There are two types of people in the world, says Jerry Irvine, cybersecurity expert and CEO of Prescient Solutions — people who know they’ve been hacked and people who don’t. If you’re the latter, visit HaveIBeenPwned.com and type in your email address — it’ll tell you if you’ve been part of a past breach and, if you sign up for alerts, let you know if and when you’re part of a future one. Just to put it in perspective: 554 million data records were lost or stolen — from 74 publicly disclosed data breaches — in the first half of 2016 alone, according to the Breach Level Index (BLI). The good news, Irvine says, is that hackers are ultimately lazy beings. They’ll likely move onto an easier target if you use a few safeguards.
Here’s what you need to do:
Pay with mobile.
When you’re at the register, opt for mobile payment (like Apple Pay or Android Pay) over swiping your plastic, says Heather Battison, vice president of TransUnion. It’s safer because your card information is stored and encrypted within your mobile device.
Use multi-factor authentication.
Multi-factor authentication goes beyond just a username and password — it’s “something you know plus something you are or have,” says Timothy Zeilman, vice president and council for Hartford Steam Boiler Inspection and Insurance Company (HSB). You have a password, but you’ve also given the website another way to reach you, like a cell phone number that it’ll send a verification code to. That way, the site knows you’re the person who knows the password, but you’re also the person who has the trusted device. This is a security feature available on many financial websites and apps, but you might have to go into your settings in order to activate it. (It’s a good idea to take a second and turn it on for your financial accounts as soon as you read this; then you never have to do it again.)
Stick to home Wi-Fi for financial transactions.
Whenever you’re transacting, either opt for your phone’s built-in 4G or wait until you’re at home with your own personal network. With public Wi-Fi, there are many ways hackers can get between you and your intended destination and act as a “middle man” when it comes to transactions and communications, stealing your information under the radar. Note that this goes for any type of widely used Wi-Fi, even if it’s password-protected — waiting until you’re home is a better idea. It’s a lot less likely that someone will park a van outside your apartment and compromise your own personal network, says Zeilman.
Download antivirus and firewall software.
If you use your computer for any sort of financial transaction, it’s vital to have antivirus and firewall software as baseline protection. Without antivirus software on your computer, it only takes 5 to 10 seconds to hack you, says Irvine. An antivirus program “looks for particular software signatures of malicious code that can get on your system and do damage,” says Zeilman, while firewall is an end-point security system that acts as a filter and only allows through “legitimate” traffic. (Think airport security for your computer.) It’s likely that either your router or computer has some sort of built-in firewall protection, and you can also consider buying and installing antivirus software (usually anywhere from about $20 to about $60) or an antivirus/firewall package (usually called a “security suite”) from a company like Symantec, McAfee or Norton. PCMag has a list of the best antivirus software — for maximum security, click through directly to the software sites instead of Googling to avoid visiting a illegitimate “copycat” website. Once you download your chosen software, it should walk you through the installation process. And if you’re very concerned, you can always have a dedicated device at home that you only use for financial transactions (like a tablet or iPad) to avoid picking up any malware around the Internet.
Keep that software up to date.
Remember the worldwide ransomware attack that made headlines a few weeks back? Hundreds of thousands of devices’ files were encrypted (made unreadable) and held for ransom in exchange for payment. Here’s the kicker: It only affected computers with out-of-date software — Microsoft had provided a security patch against it in March, and people who downloaded it weren’t affected. We’ve all clicked “Install Later” when those reminders pop up, so it’s important to go ahead and turn on automatic updates for your software on all devices — you can do this by visiting your settings. We’re talking phone and computer — anything you use for financial transactions. “Providers make it easy,” says Fritz Robbins, chief technology and information officer at Personal Capital, a security company-turned-personal wealth manager. “Flip the switch and say auto-update all software.”
Choose smart passwords.
Finally, your financial accounts deserve topic security, so even if you use similar passwords for other sites, choose unique passwords for these. (You don’t want them to be the same as your Facebook password.) The best hack for this is using a password manager, which stores all your login information for different sites in an encrypted fashion. (That way, you only have to remember one login.) Robbins recommends the aptly-named Password Manager app, which “takes the headache out of it and lets you generate strong passwords but not have the burden of remembering or writing them down.”
With Hayden Field