3 Steps I Take to Protect Myself from Company Data Breaches

It seems like every month or so, I receive another letter in the mail, informing me that my data has been compromised in a company’s data breach. Often, the personal information stolen in the breach includes login credentials, phone numbers, addresses, social security numbers, and even driver's license numbers. With every data breach, hackers are obtaining puzzle pieces to either impersonate my identity or hack my other online accounts.

Keep in mind that by the time we receive a notification of a data breach, months may have already passed, during which a hacker could misuse our information.  It can take some companies a long time to figure out what has been stolen, if they even know that they have been breached in the first place.

With the increasing prevalence of company data breaches, we all need to take a more proactive approach to keeping our information secure.  Here are 3 steps I take to proactively protect myself from future company data breaches.

Strong and Unique Passwords

The first step I take is to make sure that all of my account passwords are strong and unique.

A strong password involves a complex combination of alphanumeric, symbols and upper & lower case characters. Length is an important factor.   Typically, a strong password contains at least 12 characters or more.

I personally use LastPass as my password manager.  The benefit of using a password manager, like LastPass, is that it helps me create and store complex passwords.  That way, I don’t have to worry about the specifics and also don’t have to remember the password, which can be tough when designing a truly complex password.

In the context of a company data breach, it’s really important to use unique passwords among various accounts.  If a hacker obtains login credentials containing username and password, guess what they will do?  They are going to try that username and password on other websites.

Reusing passwords is really dangerous, because a leaked username and password can lead to unauthorized access as hackers attempt to login to other websites using that same username and password.

Use 2-Factor Authentication Everywhere Possible

The second step that I take is to use 2-factor authentication everywhere possible.  That way, if my password is stolen in a data breach or data leak, attackers still need that 2nd factor of authentication to access my account.  This might be a lifesaver in preventing unauthorized access to my accounts.

Also, we all carry phones around with us all day anyways so, the hassle factor of using a 2-factor authentication app or SMS authentication is relatively small.

Credit Monitoring

When hackers obtain my personal information they may try to impersonate me by attempting to make modifications to my existing accounts or open new accounts.

To help monitor this, I use credit monitoring to watch for changes to my credit accounts.  This includes notifications for new credit accounts created in my name with my social security number.

There are a lot of credit monitoring services available.  I simply use Credit Karma’s free credit monitoring service.  They send a lot of email, but they do send notifications when changes are observed with my accounts as reported to credit reporting agencies.

Free annual credit reports are available from each of the three credit reporting agencies (Experian, Equifax and Transunion); however, I think it’s important to continually monitor credit accounts for any changes.

Freeze Credit

A better solution to credit monitoring would be to just freeze my credit at each of the credit reporting agencies.  This is not something that I have done personally yet.  However, I think it’s a great step and I plan to do this in the near future.  

Freezing my credit might create some new hassles including unfreezing my credit accounts to apply for new credit such as buying a car, house or getting a new credit card.  However, my rationale is that these company data breaches are an ongoing problem, so it’s just a matter of time before someone tries to use my social security number to open an account in my name.  I’d rather deal with the hassle of unfreezing credit accounts versus dealing with the fallout from unauthorized accounts being created through identity theft.

Additional Thoughts

These are three of the security practices that I use to help protect myself against future company data breaches.  Note that none of these security practices prevent the data being stolen in the first place.  The sad news is that nothing we do will prevent that, because once we give up our information to a company or service, we are largely entrusting our data to that organization's security practices and defenses.

Before we give companies our information, we need to ask ourselves if we trust them to keep our data safe and monitor for intrusive hackers.  Also, do they really need the information that they are requesting?  We must be prepared to accept that any information we give a third-party could be stolen or leaked in a data breach.

If interested in being more proactive in your approach to your online security, then check out our Free More Secure in 5 Challenge.  In just 5 days we’ll help you set up some foundational security practices to help protect you and your accounts.