13 tips to avoid a data breach


At Bankrate we strive to help you make smarter financial decisions. While we adhere to strict , this post may contain references to products from our partners. Here’s an explanation for

The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired.

2014 might as well be called the year of the data breach.

Large retailers, including Home Depot, Staples and Kmart, all had their systems infiltrated over the past 12 months. Big banks and health care providers weathered similar storms and, most recently, Sony Pictures suffered a cyberattack that saw everything from embarrassing emails to sensitive employee data compromised.

Don’t expect these cyber onslaughts to slow down anytime soon.

“Sony is just a precursor for more of that type of activity,” says Michael Bruemmer, vice president of the data breach resolution group at credit bureau Experian. He predicts the U.S. will see a “continuation of a large number of breaches,” as well as “bigger, larger events” perpetrated by “state-sponsored teams” in this new year.

Sadly, short of moving back to cash or going off the grid, there’s no surefire way to guarantee you won’t be affected by these incidents.

Given how prevalent data collection has become in our society, consumers are largely “dependent on (the security)” of merchants and other third parties that collect and store personal and payment information, says Patrick Peterson, founder and CEO of data security solutions provider Agari.

Fortunately, there are steps you can take to minimize the odds of being breached. There are also steps you can take to help ensure you don’t suffer any consequences, should thieves get their hands on your data.

13 ways to avoid a data breach:

  1. Limit the number of third parties you give your information to.
  2. When shopping online, make sure payment Web pages are encrypted.
  3. Do not click on links in emails that are unsolicited or suspicious.
  4. Limit the websites you use that allow you to keep your credit card information on file.
  5. Limit the type of information legitimate companies keep on file.
  6. Don’t overshare on social media.
  7. Frequently change PINs and passwords to personal accounts.
  8. Create strong passwords with at least eight characters — a number, a symbol, a lowercase and uppercase letter and even misspelled words.
  9. Upgrade your card to a more secure payment method.
  10. Test out alternate mobile payment platforms that use tokenization.
  11. If you think you’ve been breached, sign up for credit monitoring.
  12. Put a freeze on credit accounts if you think you’ve been breached.
  13. Monitor all financial accounts for suspicious charges.

Online vigilance is paramount

For starters, while it can be difficult to keep your information under lock and key, you can limit the number of third parties you readily turn it over to.

Be particularly vigilant with payment information while shopping online. Scammers will often create fake websites to coerce credit and debit card numbers, expiration dates and verification codes from consumers.

“We all have street smarts to some degree,” Peterson says. “We have to bring that to the Internet.” One place you can be diligent is in the address bar. Before making a purchase, check to see if a website is encrypted by looking for the company name and a little padlock insignia next to the URL, he says.

If you get an email that appears suspicious or was unsolicited and links to a website, refrain from clicking. Instead, type the company name or email address directly into your Web browser and search for the offer via the legitimate site.

And limit the websites that you allow to keep your credit card or debit card information on file.

“The hackers and identity thieves know people want convenience so they’re going to leave their cards on record” at major online retailers, says Steve Weisman, a professor at Bentley University and founder of the blog Scamicide.com.

Just say no

You can also limit what types of information you allow legitimate companies to keep on file. Health care providers and universities, in particular, are apt to ask for sensitive personal information, like a Social Security number on applications and registration forms.

But “you should never just automatically fill that out,” given how readily thieves can steal your identity once they have your Social Security number, says Becky Frost, senior manager of consumer education for Experian’s ProtectMyID. “You want to ask … what’s this going to be used for?”

You should also ask if giving a piece of less sensitive (and ultimately changeable) information, like a driver’s license or health insurance plan number, is an option.

“We sometimes give in too quickly,” Weisman says. “It’s an uphill battle, but you can win a few of them.”

Finally, be careful not to overshare on social media.

Savvy thieves can use the bits of information you make public on Facebook, Twitter or LinkedIn, for instance, to overcome challenge questions on your financial accounts or to fill in the blanks as they move to steal your identity, says John Buzzard, FICO card and ATM security expert.

Before posting on social networks, ask yourself: “Is it truly necessary to show the world points about yourself?” he says.

Data Security Spring Cleaning 101

Don’t underestimate the value of changing your card’s personal identification number, or PIN, along with any passwords associated with your financial and personal accounts.

“If you haven’t changed your PIN or your passwords in a few years, you’re kind of in that danger zone,” Buzzard says.

Strong (and dynamic) passwords can preclude thieves from logging in to and emptying out financial accounts. They can also prevent access to personal email or social network sites that can provide more information to identity thieves.

“Pick a day and change your critical passwords,” Buzzard says.

A solid password contains at least eight characters, one number, a symbol, a lowercase and uppercase letter and even intentionally misspelled words.

“Bigger is better with a variety of things that have absolutely no attributes that pertain to you,” Buzzard says.

During this year’s password change, you can also look into upgrading to a more secure payment method. Major card issuers and many merchants will be upgrading payment cards and point-of-sales systems to include and accept EMV-chip technology ahead of new network rules set to go into effect in October 2015.

These chips are less susceptible to counterfeiting than traditional magnetic stripe cards, at least when used at a cash register, since the chip’s security code changes with every purchase. They won’t eliminate fraud entirely, especially since they currently can’t be used when purchasing items online, but “the sooner you can get one … you’re ahead of the game,” Weisman says.

You can call up your issuer and ask if you can upgrade your current payment method of choice to include an EMV chip. You can also test out alternate mobile payment platforms, which offer enhanced security through tokenization.

Breached: Now what?

If you are notified that you have been involved in a breach, “don’t panic,” Buzzard says.

Instead, read through all the materials about the breach carefully. If the company is offering free identity theft monitoring, be sure to sign up. You may also want to pull a copy of your credit report to double-check that no unauthorized activity has already taken place.

If you notice anything out of whack — like applications for loans or credit cards you’ve never applied for — “put a credit freeze on your credit report,” Weisman says. This will prevent future applications from going through without you knowing.

Similarly, monitor all financial accounts for suspicious charges and call your issuer to dispute the charges and have the card replaced, should any appear. And change your passwords across accounts to ensure that thieves don’t get access to more personal or payment information.

“You have to be vigilant all the time,” Bruemmer says.