There is only one person that you can rely on to keep you protected in your online life – and that person is YOU! Because the bad actors on the network target people more frequently than machines, this means that we more likely to be the first point of contact in an exploit. We are ultimately responsible for keeping our online life secure. This is a process called vigilance.
In the cyber-world, this means keeping an eye on our own affairs, and watching out for suspicious activity or problems. Fortunately there are free or low-cost tools available to help us remain attentive, tools that can warn us when one of our online assets or identities has been compromised. Most of these can provide automatic updates via email or text message, or both. Here are a few of my favorites, and most of them I use myself.
Alerting services
- Have I Been Pawned? – We have talked about Troy Hunt’s valuable HIBP website before. You can register your email addresses with his website, and get an update sent to your inbox any time your email accounts and passwords have been exposed or compromised as part of a web site database breach. This loss of personal information happens through no fault of your own, but it is important to take swift action when it occurs. This is where you find out about breaches that affect you. The simple action you need to take is to log onto the affected online account, and either change your password or, if not needed, close the account.
- Credit Bureaus – Each of the three major credit bureaus, Equifax, Experian, and Trans Union, offer some sort of free alerts any time your credit report is accessed. This should serve as a warning. If you have not applied for a new credit card or loan, then the new activity on your credit report may indicate someone else opened a line of credit using your name and social security number. You can contact the credit bureau or the lender to get more information, dispute the change, and close the account.
You can also sign up for a credit freeze or credit fraud alert. And you should get a free copy of your credit report from each credit bureau once a year. Order them from a different bureau once every 4 months, and look for changes or unknown accounts or credit lines. Close any charge cards you don’t need.
- Credit Cards – Most credit card companies provide free alerts to by email or text message for any purchases made with your card. This is a great way to keep track of usage, and spot unexpected transactions. Credit card fraud departments also can alert you to unusual, large, or duplicate charges to your account, which you can verify before the charges are actually completed. Smartphone apps are available to manage and temporarily suspend cards that you have lost, were stolen, or think have been used without your knowledge.
- Login Alerts – Google, Facebook, Yahoo, Microsoft, Amazon, iCloud, and other online service providers will send you an email or text message any time you or someone else logs into your account. Usually you have to set up these alerts by logging into your account’s administrative panel, and activating these security features. While you are in there, take a look at other offerings such as two-factor authentication and other advanced security options. Some alerts will advise you of both successful and unsuccessful login attempts. A string of unsuccessful login attempts may indicate someone else trying to guess your password.
- Email Alerts – This is especially important for your email accounts. Email account hijacking is one of the top earning cyber-crimes, and you want to know as soon as possible if one of your email accounts has been breached, and someone else is living in your inbox. If your email or other accounts are breached, change your password as soon as possible. Also look for email forwarders that send copies of your emails to a different email address. If you did not set these up, delete or disable them now. An email forwarder will sent the attacker a copy even if you change your password. Also, never send passwords by email. If your email account is breached, then the bad guys just got your new password.
- Location Alerts – This is often part of the log in alert feature, but another way to detect unauthorized activity in your accounts is to set up a location alert. This feature will let you know if you or someone else has logged into your account from a different geographic location. If your Facebook account was logged into in Paris, France, but you are in Denver, Colorado, and live in Minneapolis, Minnesota, Facebook can advise you of the suspicious Paris login, your different but expected Denver login, and the login in Minneapolis by someone with access to your computer, like a snoopy family member. Usually you get a location, an IP address of the person logging in, the time and date, the web browser used, and the type of device accessing the account. Indication of a breach means you need to change your password.
- Identity Theft Protection – Many credit card companies, banks, insurance companies, and credit card companies provide different types of identity theft insurance. These are rarely free, but sometimes can be added as a rider on your home owners insurance at a reasonable cost. Two of the biggest ID theft companies are LifeLock, with is owned by Norton/Symantec, and ID Shield, which is owned by Legal Shield. You can expect to pay around $100 per year per person for these services. I do not subscribe to either LifeLock or ID Shield.
In my personal experience, I have benefited from each of these alerting services, and combined, they help protect me from the cyber-criminals, identity thieves, and other bad actors on the Internet. You can use these to help harden your identity and online accounts too, fairly easily, in a few hours. I strongly recommend that you do.
ShareJAN
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com