The past month hasn't been a good one for people concerned about online privacy.
First, hackers stole personal information from 100 million accounts at Sony, then Symantec announced that Facebook might have accidentally leaked its users' information to advertisers and other third parties for several years without realizing it.
The breaches, coupled with some high-profile credit card hack attacks, have people
worried-and rightfully so. If they're not safe with some of the biggest holders
of personal data around, is their data safe anywhere?
Stay safe while using the net. You may not like
"There's nothing consumers can do," says renowned security expert Bruce Schneier.
"We are regularly giving our data to third parties who, in many cases,
don't care very much about our privacy. There's a serious economic reality
going on that when companies breach our privacy, they don't feel it."
There are, however,
a few steps you can take to make things a little more difficult for cyber
criminals. Here are the top six from experts:
use the same passwords. It's easy to fall into bad habits-and one of the
worst ones people have is resorting to the same password on multiple
sites. It might be easier to remember, but if it's compromised one place,
it puts you at risk on a widespread basis.
should be unique to that account," says Jay Foley, executive director of
the Identity Theft Resource Center. "That's a major block."
If you find
yourself getting overwhelmed, consider creating an excel spreadsheet with your
various accounts, usernames and passwords. Just be certain to password protect
that file and ensure that your own computer's security is rock solid.
2) Don't use the same security questions. Just as people use the same
passwords, they also tend to pick the same security questions-and thieves can
use those to brute force their way into other accounts in your name, even when
there's a flag on the account to watch for possible fraudulent activity.
security questions are critical," says Avivah Litan, vice president and
distinguished analyst at Gartner. "When an
account is flagged as high risk, the service provider will typically ask you
the answer to your secret question. Typically, these questions are very similar
across the board. Once the criminal gives it, he's in."
When possible, come
up with your own question and answer. And try to avoid the same questions at
3) Beware your history. Online shopping is one of the fastest-growing
segments of retail, but people often don't think about what happens after they
complete a purchase.
"One of the
biggest problems facing online shoppers is everyplace you've done business,
you've left your personal information behind," says Foley.
That makes you
vulnerable at multiple locations you may have long forgotten, but there are a
couple of alternative options. Services like ShopShield allow shoppers to keep their address, credit card information and
more at a single location, instead of multiple e-tailers.
And FirstData is experimenting with card readers that are designed to attach to
consumer's computers, letting them swipe credit cards at home and not have to
leave that data on file with an online retailer.
4) Share less. As social media grows, people have become a lot more open
with personal information. You've probably heard not to announce on Facebook
when you'll be out of town (it's an open invitation for thieves). But too many
people don't realize they could be handing out their passwords without meaning
Here's how it happens: People often choose a favorite pet or their child's name as a
password, to help them remember it (and thinking that a stranger wouldn't know
that sort of thing). But on their Facebook page, they've got all that
information available and may not block access to it adequately via the site's
5) Watch for red-flag questions. If you've had data stolen, that doesn't automatically mean
you're at risk for identity theft, but you are a more likely target for a
Even if your data has not been compromised yet, never click a link (or open an attachment) in an email from someone you don't know. The same advice goes when it appears to be from your bank or credit card company. Thieves are sophisticated enough to make very realistic looking emails and sites. Always type in the URL manually.
"Anything you read in an email is subject to verification," says Foley. "That's the
rule by which I live."
6) Read the fine print. Living our lives online has made us a much more
fast-paced society. So fast, in fact, that most people don't bother to read the
policies they agree to at many sites. Most assume the language is basically the
same everywhere and is meant to protect them, but often they're signing away
Major corporations, for instance, might include a clause noting that by accepting the terms of their agreement with one subsidiary, you give them the right to share that with
all of its holdings, meaning all of a sudden, your data is at dozens, hundreds
or even thousands of sites without your knowledge.
Read privacy policies closely and see with whom the companies you do business with share
Ultimately, none of these steps will protect you entirely, but by limiting the number of locations where your data is available and making it a bit tougher for hackers to use one
account to leverage others, you can put up some firewalls to prevent a single
hack from exposing you to multiple headaches.