5 Ways to Protect Yourself from a Data Breach

This fall, don't fall victim to a data breach.

Everyone needs some retail therapy from time to time and with credit cards, online stores, and mobile shopping apps, it is easier than ever to go on a spending spree. You may not mind paying an item’s listed price, but you may end up paying much more than you bargained for if the personal data you use for these transactions ends up in the wrong hands. We look at a recent string of high profile data breaches and provide tips on how you can protect yourself from identity theft.

The Year of the Data Breach

2014 has not been a good year for consumers. The trouble began as early as January, when customers of Michaels and Aaron Brothers craft stores were informed that theirs may have been one of the 2.6 million payment card numbers and expiration dates stolen in a data breach. In May, e-commerce service, EBay, made headlines when it was discovered that the company’s corporate data base had been compromised, granting attackers access to customers’ names, email addresses, passwords, home addresses, phone numbers, and birthdays. As the public’s attention was focused on the EBay data breach, hackers infected Home Depot store registers with a variant of BlackPos malware designed to siphon data from cards as they are swiped at affected point-of-sales systems running Microsoft Windows. You may recall BlackPos as the culprit in the disastrous data breach that befell Target last year. Home Depot attackers made off with almost as much data as Target’s, as approximately 56 million credit and debit cards were compromised between the initial attacks in May and Home Depot’s September discovery. On September 8th, the home improvement giant disclosed that 2,200 of its North American stores had fallen victim to the data breach.

In 2014, even services peripherally related to consumerism are not safe from hacker incursion. This summer, hackers launched a phishing campaign at JP Morgan Chase bank’s expense. In what is known as a “Smash and Grab,” hackers sent approximately 500,000 emails designed to look as if they had been authorized by JP Morgan Chase to the bank’s customers. Once clients selected a link in said email, they were lead to a log-in webpage that installed Dyre banking Trojan onto their computer, regardless of whether or not they entered their log-in information. Google recently found itself in a similar pickle when its email service, Gmail, became the target of a data breach. A list of 5 million user email addresses and passwords surfaced in an online forum. Experts speculate that the leaked data had been taken from websites, many of them online shopping websites, which users accessed with their Gmail log-in. You can check if your Gmail account is one of the affected here.

Whereas each of the aforementioned targets has publicly acknowledged its victim status and has promised to fix any vulnerabilities, it is important to keep in mind that in most of these cases, the attack had gone undetected for months. Indeed, each day sees over 2.1 new data breaches and the number is growing. As you read this, your go-to physical or online shopping destination may very well be under siege. Fans of mobile shopping apps should be especially cautious. Technology research firm, Gartner, has predicted that more than 75 percent of mobile apps will fail basic security tests through next year.

Buyer’s Guide

Global information services group, Experian, warns that all of the recent media coverage on data breaches may lead consumers to believe that their identity will inevitably be stolen, that falling victim to identity theft is a commonplace nuisance to be tolerated, like a mosquito hovering about. With an estimated one in four Americans having received a data breach notice, it is an easy mindset to slip into. However, it is exactly this attitude that facilitates more data breaches. The average identity theft results in the victim losing a whopping $4,930.00, not to mention countless hours spent anxiously retracing their paper trail. Consumers must fight data breach fatigue and follow these tips so that they do not lose time and money to hackers:

1.       Consider Other Payment Methods

The obvious prevention tip is to only pay with cash, but far be it from SLICE to discourage you from taking advantage of modern conveniences, like debit cards. A process pulled from a hacker’s dream, a traditional debit payment is verified through your Personal Identification Number (PIN).  When making a purchase with your debit card, select the “credit” option whenever possible. This allows you to authorize the purchase via signature rather than PIN. There are also relatively secure, high tech, payment methods to choose from. One such option is E-commerce service, PayPal, which allows you to make purchases without divulging your credit card information to retailers. PayPal is accepted at a wide range of stores, including Home Depot. Those who did not fall for the old charge-your-iPhone-6-in-the-microwave trick may want to look into PayPal competitor and digital wallet service, Apple Pay, as access is limited to users of that device.

2.       Lock Up

Your passwords are essentially locks that guard your identity, so you want to create secure ones. If you have been reading our “Slice it Up” posts, you know that a strong password is one that people would not typically associate with you. When crafting a new password, steer clear of incorporating nicknames and alluding to hobbies and other personal identifiers. Remember that a long password is a strong password, so aim to surpass the eight character maximum many websites mandate. Whereasa hacker may have to try 645 trillion combinations to crack an eight-character password, it could take that same hacker 3 quintillion tries (!!!) to figure out a ten character code. When inventing these long, unpredictable passwords, use a combination of uppercase and lowercase letters, numbers, and maybe even a symbol or two. Finally, create a fresh password for each account you open.

3.       Do a Two-Step

Two-step, sometimes called two-factor, authentication is a feature that asks for more than just your password. For example, our friend tells us that if Craigslist suspects that your account has been hacked, the service sends a message containing a code and a phone number to the email address associated with your account. You are then asked to text the code to the phone number before you can post again.  With news of a new data breach breaking seemingly every day, many popular websites and services have heightened security by offering users the ability to set-up two-step authentication for all subsequent log-ins. In most cases, the set-up process is quick and easy!

4.       Be Wary of Phishy Emails and Text Messages

By definition, a con artist is one who creates an air of credibility to prey on others’ trust. One plotting a phishing scheme would take great care to craft emails and text messages that seem as if they are from a reputable business. It may be tricky to differentiate between scam messages and authentic ones, but there are telltale signs. Be wary if a “company” asks you to confirm or provide personal information (Social Security numbers, credit and bank account numbers, etc…) via email or text. A legitimate business would not request sensitive data in such a cavalier way. Even messages from companies that threaten to close your account or take some other action should be ignored. Clicking on the link provided in the message may lead you to a phishing website, like what happened to those JP Morgan Chase customers. If you feel that there is a chance this type of message may be the real deal, you should call the customer service phone number listed on said company’s website and speak to a representative. It is always better to be safe than sorry!

5.       Check Yourself

Take a cue from Whitney Houston and check your credit card receipts for suspicious activity. Pay attention to individual purchases, as a cunning thief will use your information to make small, sporadic purchases the average credit card holder would fail to catch. Check your monthly bank statements for similarly small and random cash withdrawals and take immediate action if anything seems amiss.

The incidence of data breaches may be rising, but follow these tips and you will minimize you risk of becoming another statistic. Happy shopping!

 

By: Alannah Dragonetti

Interested in our services? Want to learn more about our products?