Topics:Internet Security Identity Theft 101 Data Breach News Business Security Tax Identity Theft Medical Identity Theft Scams
Unfortunately, not everyone practices proper password management. And, in this digital age, how you manage your passwords can be the ultimate determining factor between staying safe and falling victim to identity theft and other serious cyber crimes. When you think of password management, you may think that you can just change some of your most-used passwords once and not have to worry. Although that’s a good beginning step, there are so many other factors you have to consider in order to practice good password management. One huge mistake that people make when it comes to passwords is that they use the same password for multiple accounts/websites. This may seem like a smart idea since one password is obviously easier to remember than several, but reusing passwords can cost you more than you may know. For instance, if anyone happens to guess or learn that one frequently-used password, they will then have full access to whatever accounts and websites you used that password for. Google recently partnered with Harris poll and surveyed 3,000 adults ranging from ages 16 to 50 and up. According to the 2019 survey, 52 percent of people who were polled stated that they reused the same password for multiple accounts and 13 percent stated that they reused the same password for all accounts. The survey also showed that only 24 percent of respondents use a password manager service. If you are struggling with password management, know that you’re not alone. Millions of people each year fall victim to cyber criminals, and their lack of strong password usage is a big part of the problem. To help you and others who are struggling with passwords, we decided to ask a few security experts to provide their best tips regarding password creation, storage, and management. They gave the following 10 tips: Avoid using personal information Use a phrase as your foundation Don't shy away from long passwords Check your password strength Stay far away from reusing passwords Remember to reset your passwords Consider deleting less used accounts Set up two-factor authentication Use a password manager service Secure your Wi-Fi network Read on to see what each expert had to say about the tips listed above. Tip #1: Avoid using personal information Kyle Hrzenak, CISO at Green Shield Security LLC “A tip that I have for people, especially families, who want to create secure passwords would be to leave any personal information out of passwords. Things such as birthdate, city of birth, first child's name, etc. are easy to guess. These entries are the prime target for malicious users to guess and crack.” Steven J. Hausman, President of Hausman Technology Presentations “Do not use obvious personal information. That is, especially with regard to families, do not use kid’s names, pet names, the name of your street, or your school. When you have to respond to security questions (like your pet’s name), it can often be found on your social media account, so make up fake information to use in answering security questions. For example, if your high school was Middleburg High School, then for the security questions say it was Regional High School. You should also make certain that your social media accounts do not contain private information if at all possible.” Tip #2: Use a phrase as your foundation Steve Weiseman, Lawyer, College Professor, Author, and Identity Theft/Scam Expert at Scamicide “If [...] you wish to keep things simple and you want to manage your own passwords, the best thing to do is to develop a basic password that gets adapted in an easily remembered manner for each of your accounts. A good, strong password will have capital letters, small letters, and symbols. A good way to achieve this is to make a phrase your core password, such as IDon'tLikePasswords.This is a good start. Now add a couple of symbols so it reads IDon'tLikePasswords!!! and you have a good strong base password. You can adapt the password to a unique password for each of your accounts by merely adding a few letters to distinguish each account. So, for instance, your Amazon password can be IDon'tLikePasswords!!!AMA. This manner of picking passwords will provide you with unique, strong, and easily remembered passwords for each of your accounts.” Maddie Roderick, Security Consultant at Frontier Business “Bots are able to check up to 1,000 passwords per second, so it’s essential to get creative with passwords to secure sensitive information, like your bank login. My favorite advice to give when it comes to choosing secure passwords is to think of a phrase — maybe a favorite quote from a movie. Instead of the phrase, use the first letter of each word in that phrase. To anyone but you, that password will seem nonsensical, be harder to guess, and harder to remember.” Tip #3: Don’t shy away from long passwords Jason Nickola, Senior Security Consultant and COO at Pulsar Security “The conventional password guidance which has permeated corporate environments and commercial products over the last thirty years has been to use at least eight characters and to include at least one uppercase, lowercase, number, and symbol. In other words, the focus has been on complexity (including different kinds of characters). These requirements have caused people to choose short words that they remember — like their dog's name — and then add numbers and symbols until complexity requirements are met, resulting in something like Scooby#2, which is an easy password to guess even if an attacker has to brute force all possibilities. Instead, emphasizing length is a better approach. For example, the password "my dog scooby is an awesome dog who i love very much" — although it doesn't meet any of the aforementioned complexity requirements — is a much more secure password than Scooby#2 