This blog is part of a series featuring SAFE experts who appeared on ABC 10's Your California Life. You can watch SAFE Credit Union Chief Information Officer Mike McCarthy's appearance here.
The recent news on ransomware attacks on companies and organizations is alarming and a good wakeup call for everyone to go over their personal security. There are some simple steps and habits to get in to in order to keep your information safer.
Use strong passwords, at least 10 characters in length and with complexity. Include uppercase, lowercase, numbers, and special characters whenever possible. Any password with fewer than 10 characters is guessable by modern hacking software within days or weeks.
Don’t use the same password for multiple accounts.
Monitor your accounts on a regular basis.
Set alerts on your accounts to monitor activity.
Close accounts you’re no longer using.
Keep your address and contact info up to date with your credit union, bank, and credit card companies so they can alert you of any suspicious activity.
Run and keep your antivirus software current on your personal computer. Standard antivirus programs still block most common attacks on personal computers. Most of the top antivirus providers offer protection for less than $50 a year.
Set alerts on your accounts
To monitor your banking account activity, enable alert functions for your bank accounts and credit and debit cards.
At SAFE, we offer customized account and card transaction alerts that will send you a mobile app push notification, a text, or an email every time a purchase is made over a selected amount on your cards. SAFE members can set this as low as a penny on any transaction type, including card not present. This is a great way to catch fraud charges almost in real-time and report the activity to your financial institution before it gets worse.
Monitor your credit reports
Monitor your financial activity by getting your credit report from the three major credit reporting agencies. You get one free report from each of them a year, so if you space it out each quarter, you could get three free reports a year. If you know for sure you will not be applying for any major loans for the next few months, lock your credit with all three major credit reporting agencies. Equifax and TransUnion offer free credit locking and easy to use mobile apps. Experian charges a monthly fee, but comes with other perks like credit monitoring and $1 million in identity theft insurance.
Use two-factor authentication
Use two-factor authentication whenever it’s offered. The most common type of two-factor authentication involves you inputting a password and then typing in a one-time code sent to your mobile device or email. If any of your banking accounts asks you to select whether the device you are logging in from is “public” or “trusted/private”, always select “public”. This ensures two-factor authentication is required every time, from every device.
Use strong passwords
Generating and remembering a strong password can be challenging. I recommend using personal hobbies to give you a better shot at remembering a complex password. This also keeps you from generating passwords with publicly available information, like your address, phone number, etc. For example, I have two young boys. When I’m not at work, I’m spending time with them. So I usually base my passwords on their current hobbies. They are really into Pokémon right now, so I use some of our favorite Pokémon names mixed with uppercase, lowercase, numbers, and special characters to generate a strong 10-character password that I can remember.
Having a unique password for every account you have can be tough these days. We have so many accounts, from video streaming to online games and online banking logons. The best option is to leverage a password vault, especially the built-in password vaults available on your mobile device. Most password vaulting applications have built-in strong password generators, too. Once you have set a unique password for an account, enable biometric options in the account settings so you don’t have to remember the password every time. If you do nothing else, I recommend you use a unique, strong password for each of your banking accounts. There is certainly more risk on those accounts.
Another way people can get your information is through scams and phishing attempts. Scammers are always on the hunt for your information, and will try to get you to turn it over by using emotion, such as fear of arrest or legal action, or the joy of winning a sweepstakes. Others may be more mundane messages about package deliveries or an account that will be turned off unless you share certain information.
Scammers may reach out to you by text, email, and phone calls.
Some clues that someone is trying to scam you include:
- Creating a sense of urgency or emergency
- Saying you need to pay a fine or bill using a pre-paid card
- Asking you for your bank account or credit card information
If you suspect you are being scammed, hang up or stop engaging with texts. Look up and call the organization at their publicly listed number to validate whether the information request is real or fake. If you have been scammed, report it to the Federal Trade Commission at reportfraud.ftc.gov. You may not get your money back, but your information could help protect you or others from future scams.
The tech world continues to change and evolve, and it’s important to keep up with the changes. But the basics for protecting your information remain the same: use secure passwords, monitor your bank accounts' activity, be on alert for scams, and share personal information only with those you trust. Most hackers look for easy targets. Following the basic best practices of personal information security will stop hackers in their tracks.