Protecting your personal information—a cybersecurity checklist

[Updated article; original publish date October 31, 2022.]

1 Have you registered your retirement and other financial accounts?

You may think the best way to protect your accounts is to not register them online. After all, hackers can’t get into your online accounts if they don’t exist, right? Unfortunately, that’s not entirely true. If your personally identifiable information (birth date, Social Security number, and other personal information) has been compromised, hackers may be able to locate and register your accounts—setting their own passwords to keep you out. By the time you receive the next paper statement, the damage may already be done. Registering your accounts can help you safeguard them and quickly identify any suspicious activities.         

2 Are you following best practices for password security?

Your passwords are the door to your online presence, so you want to make it as difficult as possible for hackers to unlock them.

Use a unique password for each account

While it may be tempting to use the same password for everything, this approach can make you more vulnerable. If hackers were to get ahold of this password, they’d potentially have access to all your online information.

Create complex passwords

Simple passwords such as 123456 and those that contain personal information are easy for hackers to figure out. Strong passwords typically include:

• At least eight characters—the longer, the better
• A mix of upper- and lowercase letters
• At least one number and special character (!, #, $, etc.)—put them between letters instead of at the end for heightened security 

Each website you use will typically have its own password security rules that you’ll need to follow. Most will likely require some combination of the above. 

Change your passwords regularly

For many people, creating passwords is a one-and-done event—and that’s what hackers are counting on. As a general guideline, you should consider changing your passwords every three to four months. You should also update them immediately if you’re notified of a security breach. 

Keep your passwords in a secure location or use a password manager

Remembering multiple complex passwords can be a challenge. That’s why many people may resort to posting sticky notes on their computers or keeping a list in their desk drawer—neither of which align with prudent cybersecurity best practices. As an alternative, you may want to consider using a password manager, an online program that helps you store, create, and manage your passwords. If you decide to go this route, you’ll want to do your homework as a variety of password managers are available. If you prefer to stick with paper, you should keep your passwords in a secure location, such as a safe or lockbox. You’ll also want to make sure a trusted friend or family member knows the location in case something happens to you and they need to access your accounts.    

3 Are you using multifactor authentication?

If you’re not already, you should consider using multifactor authentication whenever it’s offered. How does it work? After entering your password, you have to provide additional information—usually a code sent to your cell phone—to verify your identity in order to access your account. Since it’s unlikely a hacker will have both your password and your phone, it can be a simple way to help strengthen your cybersecurity.

4 Can you recognize a financial or Social Security scam?

Even if you have all the right safeguards in place, you also have to be aware of scammers who impersonate financial institutions and government agencies, such as Social Security, to gain access to your money. 

Scammers use many methods to reach you and get your information—call, text, and email—and they’re getting better and better at seeming like the real thing. They can make the phone number or email look like it’s coming from an organization you trust. But there are a few telltale signs that it’s a scammer: 

• They usually say there’s a problem or a prize involved, but say you need to give them your password or other personal information to validate.
• Scammers tend to pressure you to take action right away, using several tactics to worry you and keep you from thinking it through carefully.
• They may ask you to either pay for something (such as special charges, shipping, restoring your account, and more) or to provide your credit card or other financial information to prove it’s really you. 

To help protect yourself from fraud and scammers:

• Don’t click on links in emails or texts. Go straight to the website for your financial institution or the government agency to make sure the claim in the email or text is real. 
• Don’t give your password or financial account information to anyone who calls you and asks for it, no matter who they say they are. Call the phone number on your credit card or the actual organization’s website and ask if the caller’s claim is real.
• Hang up the call if someone claims to be calling about a problem with your Social Security number or account.
• Don’t make a payment to someone you don’t know who’s asked for a gift card, wire transfer, or cash.

What to do if you think you’ve been a victim of fraud or if a scammer has contacted you:

• Report any suspicious calls regarding your Social Security account to oig.ssa.gov.
  
• Contact the financial institution the scammer was impersonating. 
• Report other scams to reportfraud.ftc.gov.

The Social Security Administration provides additional tips for you here.

5 Do you know how your financial institutions are protecting your data?

Your mobile devices, tablets, and computers aren’t the only way hackers can acquire your personally identifiable information. They can also get it by breaching the companies you do business with. Seventy-three percent of surveyed businesses have experienced a cyberattack.² Make sure you understand the protocols in place to safeguard your accounts, and your recourse if a breach occurs. If you don’t think a company is doing enough, you may want to consider moving your business elsewhere.

6 Are your social media accounts private?

Social media is a great way to stay connected with friends and family. It’s also a treasure trove of information that hackers can use to personalize their scams and figure out the answers to security questions. So be selective in what you post and the friend requests you accept, and consider keeping your accounts private.      

7 Do you know what info the apps on your phone can access?

Apps are fun, convenient, and helpful, but some may request permissions they don’t need, which can put your data at risk. Take some time to verify the settings on your apps and disable those that make you uncomfortable. And be selective about the apps you add in the future. Before granting permission, ask yourself whether an app really needs all the information it’s requesting. If the answer’s no, you may want to search for a comparable, less-intrusive one.

Protect yourself from prying eyes

The number of cyberattacks will likely continue to skyrocket, so don’t let your guard down. Be vigilant, and consider following the latest cybersecurity guidelines. Because when it comes to protecting your personal information and online accounts, the best offense is a good defense.

1 “Victims of Identity Theft, 2021,” Bureau of Justice statistics, 2023.  2 “The state of cyber resilience,” a report from Marsh and Microsoft, May 2022.