How to win against the hackers
During Cybersecurity Awareness Month, our expert outlines how to stay digitally secure and what to do if your data is compromised.
To put it bluntly: The hackers are winning.
More than 111 million Americans, around a third of the whole population, have their personal data stolen every year. And most of these breaches stem from the same cause: shoddy digital security, especially through insecure usernames and passwords.
As Steve Beaty, Ph.D., professor and chair of Computer Sciences at MSU Denver, puts it: “If you leave the door wide open, bad people will invite themselves in.” But in an interview with RED, Beaty also has some useful tips to make sure your personal information stays personal:
Stop memorizing your passwords
Most Americans still use only a few usernames and passwords or even just a single one, which they have memorized. But here’s the thing: Once one of your accounts with that universal password is compromised, everything goes.
My recommendation is simple: Don’t memorize any passwords, except maybe a master one to open your laptop. Instead, let your computer do the work. Firefox, for example, has a useful password manager that can securely hold and organize all your key information. I’ve also put together this handy password generator, which helps you create totally safe passcodes. And there are numerous password safes (such as KeePass) that will memorize and keep all your security details safe.
Use the security tools at your disposal
These days, we all have easy access to effective digital defenses such as Face ID, multifactor authentication and one-time passcodes, which are excellent at repelling online attacks. And over the past few years, corporations, utilities and banks have become markedly better at encouraging security-conscious behavior among consumers.
For example: If I make an online purchase today using my laptop, I’ll get a text message on my smartphone containing a code, which I’ll then have to punch into my bank app before the transaction is approved. That’s real security and real progress.
Lie about your mother (really)
Whenever a website or app asks you to input your mother’s maiden name, elementary school or first pet, just lie. There’s good reason why computer experts call these “insecurity questions.” Every time you give your mom’s genuine maiden name during a security process, you’re just providing a useful data point that can be used against you during a cyberattack.
Remember: Any and all personal information can be weaponized against you by resourceful hackers. When I’m asked for such details, I simply use my password generator to make up a completely random phrase, which is then automatically (and securely) stored by my password manager. And if it turns out that my mom’s maiden name isn’t actually “Fz0079%$xcv76omd,” then who cares?
Get protection before you’re compromised
Most banks now offer decent protection on your credit cards. But you can go a step further by asking the three major clearinghouses — Experian, TransUnion and Equifax — to freeze your credit cards against payments over a certain level. That’s useful because we all know the first thing hackers will do with your stolen bank details is make a string of high-level purchases.
My serious advice is to freeze your cards today. Basically, act as if you have already been a victim of theft. It takes only minutes to do it, and whenever you do need to make a big payment, you can easily go in and temporarily unfreeze the relevant card. But crucially, your default setting will now be protected.
RELATED: The spies you invite into your home
Remember: Staying secure is ultimately less work
People accuse computer experts of being too security-conscious — the phrase “professionally paranoid” is sometimes used. And the line I always hear is that it sounds just too much trouble to maintain all those randomized passwords. But it’s no trouble at all. While I have hundreds of passwords, I know only a couple of key ones. Everything else is safely encrypted on my computer.
And here’s the big secret: Once you have everything set up, managing scores of randomized passwords is arguably easier than remembering and manually typing in a small selection of familiar ones. I have an easier time accessing my accounts than the person with, say, six passwords jotted down in a notebook in their top drawer. Once your computer is doing all the heavy lifting, dealing with multiple passwords becomes relatively simple — plus you have the comfort of advanced security.
Yikes! I’ve been hacked. Now what?
Here’s the bad news. Once a site has been breached, you’ll need to change all the security details (username, password, security questions) relating to that site. For me, with my randomized passwords, that would mean fixing the single affected account. But if you’re one of the two-thirds of Americans who use the same password across multiple accounts, the breach will be only the beginning of your headache.
Have you been breached?
This handy website checks to see whether your email address has been compromised and offers useful advice.
You’ll need to check all your accounts (banks, mortgage, utilities, gym membership, subscriptions, cable, phone, streaming services, online shops) to make sure they haven’t also been breached. And then, you’ll have to manually change the security details for every one of those accounts because your compromised password means they are all now a metaphorical open door for hackers.