How do you protect your financial and personal information in the age of digital? I often get asked this question from friends and family and this post is my answer! I’ll keep updating it as I learn more so you can refer back here for the latest and greatest tips I have.
As a consumer, our online presence seems to grow daily with new user accounts, new content on social media sites, new search history, and new activities like online shopping. Criminals want your money or your identity and they keep getting more clever. There are literally warehouses full of people in India trying to take your money. That Nigerian prince that needs you to “deposit money for them” is probably really in Nigeria, but they are definitely not a prince. Taking your money is their job, and it’s hard for our government to shut them down when they’re in another country so the threats persist.
Below are some things I recommend to secure your data, finances, and identity online. Some of these may sound like common sense, but you would be surprised - if the criminal catches you at the right time and you’re not careful, you will unknowingly fall into their trap.
Most of these topics could be blog posts alone, and fortunately there are lots of really nice blog posts out there already. I’ll put reference links to some of the best articles for the points below. I’ll cover a few different categories:
- Protect Your Credit
- Passwords and Account
- Avoid Criminals
- Online Behavior
- Computer / Phone Protection
- Physical Home Security
- Personal Data & Online Activity
*Disclaimer – these are my opinions and ideas I have learned or researched, but there may be better ways or updates to these ideas. You may follow all of my recommendations and still become victim to theft, but I believe these steps will reduce your risk.
Protect Your Credit
1. Monitor your credit reports at least monthly
Check if your bank offers free credit report monitoring. If not, try CreditWise by Capital One. Set it up to alert you when there are changes to your score.
If you see any accounts that you didn't know about, you may be victim to identity theft.
These reports are also really helpful to understand the positive and negative factors impacting your credit and what you can do to raise it.
2. Freeze your credit at Equifax, Experian, and TransUnion.
Your social security number and personal information is probably sitting on a criminals hard drive somewhere. Freeze your credit at the top 3 bureaus and get some peace of mind.
Check if your social security number was compromised by the Equifax breach in 2017 here. Over 80 million people were impacted, including myself and my wife, so chances are good yours was too. At this link, scroll down half way and click the red "Am I Impacted?" Button to see.
It is a bit of a hassle to freeze your credit but I think its worth the security. You can do it at each bureau's website in less than an hour. Once they're frozen and you want to apply for new credit, you will need to unfreeze it temporarily for a time period or for a specific lender for each bureau that the lender uses to check your credit report.
3. Do I need identity theft protection?
If you freeze your credit, you don’t need this. If you don’t want to freeze your credit, this is better than nothing, but its reactive, not proactive, so all you’re paying for is help restoring your identity if theft happens.
4. Check your credit card statements every few days
Look at every credit card you have every few days to look for transactions you don’t recognize.
No matter how careful you are with your credit card number, it's usually only a matter of time before it gets compromised. Be on the front end and detect it early to freeze it before the criminal racks up too many charges.
5. Use your credit card for everything, not your debit card
Let the criminals take the credit card company’s money, not your money. Its easier to dispute, and protects your hard earned money. Also earn rewards!
If your credit card is compromised, the criminal is spending the credit card company's money. You never actually used your money for that transaction (unless you already paid it off). When a debit card is compromised, the criminal is using your money. It is a lot easier to dispute a credit card transaction versus getting your financial institution to refund your bank account.
Passwords & Accounts
1. Use a different password for EVERY website you use. Yes, EVERY site.
I can’t say this enough, if you value your money and your personal information, use a different password for every website. Go update all your existing logins to reflect this!
Websites have data breaches all the time. We hear about the big ones on the news, but the small companies get hacked too. Once your email and password are compromised on one website, that same combination can be used anywhere else you used it to login. A criminal may get your login information from a data breach at arandomwebsite.com, then go try it out at all the financial institutions, social media sites, email sites, etc.
If you're not going to listen to this advice, you’re putting yourself at risk, but at least have a unique password for financial websites and email accounts.
