Expert Panel | Forbes.com »
Most consumers know not to use “password” as a password for their digital accounts, but while creating strong passwords is an important part of identity protection, it’s not the only cybersecurity effort that matters. Tech experts note that many consumers aren’t doing everything they could to protect the personal information and digital data they share and store online.
There are more tools available today to help us protect ourselves, and many of them are included within services or are available at little to no cost. Along with those proactive measures, there are risky behaviors that are easily avoided. Here, 10 members of Forbes Technology Council share tips to help consumers better protect their personal digital data.
1. Don’t Use Unsecured Wi-Fi
There are a few important rules that the average person might overlook. Do not use unsecured Wi-Fi networks. Do not follow suspicious links. Do not enter your personal data on sites you are not sure about. Do not use the same passwords to register for different resources and services, and change your passwords regularly. To simplify working with different accounts, use a password manager. – Vasily Voropaev, Smartbrain.io
2. Encrypt Your Data In The Cloud
The use of encryption, particularly for cloud storage, is all too often skipped. Consumers are storing their photos and bank statements on unsecure cloud platforms, while businesses use these for online collaboration. If your data isn’t encrypted, then it’s visible and accessible to your cloud storage provider, their employees and any potential hackers, posing both a security and privacy risk. – Nicolas Dupont, Cyborg Inc.
3. Leverage Multifactor Authentication And A Password Manager
First, you should always use multifactor authentication, everywhere. Secondly, you should create different passwords for each service you sign up for. If you tend to forget them, use one of the many available password managers. – Evgeny Kayumov, SOAX Ltd.
4. Avoid SMS-Based Multifactor Authentication
Multifactor authentication is grossly underutilized by the general population, and when it is in use, it’s generally set up using SMS. Text messages are not ideal for MFA, as they can easily be compromised via SIM swapping and social engineering exploits. Instead, users should opt for an authenticator app, such as those provided by Duo, Authy, Google or Microsoft. – Rashad Nasir, ThinkCode
5. Rotate Passwords
Rotating passwords—or at least choosing highly personalized ones—is something that’s often overlooked, as is opting for multifactor identity verification. Many consumers go for the minimum when it comes to verification to save time, but that can create a “path of least resistance” for bad actors who want access to your devices and personal information. – Rick Song, Persona
6. Use Passphrases
When creating or updating accounts, choose a long passphrase instead of a password. The longer the passphrase is, the harder it will be to crack. Ideally, you should aim to create passphrases of 16 characters or more. – Saryu Nayyar, Gurucul
7. Think Carefully Before Sharing Any Personal Information
Recognize that you’re trusting someone else with your personal information. As a consumer, it’s very difficult to get access to information, buy products or services, and so on without giving away some sort of personal data about yourself. Before signing up for something, ask yourself if what you’re signing up for is important enough to give your information to someone, knowing they want it for one reason only: to monetize it. – Lewie Dunsworth, Nuspire
8. Limit The Amount Of Personal Information You Share
The most important step to protecting your personal information is being thoughtful about where that information exists. In privacy circles, we refer to this as “data minimization.” Individual end users can apply the same concept by limiting the amount of personal data they share with external parties, such as social media sites, to only that information that is necessary. – David Stapleton, CyberGRX
9. Stay Away From Breached Companies
I take every precaution available to me, from minimizing the apps I install and avoiding sites such as Facebook and TikTok to running app-layer firewalls on my computer. Despite this, I get at least one breach notification a year from companies such as my bank, my ex-health insurer and my phone carrier. Until they do better, we’re all at risk. Vote with your wallet and penalize breached companies. – Patrick Walsh, IronCore Labs
10. Don’t Use Your Work Credentials For Personal Logins
A common mistake is an employee using their work email/password as a login for public sites such as airlines, utilities, social media and so on. These services get hacked regularly, and user/password databases inevitably end up being traded around on the dark Web. This is one of the most common methods hackers use to infiltrate companies with ransomware, as it is obvious which company the login belongs to (email@example.com). – Patrick Ostiguy, Accedian