and is easier to remember for the user, too.” Dan Merino, CEO of Green Dot Security “Password length can be a great defense against a site that has their database of usernames and passwords breached. If the site is not doing anything to protect the password, which is rare but does happen, then the length will not make any difference. However, assuming there is at least some basic encryption of the passwords, the longer the password the less likely anyone will even attempt to try to crack them.” Tip #4: Check your password strength Steven J. Hausman “One important resource is the password strength manager at my1login where you can type in your password to see how strong it is. This site also gives you an estimate of the amount of time it would take for a hacker to crack your password. The password "4$core&7YrsAg0" would, according to this site, take 12,000 years to crack. If you added "xxx123" to it, then the cracking time would rise to 127 million years and so forth.” Tip #5: Stay far away from reusing passwords Casey Crane, Cybersecurity Journalist for SectigoStore.com “While it’s easy to use the same password between multiple accounts, resist the urge! All it takes is one data breach of your favorite mobile app or website, and you’ll suddenly find yourself in a world of pain. For example, if you use the same password for your email address, a hacker can use your compromised credentials to access your email and any other accounts associated with it.” John Svazic, Founder and Principal Consultant at EliteSec Information Security Consultants, Inc. “Always make sure you use unique passwords for every site. Lots of ‘hacks’ are actually people just re-using the same password over and over again, allowing attackers to gain access to different accounts with very little effort. The website haveibeenpwned.com are great places to find out if your email has been part of a data breach, or if a common password you use has been compromised.” Tip #6: Remember to reset your passwords Kyle Hrzenak “In reality, you should be keeping any password safe and confidential. It's recommended to change your passwords once a month for any monetary purpose, such as bank accounts, credit card accounts, etc.” Casey Crane “Historically, industry experts’ recommendations about how frequently you should change up your password have been all over the place — anywhere from every 30 days to upwards of 180 days. Personally, I try to change my passwords every three or so months. Obviously, if your account has been hacked, it’s best to update it as soon as you’ve become aware. Similarly, if there’s been a data breach at a site where you have an account, change your password immediately.” Rob Shavell, CEO of Abine/Delete Me “It used to be popularly recommended that people change passwords frequently. This is less the case now, as security experts recognize that people often end up creating a greater risk for themselves in the process of frequently re-accessing account security settings. With things like network passwords, they should probably be changed after you’ve shared them with any third parties (like guests). Things like primary email accounts (like Gmail or Yahoo) should be changed if you’ve received any warnings of attempts to access your account, or if you’ve accessed your email from some public computer (like a library). Social media accounts or online-shopping (like Amazon) should probably be rotated on a periodic basis. Once or twice a year, depending on how frequently you use these services, should be fine.” Tip #7: Consider deleting less used accounts Chelsea Brown, CEO and Founder of Digital Mom Talk “If you don't use the account often (like monthly), delete it. Often accounts we don't use often are ones that get compromised in a data breach and can be the gateway into compromising us more.” Tip #8: Set up two-factor authentication Larry Aucoin, CTO and Managing Partner of Optimal IdM “Use two-factor authentication, like a push notification to your mobile phone, when it’s offered. If hackers do succeed in guessing a password, they will still need to breach another level of authentication.” Dave Hatter, Cyber Security Consultant at Intrust IT “Everyone should enable multi-factor authentication (MFA) aka Two-Step Verification or Two Factor Authentication anywhere and everywhere they can. Microsoft and Google have both stated that MFA will block 99 percent of all automated attacks.” Jason Nickola “Use multi-factor authentication wherever you can. Historically, a valid username and password are all that has been needed to login to a system, website, or service. This presents a security challenge because it is just one factor — something you know — and anyone who is able to guess or find your password in a breach dump will be able to log in, too. Multi-factor authentication (MFA) adds an additional requirement — generally something you have — on top of knowledge of your password. Most often this means a notification or code pushed to your phone via an app or text message. Many of the most common services and vendors offer the ability to enable MFA but it is not often enabled by default. This is probably the most important bang-for-your-buck step someone can take and the one I suggest to the general public most often.” Tip #9: Use a password manager service Bruce Hogan, Co-Founder and CEO of SoftwarePundit “The best way to create and manage secure passwords is to use a password manager. There are several highly popular, tested software solutions in the market that work well for individuals and families. Some of the most popular solutions are 1Password, Dashlane, LastPass, and OneLogin. Here's how these solutions work: After you sign up for the software, you enter your accounts and passwords into the application. Next, you install a plug-in on your browser. You can access your accounts either by clicking a link in the password manager