Protect Your Data From Cyber Crooks

You can't prevent data breaches, but there are steps you can take to better secure your personal and financial information.

Padlock and credit cards on top of laptop
(Image credit: Getty Images/iStockphoto)

Recent high-profile government data breaches add to the long list of cyber attacks putting consumers' information at risk. Given the scale of such attacks, "you have to assume we're all going to be victims at some point," says Neal O'Farrell, security and identity theft expert at Credit Sesame, a consumer credit advice Web site. "The focus has to be on detecting it early and minimizing the damage."

Both the IRS and the U.S. Office of Personnel Management announced in recent weeks that they have been targeted by cyber crooks. The IRS said in late May that hackers had gained unauthorized access to information on roughly 100,000 taxpayers. And OPM said in early June that personal information of about 4 million current and former government employees may have been stolen. These attacks come on the heels of other large-scale data breaches in the private sector, such as at health insurer Anthem.

While consumers can't prevent data breaches, they can wrap some barbed wire around their personal information. Your first step: Change your passwords often, and make them complex. Services such as 1Password ( and Dashlane ( can help you generate strong passwords and change them quickly.

Subscribe to Kiplinger’s Personal Finance

Be a smarter, better informed investor.

Save up to 74%

Sign up for Kiplinger’s Free E-Newsletters

Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.

Profit and prosper with the best of expert advice - straight to your e-mail.

Sign up

If you don't want to use one of these password managers, O'Farrell suggests this trick: Think of a sentence about a memorable past event and pull out the first letter of each word, maintaining the upper and lower cases, and all the numbers. "I graduated from Springfield High School in May 1964," for example, would give you the password IgfSHSiM1964.

Next, ask your bank, credit card issuer and other organizations you deal with online whether they offer "multifactor authentication" -- a security system that requires multiple steps. After you enter your password, for example, a bank could send a text to your smartphone with a code that lets you access your account. That way, even if a cyber thief gets your password, he still will not be able to access your account because he won't have your phone. Besides big financial institutions, e-mail providers such as Google's Gmail and social media sites such as Facebook offer this security.

Keep a Close Eye on Your Accounts

Monitor your credit report and all accounts closely. Request a free credit report at Services such as BillGuard ( and Mint ( can help you monitor transactions across all your accounts. "Don't ignore small transactions you don't remember," says Becky Frost, senior manager of consumer education at credit reporting company Experian. Often, she says, a thief will make a small transaction to be sure an account is open before going further. "If it's something you don't recognize, alert your bank immediately," she says.

Don't rely on your bank to flag suspicious activity. Generally, "bank systems are set up to detect out-of-pattern spending," such as an Iowa resident making transactions in France, says Adam Levin, chairman of IDT911, which helps businesses prevent data breaches. But thieves can pair stolen account information with zip codes, so "as long as purchases are in the realm of what you normally do, banks may not pick it up,"

he says. "Look at your accounts on a daily basis."

Be stingy with the information you share online, over the phone or in person. Doctor's offices, sports clubs and other organizations may ask for your Social Security number as a simple way of identifying you, but in many cases, they really don't need this information, Frost says. Ask if they can use another identifier.

Online, "it's completely fine to post pictures of your cat" on social media sites, Frost says. "But make sure 'Fluffy' isn't the security question that unlocks your account." When using e-mail, don't click on links or call phone numbers contained in messages purporting to be from your bank or credit card company. Look at the back of your debit or credit card to find the phone number you should call.

Eleanor Laise
Senior Editor, Kiplinger's Retirement Report
Laise covers retirement issues ranging from income investing and pension plans to long-term care and estate planning. She joined Kiplinger in 2011 from the Wall Street Journal, where as a staff reporter she covered mutual funds, retirement plans and other personal finance topics. Laise was previously a senior writer at SmartMoney magazine. She started her journalism career at Bloomberg Personal Finance magazine and holds a BA in English from Columbia University.