Think long-term when posting on social networks. Software makes it so simple to overshare—posting a photo takes just a few clicks and friends can tag you and your location before you realize it—that it's easy to overlook how much information is actually being divulged. But a few "likes" today aren't worth big headaches tomorrow.
While it's possible to untag yourself and to delete tweets and Facebook posts later, that doesn't mean the data hasn't been vacuumed up and stored someplace. Criminals scout the Internet to build dossiers on consumers that can be used in elaborate digital impersonations—that's essentially how they broke into the IRS' "Get Transcript" service. Most people don't realize how much they contribute to hackers' efforts. Users post photos of their pets (with names!) their old schools, their family members (with names!) ... all potential clues for criminals who might try to hack your accounts.
Anything typed into a keyboard or uploaded onto a site can come back to haunt you years later. Many of the victims in the Adult FriendFinder data theft had already deleted their accounts, claims Channel 4, the U.K. outlet that broke news of the leak.
Your best bet: Avoid sharing personal information, whether it's vacation destinations or family names. And use the tightest privacy settings, so random strangers can't pick up tidbits about you.
Read MoreDo you suffer from 'progress bias'?
Use multiple passwords. "The rule of thumb for the consumer is, don't use the same username, don't use the same password, don't use the same security questions," said Morey Haber, vice president of technology at BeyondTrust, a security management firm. The IRS breach, he said, is a perfect example of how one piece of compromised information can be used to hack new accounts and cause further problems. "It shows the chain reaction in something that can occur."
If you can't use a different password at every site, at least employ password "families." Use very strong, distinct passwords for financial sites, and simpler passwords for sites that require them for registration, such as news sites.
Consumers frequently surrender their critical passwords to almost every site they visit, a terrible habit. (A report by fraud-detection vendor CSID, released in the fall of 2012, found that 6 in 10 consumers reused passwords at multiple sites.) That means your online bank account is only as safe as the security at any other site you've accessed with the same password.
Even something as harmless as a Starbucks gift card account with $9 in value can be hacked and turned into a big headache. The company recently acknowledged that attackers were using passwords stolen from other websites to hack into its accounts and steal money from credit or debit cards linked to Starbucks mobile app.
Another option: Use made-up names and birthdays for websites where who you are really doesn't matter. Keeping your digital footprint as small as possible works to your advantage.
Read MoreHackers target Starbucks gift cardholders