts
One of the most common ways people learn they've been hacked is when their friends or family members report receiving an odd email or social media message, or even seeing strange updates posted on social media profiles. It's easy to ignore these warnings and assume it's some sort of fluke or someone who simply changed the "reply-to" when sending a spam email, but this is often a sure indicator that your account has been compromised. Don't ignore these tips. According to Consumer Affairs, “Anytime you receive a new “friend” request from someone who's already on your Facebook friends list, the simplest thing to do is send your real friend a message asking if they know about their apparent double.” X: @ConsumerAffairs
99. Know the warning signs that your data has been breached or that you've been hacked
There are many possible indications that an account has been hacked, your identity stolen, or your data breached in some other way. Educate yourself on the warning signs of a potential breach and create positive habits for monitoring your personal data security to identify potential attacks or breaches before they escalate to devastation. Read up on data protection tips (such as the guide you're reading right now) and on information outlining the common warning signs of a data breach or hack, such as this list of "15 signs you've been hacked—and how to fight back" from CSO. X: @CSOonline
100. Regain control over your compromised accounts
All too frequently, if one account has been hacked, your data is no longer secure on other accounts using the same login information, particularly if you use the same password for multiple services. "Regaining control of a hacked email account can be tougher. You'll have to contact the email provider and prove that you're the true account holder. Of course, if the hacker changes your password, you can't use your regular email to contact the provider. It's important to have more than one email address, and make each the alternate contact address for the other. Did you use your email address as a username on other sites? That's certainly a common practice. But if you also used the same password that you used for the hacked email account, those accounts are now compromised as well. Even if you didn't use the same password, you could still be in trouble. Think about this. If you forget a website password, what do you do? Right—you click to get a password reset link sent to your email address. A smart hacker who has control of the email account will quickly seek your other accounts, social media, perhaps, or worse, shopping and banking accounts," explains Neil J. Rubenking in an article at PCMag. X: @neiljrubenking
101. Find out precisely why the breach or hack occurred
If your account has been hacked, your data lost, or device stolen, consider it a learning opportunity. Find out exactly what went wrong and how you could have protected your data by taking better precautions. "While you are fixing things, it’s a good time to take a step back, and ask yourself a more basic question: What was the reason for the breach? If it was your bank account, the answer may be obvious. In other cases, such as e-mail, it can be for a host of reasons — from using it to send spam, to requesting money from your contacts, to getting password resets on other services. An attacker may even be trying to gain access to your business. Knowing why you were targeted can also sometimes help you understand how you were breached," says Mat Honan at Wired. X: @WIRED
