via Data breaches becoming all too common, clarionledger.com
A decade or so ago, the term “data breach” was unfamiliar to most of us. That’s changed dramatically in the past couple of years. We have gotten used to hearing about bigger-and-bigger thefts of consumer information, each more audacious and troubling than the last. And because there are so many incidents reported every day, it takes something really, really big to get the attention of the media.
Last week, we passed a milestone in this regard as Yahoo, one of the biggest players in the e-commerce world, announced that more than a billion of its e-mail accounts had been compromised more than three years ago. That announcement was on the heels of a September revelation that data thieves had made off with information from 500 million accounts in late 2014 in a different data breach.
Consumers with Yahoo addresses have been warned that passwords were likely compromised in the attacks (but no direct financial information). Still, the amount of information that was lost could be used for identity theft and other nefarious purposes. Many experts have concluded that consumers are increasingly vulnerable. PC World Magazine issued this stark advice for consumers: “If you’re a Yahoo user,” wrote blogger Lucian Constantin, “you should consider your password compromised and should take all the necessary steps to secure your account.”
As the announcement was being made, Mississippi Attorney General Jim Hood sent out a news release, warning Mississippians to remain vigilant. “Our personal information is becoming increasingly vulnerable to hackers, so we must stay vigilant about our online habits,” Hood said. “We can no longer have the expectation that sensitive data will be secure on the internet, so it’s up to us as consumers to be cautious, stay informed and take action to protect ourselves when incidents like this occur.”
In past columns, I’ve written about various topics surrounding internet security. In most cases, a secure password remains key in helping thwart identity theft. We may not like to go through the hassle of changing our passwords frequently, but it’s crucial. And since the approaching new year is a good time to think about changes, it’s also a good time to adopt this habit. Unless and until we have some better ways to ensure our security, we’re going to have to live with passwords.
Hood noted that Yahoo users should use extra caution. Here are a few of his suggestions:
- Consider “two-factor” authentication when using email or financial services online. This simply means that getting into your account requires at least two steps, such as a password and security code via a linked phone or other device.
- Avoid unsolicited emails that seek even more personal information or financial data. “Following a large-scale data breach, scammers may attempt to steal a consumer’s identity or access bank accounts by sending out fake notices,” Hood warned.
- Monitor financial accounts for any unusual charges or activity. Report unauthorized charges immediately.
Here are some other of Constantin’s suggestions from his great article in PC World:
- Don’t save emails you don’t need. Thieves could easily comb through archived emails and get clues to help steal your identity. While most of us don’t regularly clean out our email accounts since storage space is not an issue, it’s a good idea to go through past emails and delete them (and empty the “deleted items” folder).
- Check your forwarding settings. Once hackers get access to your email, they can go in and create rules that automatically forward certain emails. It may take a few minutes to locate the controls for these features, but turning off auto-forwarding can keep this from happening.
- Never reuse passwords. I know, I know … it’s hard to remember all those passwords, and having to enter a new password is a pain. But having unique and hard-to-crack passwords is necessary. Good passwords should be long, contain a mixture of letters, numbers, cases and symbols, and difficult to guess. One good habit is to intersperse symbols with similar letters. For example, instead of making your password “Mustang1”, instead you might want to use “Mu$tAnG1”. And unless you have an eidetic memory, you’ll probably need to use an app (or some other secure method) to remember them all.