Password recovery systems are another gaping security hole, says Lance Cottrell, chief scientist at Ntrepid, a privacy and security-focused technology company. A thief can easily find your mother’s maiden name or the city where you got married by browsing your Facebook profile. Make your responses to these questions just as difficult to guess as your actual passwords.
“Often the answers [to password recovery questions] can be found through social media,” Cottrell says. “People should make it a habit to lie outrageously and uniquely for each website, keeping track of the lies in a password manager.”
You avoid checking your banking and credit card statements on a regular basis
Checking your account balances isn’t always fun, but not doing so means you could miss fraudulent transactions that indicate your identity has been stolen. You should scan your account statements and your credit report frequently for purchases you didn’t make and lines of credit you didn’t request.
“Reviewing your bank accounts, credit card statements and credit reports regularly won’t necessarily prevent identity theft, but it will help you catch it early before you incur too much damage,” says Brianna Jensen, an identity theft expert with consumer security site ASecureLife.
Credit card fraud is one of the most common types of identity theft. You are eligible for a free report from each of the three major credit bureaus once a year, so request one every few months in addition to reviewing other financial statements at least weekly.
You overshare on social media and don’t check your privacy settings
Social media is rife with scammers who take advantage of weak privacy settings to lure you in. Even if you don’t fall victim to a phony Facebook lottery, thieves can still glean personal information from your supposedly private profiles. Geotagged photos, birthday posts, and childhood throwbacks give savvy criminals answers to those oversimplified security questions and generally help them impersonate you.
“Don’t share any information with sites unless you are comfortable with that information being posted on a postcard and sent to your own house,” says Ron Schlecht, managing partner at cybersecurity firm BTB Security.
You send sensitive information via email or unsecure messaging services
Nigerian princes aren’t the only ones scamming consumers through email. If you include account numbers, attach sensitive documents or simply write things you’d never share publicly, you open yourself up to identity theft. Even if you have a strong password or use two-factor authentication to protect your own account, your messages are only as secure as those you send your information to.
Plus, when you delete messages from Facebook, Slack or email, that data still lives in a place that’s accessible to thieves who can intercept or hack into accounts or servers.
“Our inbox, sent and deleted folders are treasure troves of sensitive information about ourselves and our family,” says Mike Fleck, vice president of security at Covata, which provides data security solutions for businesses. Avoid sending account numbers and sensitive documents via unencrypted messages.
You rarely update your apps and device software
Frequent app updates aren’t just there to annoy you. They actually patch critical security holes that would otherwise leave your data vulnerable to hackers and viruses.
“What might have been secure enough yesterday is no longer secure enough today — sometimes because bugs have been discovered and sometimes because technologies have evolved,” says Gary McGraw, vice president of security technology at software security company Synopsys.
If your devices have an automatic update setting, enable it. And if you get a notification that a new software version is available, address it immediately.
You give away too much information — especially when you are in public
There are very few situations that actually require you to provide any kind of personally identifiable information in public or to someone you don’t know, so be wary of anyone who requests this.
For example, a telemarketer calls and asks you to confirm your name and address. You have no way to verify that person’s credentials, which means you just gave your name and location to a stranger, which they can then use to piece together your personal profile. Other situations are less sinister but just as risky: You don’t think twice about providing your credit card number to confirm an appointment or stating your social security number for your doctor’s office over the phone, but you never know who is listening nearby.
Before you give away any information, whether in person, over the phone or online, make sure that it’s absolutely necessary to do so and that your data will be communicated or transmitted securely.
Experts say that data breaches, hack and identity theft are an all-too-common — and often unavoidable — reality, so consumers should take steps to avoid becoming victims whenever possible.
“The most dangerous habit a person can have is to be too trusting,” says Mark Gazit, CEO of data analytics provider ThetaRay. Whenever you’re dealing with your financial information and personal data, “you must assume that you will be hacked.”
More ways to protect your data
Want more tips like these? NBC News BETTER is obsessed with finding easier, healthier and smarter ways to live. Sign up for our newsletter and follow us on Facebook, Twitter and Instagram.