The past month hasn't been a good one for people concerned about online privacy.
First, hackers stole personal information from 100 million accounts at Sony, then Symantec announced that Facebook might have accidentally leaked its users' information to advertisers and other third parties for several years without realizing it.
The breaches, coupled with some high-profile credit card hack attacks, have people worried—and rightfully so. If they're not safe with some of the biggest holders of personal data around, is their data safe anywhere?
You may not like the answer.
"There's nothing consumers can do," says renowned security expert Bruce Schneier. "We are regularly giving our data to third parties who, in many cases, don't care very much about our privacy. There's a serious economic reality going on that when companies breach our privacy, they don't feel it."
There are, however, a few steps you can take to make things a little more difficult for cyber criminals. Here are the top six from experts:
- Don't use the same passwords. It's easy to fall into bad habits—and one of the worst ones people have is resorting to the same password on multiple sites. It might be easier to remember, but if it's compromised one place, it puts you at risk on a widespread basis.
"All passwords should be unique to that account," says Jay Foley, executive director of theIdentity Theft Resource Center. "That's a major block."
If you find yourself getting overwhelmed, consider creating an excel spreadsheet with your various accounts, usernames and passwords. Just be certain to password protect that file and ensure that your own computer's security is rock solid.
2. Don't use the same security questions. Just as people use the same passwords, they also tend to pick the same security questions—and thieves can use those to brute force their way into other accounts in your name, even when there's a flag on the account to watch for possible fraudulent activity.
"Those security questions are critical," says Avivah Litan, vice president and distinguished analyst at Gartner. "When an account is flagged as high risk, the service provider will typically ask you the answer to your secret question. Typically, these questions are very similar across the board. Once the criminal gives it, he's in."
When possible, come up with your own question and answer. And try to avoid the same questions at different sites.
3. Beware your history. Online shopping is one of the fastest-growing segments of retail, but people often don't think about what happens after they complete a purchase.
"One of the biggest problems facing online shoppers is everyplace you’ve done business, you've left your personal information behind," says Foley.
That makes you vulnerable at multiple locations you may have long forgotten, but there are a couple of alternative options. Services like ShopShield allow shoppers to keep their address, credit card information and more at a single location, instead of multiple e-tailers.
And FirstData is experimenting with card readers that are designed to attach to consumer’s computers, letting them swipe credit cards at home and not have to leave that data on file with an online retailer.
4. Share less. As social media grows, people have become a lot more open with personal information. You've probably heard not to announce on Facebook when you'll be out of town (it's an open invitation for thieves). But too many people don't realize they could be handing out their passwords without meaning to.
Here's how it happens: People often choose a favorite pet or their child's name as a password, to help them remember it (and thinking that a stranger wouldn't know that sort of thing). But on their Facebook page, they've got all that information available and may not block access to it adequately via the site's security settings.
5. Watch for red-flag questions. If you've had data stolen, that doesn't automatically mean you're at risk for identity theft, but you are a more likely target for a phishing campaign.
Even if your data has not been compromised yet, never click a link (or open an attachment) in an email from someone you don't know. The same advice goes when it appears to be from your bank or credit card company. Thieves are sophisticated enough to make very realistic looking emails and sites. Always type in the URL manually.
"Anything you read in an email is subject to verification," says Foley. "That's the rule by which I live."
6. Read the fine print. Living our lives online has made us a much more fast-paced society. So fast, in fact, that most people don't bother to read the policies they agree to at many sites. Most assume the language is basically the same everywhere and is meant to protect them, but often they're signing away their rights.
Major corporations, for instance, might include a clause noting that by accepting the terms of their agreement with one subsidiary, you give them the right to share that with all of its holdings, meaning all of a sudden, your data is at dozens, hundreds or even thousands of sites without your knowledge.
Read privacy policies closely and see with whom the companies you do business with share their data.
Ultimately, none of these steps will protect you entirely, but by limiting the number of locations where your data is available and making it a bit tougher for hackers to use one account to leverage others, you can put up some firewalls to prevent a single hack from exposing you to multiple headaches.