2. Make your passwords more than just a combination of a few words
Brute force attacks can go through a dictionary and combine words to attempt to find your password. “danreds” and “danreds3” are not good passwords, “dAnRedS45!21” is much better, and “23R3fr^!fRho98u7Y&f34b7” is even better.
Password managers are great for creating strong, unique passwords. I love 1Password's feature to generate a password by specifying the length, number of symbols, number of digits, etc. You can use 1Password Mini to generate a password as you're signing up for a new website on your laptop without skipping a beat!
3. Use an encrypted password manager
Subscribe to 1Password and use it to store passwords securely - download for iOS, Android, Mac, Windows!
These are really helpful at remembering all those darn passwords, and they can be helpful in generating new, random, secure passwords.
For your password manager, print off your master password and account key and put it in your safe.
Use a strong password for your master vault password, but not too hard to remember because you need it everytime you want to get a password from your vault.
4. Delete all of your Yahoo accounts
Delete your Yahoo email address and sign up for a Gmail account.
Yahoo has had 3 massive hacks since 2013 and keeps losing personal data including passwords. Criminals can buy your login information and then go try it somewhere else.
5. Setup recovery options for your email accounts
Add a second “backup”/”recovery” email and a mobile phone number to each of your email accounts.
Many email providers like Gmail allow you to provide a seconary email address and a phone number. These can be used to help you recover your account if it is compromised or if you forget your password. Email is the gateway to resetting your password at most sites, so this is important!
6. Enable 2 factor authentication on all important accounts
Passwords get stolen, add another layer of security by setting up 2FA on all important accounts (email, financial, personal data).
2 factor authentication allows you to specify an email address, or even better a phone number, and will receive a code every time anyone tries to login to your account. Put the code into the website and continue to login.
This is really important for bank accounts and email accounts where a compromise can mean financial loss.
Not covered above, go to all of your bank accounts, 401k accounts, etc and do the same.
1. Install a call blocker app on your phone
Install Mr. Number on your phone (iOS and Android) and set it up to block known scammers and provide a heads up warning for possible scammers.
I get 2-4 scam calls a day. Sometimes they want my opinion on a political survey, sometimes they want me to give them enough information to steal my money. I'd prefer them not to be able to contact me, so installing a spam call blocker app seems like a must have!
There are dozens of call blocker websites and they'll tell you if an incoming call is a known scammer. Some will allow you to choose to let those go straight to voicemail too. Set it up to block known scammers, otherwise let it alert you when suspected scammers call.
These apps also usually have a phone number look-up, so you can check if a number you're going to call has been reported by another user as fake.
More: Mr Number - Android
2. Don’t use a contact number for a company unless you found that number on their website
Only contact a company through a form or phone number found directly on their website, and not submitted by a user (for example don’t use a number from a Facebook post about Facebook’s contact information). Don’t search Google for a contact number for the company.
There are loads of phone numbers that come up as the #1 result on Google for a company's phone number that lead you right to someone trying to take your money. A lot of large online companies like Facebook / Yahoo don't have a phone number (or even a way to easily contact them).
If you're unsure, put the number into Mr. Number's phone number look-up, or Google the phone number and see if others are reporting it as spam. If the number doesn't lead directly to a page on that company's website, it is probably fake.
3. If anyone calls or emails needing personal information or money, hang up or delete the email!
If you get an email from any company asking for more information, don’t click the link in the email. Instead, go to the site yourself and login to see if they really need it. If you get a phone call from your “bank”, “the IRS”, or “Microsoft”, hang up and call back using a number you trust, not one the caller provides.
I can't think of any reason a company would need to call you to get money from you or to provide them more information. The most likely form of contact would be a letter in the mail (if it is a government agency) or possibly email, but be very skeptical of these types of emails.
This includes things like the IRS coming to arrest you for back taxes, Microsoft reporting your computer is infected, and credit or collection agencies claiming you owe money. It may sound obvious, but if they have the right timing, it may sound believable at the time.
