Over the past year, major companies like Home Depot and Target have been victimized by hackers who breached their customers’ personal and credit card information. When I think of these situations, I can’t help but to wonder. If these companies, with their tremendous resources and sophisticated security protocols can fall victim to unscrupulous predators, how safe are we as individuals and small business owners?

We all know someone who’s received a strange phone call asking for personal information. And we’ve heard countless tales of identity theft. A friend of mine was recently contacted by the Ohio Division of Taxation and informed that a false tax return was filed using her personal information in Ohio. She lives and works in Pennsylvania!  Fraudulent criminals can wreak havoc on our lives, creating a mess of red tape that can only be unraveled by months of investigation and paperwork.

Imagine if you were planning to buy a new house in the next few months, and your credit was ruined by a criminal?  Cleaning up the mess and proving your true worth can take months, even years. Even if you had no plans that could be affected, you need to cancel credit cards, contact everywhere you have recurring charges and set up payments with a new card, deal with state and federal agencies, and more.

To prevent your confidential data from being leaked and/or compromised, there are steps you can – and should – take immediately.

Keep your social security number to yourself. 

Many medical facilities request your social security number for identification, or use it as your account number. Sometimes, you’re just asked to provide the last four digits. But you can avoid even that. At a local hospital, I requested that my social security number not be used to identify me and my records. I was assigned a randomly generated 4-digit code instead. All you have to do is ask.

Shred. Shred. Shred.

All documents and papers that have personal information such as your social security number, credit card information, and account numbers (like bank and credit card statements) should be shredded. Even junk mail that could cause problems, like new credit card offers, should go into the shredder. (You can easily opt out of prescreened credit cards offers by calling 888-567-8688 or optoutprescreen.com.)

A shredder is a relatively small investment given its value in protecting your information. But if you don’t have one, communities and local banks often have free shredding days.

Be cautious shopping online.

The majority of identity theft involves the theft of credit card information. A common place for hackers to gather information is through online retailers. Before shopping make sure the site is secure. A secured site’s url will often begin with “https” which means there is an encryption system that offers a higher level of protection. If the web address begins with only “http,” there’s no encryption system in place. A secure site may also have a lock icon on the bottom of the website.

Beware of “false readers.”

At some retail locations or restaurants, unscrupulous individuals have set up a false reader into ATM machines meant to make it convenient for you to get cash. When this happens, the additional reader reads your credit or debit card’s magnetic stripe and/or your pin code, saving it so it can be used fraudulently later. If you ever feel that the ATM reader or retail reader is not “right” – either that it’s “sticky” or it seems the reader doesn’t fit properly into the casing, there may have been tampering. Don’t use it and notify the management.

Get familiar with monthly statements.

Never take for granted that your bank and credit card statements are correct. Always review them for accuracy. This simple practice is the best way to ensure your credit card information hasn’t been stolen. My son recently reviewed his statement and found four transactions that originated from China, although he never purchased anything (even online) from there. Two of the transactions were foreign exchange fees, indicating he’d made purchases using Chinese currency.

Don’t get hooked by phishing.

A common way for your personal and business data to be hacked is through phishing emails. A fictitious email is sent, requesting that you click somewhere in the email or “verify” your account information. As soon as you click, a computer virus or spyware may enter your computer and capture your passwords and sensitive data.

Verify who’s calling. 

Any legitimate company won’t call you and ask for your personally identifying information. Be wary and hang up on anyone asking you to validate or give your address, phone number, social security number, birthday or other personal information. If you think a company you have an account with really is calling, tell them you’ll call them back and only use the number you have on record for them, so you know you’re calling the right place. The IRS will never call you – they only send letters.

Protect yourself with anti-virus and anti-malware software.

Every computer needs anti-virus and anti-malware software, plus a firewall and password. Make sure you’re set up properly. As an added security measure, don’t share your network connection with your neighbors, and don’t use theirs.

Get creative with your passwords.

Because we typically have so many accounts to juggle, it’s impossible for most people to remember all their passwords. In this case, many people end up using the same password for multiple accounts. If one is compromised, they’ve just made it easy for a hacker to get into all their accounts at once! Avoid this with a few simple strategies:

• Use different passwords, each one of them strong so a computer algorithm can’t decode them easily. A strong password has 10-15 characters, doesn’t use two consecutive numbers or letters, mixes uppercase and lowercase letters, mixes letters and numbers, and includes symbols. For example, G8ue3B%0kY would be very difficult for a computer or person to guess.
• Do not write your passwords down or save them on a document in your computer. If your computer is stolen, the likelihood of your other IDs and passwords being compromised is exponentially increased.
• To keep track of all your passwords, use a software system like RoboForm, LastPass, Dashland, Norton Identity Safe, or 1Password. These systems of course have their own ID and password, but you only need to remember one and the system stores your other login information in a safe, encrypted environment.
• Never share your login IDs and passwords with others.

Always monitor your credit reports. By law, Equifax, Experian and TransUnion are each required to provide you with a free copy of your personal credit report once every twelve months. But you have to ask for it. Go to annualcreditreport.com or call 877-322-8228 to request one from Equifax. Then four months later, repeat the request with Experian, and finally, four months later, request one from TransUnion. Note for each request, you will need to validate your identity by entering your social security number, birthday and personal financial information. Now that you have the credit reports, review them for accuracy, including all addresses, opened credit cards and other details. If anything looks suspicious, report it to the appropriate credit bureau.

By protecting your information physically and digitally, you’ll prevent it from falling into the wrong hands. If you haven’t already, start taking the above steps today!