Personal Finance

How to protect yourself? Think like a hacker

Thomas Samson | AFP | Getty Images

Each headline seems worse than the last: Target, Apple, Home Depot. And now, JP Morgan Chase. Perhaps you are losing faith that American corporations are keeping your personal information safe from hackers, but you wonder, what else can you do?

You could try hacking yourself. In fact, you should.

Scared by the recent leak of embarrassing celebrity photos onto the Internet, Dallas Mavericks owner Mark Cuban recently tried it and ended up telling all his high-profile friends they should do the same. He pretended to be an Internet criminal set on accessing his Apple iCloud account, and tried breaking in—a technique called a "pentest," or penetration test, in the professional security world. Cuban discovered the same thing many corporations discover with a pen test: Seemingly sophisticated security techniques are often easily foiled by a quick Google search.

But there's good news: If you think like a hacker, you can lower your risk.

Cuban took to Twitter on Monday to offer advice to his"celeb/high-profile" friends, but it applies to anyone. His tweets employ the standard broken English common required in Twitter's world of 140-character limitation.

"NEVER put your real birthday in your Apple ID setup. Anyone with yr bday has path to hack u," he began. "If it's remotely possible the answer to your security question is online pick a different question or avoid using that feature."

He followed a few minutes later with: "On apple if I have your birthday, email and I search and find the answer to your security question. I own your account. Scary…dang, if you have a Wikipedia entry or your birthday and other information is online, this includes YOU."

Was there a specific reason for his sudden interest in a personal pen test? In other words, had he been hacked? Cuban says no.

"Was [just] checking out how easy my account would be to hack," he said. After he discovered the answer, he added, "[I] ended up changing everything."

Worried about your password? Change it ... now!

There's nothing wrong with the standard advice you usually hear after a data breach. If your personal information is hacked, the company that was victimized will probably offer you credit monitoring. (Although a Chase bank spokeswoman told CNBC that credit monitoring would not be provided to customers affected by this week's breach because no financial information was compromised.) If it does, go ahead and take it. Change your passwords, if you haven't done so recently. Watch your bank statements carefully. Add two-factor authentication to cloud providers where your photos and documents live. (Here's how.) But if you want to go the extra mile, follow Cuban's lead and conduct a personal pen test.

"This is something that is shockingly rare … but it should be something you do all the time, like checking your credit report," said Tod Beardsley, engineering manager at Boston-based security firm Rapid7, Inc. "It's something that sets the bar higher (for hackers) and it's free."

Mark Cuban
Getty Images

Pretend to be an angry ex-lover, or a debt collector, or a jealous co-worker, and see what you could get into if you tried. Use someone else's computer to really simulate an attack. Imagine how easy it would be for an estranged family member to guess your social media password. Determine what could happen if a hacker had access to your Gmail account. It's quite possible he or she could probably reset your password on most of your bank accounts using the "Forgot your password?" link.

See how many clues to those "knowledge-based authentication" questions your bank asks could be inferred from your Facebook page. (Example: Are you wearing a T-shirt with your high school mascot in a profile picture? Do you have a folder with pictures named "My dog Fido?" If so, remove them now.) One tip popular with security pros: Give fake answers to those questions, so even someone who knows your father's middle name couldn't hack in.

Job hunters have known this for some time: You don't dare send out a resume without Googling yourself first to make sure a recruiter won't find anything embarrassing. It's time to expand this concept. We live with the reality that millions of us get hacked every month, and everyone is a target. As they say, if you can't beat 'em, join'em. Take your digital security into your own hands. Hack yourself, and try it every few monthsbefore someone else does.