Your behavior drives your risk of getting impacted by a scammer, virus, etc. When I was a kid, I always fell for the “too good to be true” scenarios trying to download free video games and ended up needing to reformat by computer often to clear out my newly downloaded virus. Fortunately that was before I stored personal information on my computer and made online transactions, so there wasn’t really much to lose. This happened 2 or 3 times when I was young, but once I learned and improved my behavior, I haven’t been impacted by a virus/malware/scammer in the last 15 years. Now, your entire life is online, and you have much to lose.
This isn’t a comprehensive list, but in general you are usually responsible in some part for getting tricked by a scammer so start thinking like a criminal and be skeptical when something doesn’t feel right or is “too good to be true”.
1. Look at URLs of websites you’re at before entering passwords or data
The website you are on might not be the website you think it is. Check the URL that your browser is pointing to.
Scammers are getting good at mimicking websites and tricking you to visit them then enter your information.
Ask yourself: how did I get to this website? Was it through a Google search, or did a click a link on nbc.com?
2. Don’t put in social security number or credit card information on any site that is http:// - make sure it is https://
Look at the beginning of a URL before entering ANY financial or credit card data to make sure it starts with https://.
https:// encrypts your data over the wire so it is harder to compromise.
3. Don’t Click Suspicious Links
Treat everything as suspicious. This goes for links in emails, on websites you trust (like in an ad), links in messages from friends on Facebook, etc.
You know those interesting stories on your favorite news site lining the sidebar, mixed throughput the article you're reading, and at the end with plenty of suggestions on what to read next? Don't click those!
If something pops up on your computer saying that a virus was found, that you need to pay to continue subscription for something, etc, it is likely not real!
On a computer, hover your mouse over a link and look at the bottom of your browser, it will tell you where the link goes. If the beginning of the URL shows a different URL than the one at the top of your browser (the site you're at), you are going to a link outside of the site.
Advertising is the way most websites make money, and ad sections on sites are everywhere. Although a lot of these advertised articles seem harmless, they have been known to lead to phishing sites that trick you into giving them your data or your money, or malicious sites that install something on your computer using an exploit so that they can steal your data later.
1. Turn on Network Security on your router or Buy a Network Security Device
Buy a Cujo Network Security Device.
If you have spotty WiFi, buy an eero router and subscribe to eero Plus for bonus security & subscriptions to 1Password, Malwarebytes, and Encrypt.me.
Your WiFi may not be secure, which is where you do all your online banking, put in your credit card information, etc.
If your router has network security built in, enable it! Here is a guide to a few of the things you can do with your router's network security.
For example, if you have an Asus router, a lot of them ship with AiProtection but it may be turned off, so turn it on and get features like attack protection, malicious site blocking and infected device detection.
Buy a network security device to protect your home WiFi like the Cujo.
2. Make sure your WiFi password is secure.
Don’t just use an old phone number for your WiFi password. Treat it like any other password.
If a criminal is able to compromise your home network, they can monitor all of your traffic. If you like to keep it simple for guests to get on to when they come over, check if your router has a guest network. Your ISP can tell you if there is one and help get it setup.
3. Don’t connect to public WiFi networks without a VPN client
Buy a VPN service like NordVPN or Express VPN and install it on all your devices (phones, computers, tablets).
Public WiFi spots get compromised, then a criminal can view the internet traffic on that WiFi network. This means they can see everything you're doing and everything you're typing into websites.
Install a VPN client on all of your devices and set it up to auto-secure untrusted networks. When you connect to a public WiFi network, the VPN should automatically start encrypting your traffic, making it harder to see.
Computer / Phone Protection
1. Stay up to date on software!
When your phone or computer operating system prompts you to download and install an update, ensure it is really from your OS, and after confirming, do it!
If you're on an iPhone and see the red (1) on your settings app, it probably means you have an update ready.
