*This article was originally published on July 22, 2020. It has been updated for 2024.
While security breaches are nothing new, the tactics hackers use to access personal information are always changing. In the last decade, big names like Facebook-owned WhatsApp, Uber, Home Depot, Yahoo!, Marriott — and even credit reporting agency Equifax — have fallen victim. This year alone, AT&T, Ticketmaster, and Bank of America suffered large data breaches. And just last week, news of a massive data breach at background check company called National Public Data (NPD) was released. It was so massive, in fact, that it potentially included every American’s Social Security number.
Every day, we work with companies that we rely on to protect our information, and their being targeted and hacked is out of our control. That means personal data protection is key, and we should be doing everything within our own power to safeguard ourselves both online and via phisical data.
So much of the information data thieves steal is relevant to your financial life. And it goes beyond identity thieves opening credit cards and taking out loans with your name on them. It can also be as simple as unscrupulous advertisers using your personal information to intrusively push their products. As this area of security involves protecting data like your name, address, email, credit card and pin numbers, and many other personal details, we’re sharing information on physical security and cybersecurity so you can protect yourself and your data.
Personal Data Protection: Online and In Person
Online Data Security
It’s not just phishing, vishing, smishing — that’s stealing info via email, voice, and text scams — and company breaches that lead to theft. Hackers also create fake storefronts and forms for unsuspecting users to fill with their personal information. And beyond that, some try to access online browsing and site history or hack message apps, social media, or online calendars — with hackers finding new methods every day.
With so many opportunities for these thieves to access your information, why not lock it all up and throw away the key?
Accessibility! Think of it this way: You wouldn’t want to search for that long-lost key to open your digital lockbox just to make an online purchase or send an email. It’s also why securing your information the same way across the board doesn’t always make sense. Instead, protect your most vital information — think Social Security number and bank account information — more securely than less-sensitive information, like your name and phone number.
But just because it’s not online doesn’t mean it’s safe!
Physical Data Security
What’s the importance of physical data security in the digital age? Consider that you probably own physical versions of nearly all the information you store and use online. This makes keeping them safe paramount.
It can be as simple as carrying physical documents like your ID and Social Security card. Misplacing or losing them to thieves can be just as detrimental as the same information being hacked online. And I’m not just talking about the hoops you may have to jump through to replace them!
Secure your information in these areas as well: Personal information traveling through the mail, paperwork you bring home from your doctor, lawyer, or other professionals, as well as documents you print at home. You may choose to turn those physical documents digital or opt to have your information sent digitally instead of as paper copies.
Accessibility is important here, too. Just imagine having to go to your safe deposit box at the bank to get the documents you need to fill out paperwork when you begin working with someone, like a new health care professional.
If you’re hoping to strike the perfect balance between security and accessibility, we’ve got some suggestions.
Personal Data Protection Best Practices
It doesn’t matter if you’re a data security pro or are taking security seriously for the first time. These best practices can make for a strong start or simple refresher. Whether physical or online, you can take these super-simple steps to stay safe.
Online Data
▶︎ Password-protect and install security software on your devices.
▶︎ Turn your social media channels to “private,” and be aware of the personal information you do share with the public on them.
▶︎ Use multi-factor authentication (MFA) when possible.
▶︎ Use a virtual private network (VPN) on public Wi-Fi.
▶︎ Don’t click links or open attachments in suspicious calendar events or social media messages.
▶︎ Use secure passwords that are difficult to guess or figure out. They shouldn’t include personal information like your name or address.
▶︎ Use a password manager to create and store strong passwords.
▶︎ Don’t write your passwords down or save them in files on your devices (unless they’re in a password manager).
▶︎ Before you recycle, donate, or otherwise dispose of your devices, remove all of your data permanently, overwrite it so no one can access it, or physically destroy the storage medium.
▶︎ If you think something might be suspicious, do a quick online search since many cyberattackers use names that sound familiar. You can also reach out to the real company’s customer service team to verify their contact methods.
▶︎ Visit secure websites (starting with “https”) and encrypt your data.
▶︎ Clear your browser cookies from time to time, and use browser plugins to secure your data.
▶︎ Keep your software up to date as many updates include increased security measures.
▶︎ Financial Planner Pro Tip: Use a credit card — rather than a debit card or automatic transfer — when making purchases online. Futher, insert your credit card to use its chip, employ tap-to-pay, or use a service like Apple Pay, Google Pay, or similar to encrypt your payment information, rather than swiping your card or entering your credit card number, whenever possible.
Physical Data
▶︎ Monitor your credit by double-checking your credit report at least once a year.
▶︎ If you carry a wallet, purse, or backpack with your personal information regularly, lock them in a safe place when you’re not able to carry them, like when you’re at work.
▶︎ Don’t carry your Social Security card when it’s not necessary (and it’s pretty much never necessary).
▶︎ Shred paperwork with your personal information on it that you no longer need, and put important data that you don’t access regularly under lock and key, like a home safe.
▶︎ If you don’t have a locked mailbox, put a hold on your mail when you go on vacation.
▶︎ Pay with cash when possible.
▶︎ When making credit or debit card payments, opt for a payment service like Apple Pay, Google Pay, or Samsung Pay or use a card with a chip. These create unique codes with each purchase, rather than disclosing your debit or credit card number to vendors.
Identity theft can be scary, but it’s also possible to recover if someone has stolen your identity by thieving your data. As soon as you discover a personal data breach, report it to the proper agency.
Practicing What We Preach
We’re not just sharing these data security best practices with you — we follow them, too! In fact, we have a publicly available privacy policy that details how we use your information as well as an internal Data Security Program that we consistently review and comply with year-round.
In addition to mandating that we follow many of the best practices above, our Data Security Program includes other requirements. They include vetting vendors so we know that those we work with who have access to your information and ours are taking the necessary security measures. There are several free versions of secure password managers and VPNs similar or identical to the very ones that we use. A quick Google search will give you a lot of options to choose from and some user reviews to consider.
▶︎ Financial Planner Pro Tip: Personally, we use Credit Karma to monitor our credit and receive alerts about suspicious activity and data breaches.
When looking for a financial professional to work with — or any individual who or company that might be handling your personal information — it’s always a good idea to review their privacy policy and data security program. Then simply ask, “Why do you need my information, and how will you keep it safe?”
For more, check out our latest episode of Money & Taxes from Bb to XYZ, “Data Breaches & Personal Data Protection.”