As a consumer, it’s a good idea to occasionally revisit your online security and as a business to revisit that of your customers. With more and more major sites falling prey to our collective cyber nightmare, it would be just plain foolish to think any online account is hack-proof.
This week’s attack on Zappos’ customer database just reinforces the bad news: there’s no way to completely insulate yourself from cyber theft, unless you don’t own a computer or pretty much function at all in the 21st century. One of the inconveniences of having the world at our fingertips, from desktop to mobile, is that our data can be compromised. Instead of losing sleep, just know that one day, it may happen to you. The best thing you can do is be prepared and be smart. Here are a couple of security measures you can take right now so that if the convenience of being able to buy your favorite lipstick from your iPhone comes back to haunt you, it will be more of a phantom than a full-blown poltergeist.
Use Strong Passwords
But, you may wonder, what’s the good of a strong password if it’s been stolen? Well, in the case of the stolen password, not much. But if you use easily recognizable passwords, it may not be very hard for a thief to figure out other passwords that you use. For example, if you use your dog’s name as your Zappos password, what’s to say you’re not using your cat’s name as your Starbucks password? Your birthday on Amazon.com, and anniversary on Drugstore.com? And so on.
Sometimes breaking into your account is less of a hacking game and more of a guessing game. Making it easy for yourself to remember passwords will only make it easy for the criminals to guess your passwords – especially if they’ve already stolen other personal information.
Use a password management program that remembers passwords for you and stores them locally on your computer. That won’t necessarily help you if you’re trying to log into an account from your cell phone, but it’ll make it a lot harder for your passwords to be compromised. A little inconvenience may be worth the security. If that doesn’t work, devise a system that allows you to create and memorize strong passwords. Use a mnemonic device or some combination of uppercase and lowercase letters, numbers and special characters that you can memorize.
Don’t Use The Same Password For Multiple Accounts
Zappos suggested to its customers that they change the passwords to any other accounts where they used the same password as they did on Zappos. Once a thief has your name, email address and one password, it may not be all that difficult to break into another account using that same email address and password. Think about it: you’ve probably repurposed your dog’s name not only on Amazon.com and Starbucks, but on 1800Flowers, too.
It’s good practice to use different passwords across different accounts, especially if those accounts provide access to sensitive information. It’s not quite as devastating if someone discovers a password that you use on multiple forums or some social sites. Although you may not want someone posting as you, it’s fairly easily remedied (unless you’re a politician) but it can be much more difficult to undo the damage if your banking information or social security number is stolen.
Pay Attention To Small Credit Card Charges
I’m just as guilty of this: you get a credit card statement, and notice a charge here or there that you don’t quite recognize. You ask your spouse/significant other if he recognizes it. You both sort of shrug. It could’ve been that time you went out or that thing you wanted, and wasn’t there a holiday you needed a gift for? In the midst of 46 other charges, you’re pretty sure that $26.09 is legitimate.
Not necessarily. Sometimes criminals will charge small amounts with just that hope in mind – you won’t notice. For those of us who live on plastic, with a number of recurring transactions that often pass by unattended, this can be dangerous. Another red flag comes in the form of even smaller amounts – measured in cents rather than dollars. If you see a charge for 3¢, don’t shrug it off as too small to care about. Criminals will sometimes “ping” your card to see if it’s active. Before you can say “pennies”, that 3¢ could turn into thousands of dollars.
Get A Free Credit Report
The FTC requires that each of the three major credit reporting bureaus provide you with a free credit report once every 12 months. There’s absolutely no reason that you shouldn’t be requesting this. You can request the report from all three bureaus at once, or stagger them throughout the year. They are not guaranteed to be identical because they obtain their information from different sources, but they’ll give you a bird’s-eye on your credit activity.
If you notice anything out of sorts – a credit card you never owned or account you didn’t open – report it immediately. Just because you never noticed any fraud on your accounts doesn’t mean it hasn’t happened. Criminals may silently be using your identity to open accounts and make purchases in your name. That could really come back to haunt you if you fail to take action.
A word of caution: don’t be lured by offers for free credit reports. The FTC has authorized only a single site to provide these reports. Be smart and follow their advice.
Protecting Your Customers
It goes without saying that you should be just as vigilant with your customers’ sensitive information as you are with your own. Here are some basic security measures that you should have in place:
- Don’t store customer information in an unsecured location. That means no Excel document on your desktop with customer account credentials or heaven forbid on a thumb drive or other removable media. It means ensuring that your site is protected via a firewall and/or security certificate (SSL). Yes, Zappos and other retailers have a slew of security measures in place and hackers still got around them. But failing to take these basic measures is simply asking for trouble.
- Don’t send sensitive data via email. It is not secure.
- Require account holders on your website to create a strong password. You can restrict password entries to a minimum number of characters, with requirements for uppercase, lowercase and numbers.
- Be aware of the security measures in place on servers where your site is hosted. Does your hosting provider monitor and protect against attempted intrusions? Depending on the nature of the data you’re storing, you may want to ensure tighter security controls and monitoring.
- Don’t ask for more information than you need. It may be convenient to keep credit card numbers, but do you really need to? Go with the bare minimum you need to conduct business.
- Have a good insurance policy. If you ask for and store sensitive customer information, you should talk to your insurance rep about a good policy that will protect you in the event of a breach.
Theft and intrusions are an unfortunate reality of doing business online. Whether you’re a customer or a business protecting yours, be smart and be vigilant. It could happen to you, so it’s best to be prepared.