Equifax's 80 million+ user compromise of social security numbers & personal information occurred because they didn't update their systems after a known vulnerability was exposed. The exploit was found and fixed, then 2 months after it was fixed Equifax still hadn't updated and then the data breach occurred.
2. Switch your browser to Chrome on your phone and computer
Google frequently updates its database with known malicious sites and will stop you from going to them accidentally.
Chrome is on the leading edge with security compared with Internet Explorer, Edge, Firefox, etc. They also auto update Chrome once installed, so you don't have to do anything to stay secure.
More: Download Google Chrome.
3. Antivirus / Firewall Apps
As I mention in the Behavior section, your behavior usually leads to your phone/computer getting compromised. If you work on your behavior, you shouldn’t need anti-virus programs, but extra protection never hurts.
It depends on your OS, but make sure you have the device/computer password protected with a good password. If you think you could have been compromised, download Malwarebytes and Avast and run them (or run your own anti-virus / anti-malware programs).
Here are some general rules I use myself:
- Windows comes with a firewall and anti-virus (Windows Defender) which does a decent job protecting your desktop/laptop. Malwarebytes and Avast are great application to download and run when you think your computer may be compromised.
- Make sure your user account has a decent password. If you think your computer might be compromised, download Malwarebytes and running a scan.
- Put a password lock on your phone
- Don't download random apps you've never heard of. Sometimes malware gets onto the App Store and it is usually in utility apps like Flashlight apps.
- Put a password lock on your phone
- Try an app scanning program like Malwarebytes / Norton / etc, which scans websites you try to visit or apps you download from Google Play. Android is known to be looser with app approvals and infected apps slip into the store more than iOS.
Physical Home Security
1. Get an alarm system
Get a security system that you can install yourself. You could save hundreds by reducing up front install costs/upcharges, unnecessary high monthly monitoring fees, and 2-3 year contracts you can’t get out of.
2. Consider Security Cameras.
I really like Arlo wireless cameras - they record videos when they detect motion, upload them to the cloud, and notify you on your phone so you can see what is happening when you’re away.
Security cameras aren't just for gas stations and crime solving TV shows anymore. There are now cost effective ways to monitor your home while you're away. If you want to know what is going on around your house while you're at work, consider buying a couple cameras. I like having all my doors covered (front, side, back) and any other areas someone may be creeping around.
Your alarm system company probably offers security cameras too, but I found that mine (FrontPoint) were over double the price of Arlo and not as well reviewed.
Personal Data & Online Activity
1. Nothing is free, accept it!
If you’re going to use free services, you’re paying for it somehow, and in many cases it is by giving them data about your online activity and your interests so that their advertisers can sell you something.
Google, Facebook, Amazon, Microsoft, etc, etc, etc, are all selling your data between themselves and to other companies. The purpose of this is marketing, so that consumers of that data can get a better picture about what your interests and needs are and sell you a product that meets those. Some people get scared about this, but generally these companies aren't selling your data with your name attached, they're linking you by your accounts, IP addresses, and advertising identifier.
Before you get upset, remember: they are building a product for millions of dollars and giving it to you for free. You are "paying" for this application by letting them try to sell you products they think you want. Personally I like this; some of the coolest birthday gifts I've received came from my wife's Instagram account.
If you are concerned, there are ways to limit the amount of sharing done by these companies. On iOS and Android there are ways to block products from using your advertising identifier to track you across sites. You can disable these:
You can also use private browsing to limit an advertisers ability to track you. You can use Chrome and open "Incognito Tabs" which limit tracking.
Whew! That is a lot to consider.
If you’re behind on securing yourself in this digital age and feeling overwhelmed, I recommend starting with these 5 items:
1. Freeze your credit
2. Change all of your password to be unique
3. Get a VPN and install it on your phone
4. Secure your Router or Get a Network Security Device like Cujo
5. Be smart! Just remember: there are warehouses full of criminals trying to scam you. If it feels wrong, or seems too good to be true, it probably is.
If you can tackle these, the rest can be done slowly as you have time!