application or using the plug-in. Any time you update your password, it is automatically captured by the tool. One specific benefit of password managers for families is that you can share log-ins with other people without sharing the actual usernames and passwords. This feature increases safety and also allows you to control which family members have access to each account. If the family is interested in additional security measures, they can take advantage of the password generators offered by these solutions. These passwords are extremely strong and unique to each account.” Dan Merino “If correctly used the password manager would allow individuals to create new and unique passwords for all services and sites while the individual would not even need to know what the password is. Additionally, within a family, a password manager allows for easy sharing. As an end-user using a password manager means that you should only need the password for the password manager, and it gives you all the other passwords you would need. Finally, the better password managers will allow for audits of your passwords and bulk changes.” Tip #10: Secure your Wi-Fi network Patricia Vercillo, Vice President of Smith Training Centre and The Smith Investigation Agency “With the number of dangers online, it's critical to have a strong and secure Wi-Fi, particularly families. A defense plan is needed to remove any opportunities from cybercriminals and hackers. My first suggestion is to simply build a stronger Wi-Fi router. Give your router a name, but don't use the name of the manufacturer or your own name or street address. Use a strong encryption method for Wi-Fi like WPA2. Next, I suggest setting up a guest network. This network would only be used by friends or family members — a private network. I also highly recommend changing the default passwords, as many cybercriminals are already aware of what those are. If a device does not allow you to change the password, I’d consider going with something different. Be sure to make your passwords challenging as well. I’d recommend changing your Wi-Fii password every three months. It would also be good to get in the habit of doing the same, for all of your sensitive technological devices.” Additional security tips It’s safe to say that there’s a lot that goes into properly creating, managing, and securing passwords. Along with the expert tips listed above, here are three additional tips that can help as you and your family start learning and developing good password security habits: Consider conducting a regular family password audit It’s important to review and revisit passwords for your online accounts at least once per year, and conducting a family password audit can help motivate you and your family members to have more in-depth security conversations and stronger passwords. This audit should involve a thorough review of all of your passwords and should institute a new level of security within your home. Read this step-by-step guide to learn more about family passwords audits and how they can help you and your loved ones stay safe online. Stay up-to-date on password trends and data breach news Knowing what is happening in terms of password trends and data breach news can help you and your family stay safe in this digital world. It can be tedious to stay up-to-date on the latest data breach and password developments, especially since it can feel like data breaches occur constantly. Taking the time to stay aware of what is happening around you, can make all the difference in terms of your personal security efforts. To do this, you can sign up for notifications from various security news outlets and regularly check reliable sources like The Identity Theft Resource Center (ITRC) for the latest security information. You can also stay in-tune with what major security leaders and companies are saying on their blogs, social media platforms, etc. Look into getting professional identity monitoring services You can take your personal security and your family’s security a step further by signing up for professional identity monitoring and protection services like NortonLifeLock, IdentityIQ, Complete ID, etc. The companies mentioned above and other companies in the industry can provide you with important alerts and updates, identity restoration services, various monitoring services, and up to $1 million in identity theft insurance. search Highlight: Identity theft protection plans for families do exist. Many identity theft protection services also provide family-based plans to help you protect not only your identity but each one of your loved ones’ identities and personal information as well. The bottom line Being proactive when it comes to your personal security can save you and your family a significant amount of trouble, stress, and money. If you follow the tips above, practice proper password hygiene, and have frequent conversations regarding online security and best password practices with your family members, you and your loved ones will have better chances of averting devastating online crimes.
Passwords might not seem like a big deal in your everyday life, but in reality, they’re what stands between you and countless cyber criminals. report_problem Attention: Data breaches are still a major threat. According to Forbes, "more than 4 billion records were exposed by data breaches” within the first six months of 2019. Since passwords play a big part in modern data breach scenarios, reviewing and securing your passwords should be on the top of your family security audit checklist. When creating passwords, you and your family members might just think it’s easier to use the same or similar password for multiple websites, devices, etc. After all, who wants to have to memorize hundreds of different passwords? No one does. There are ways you can have strong passwords without having to worry about that. Once you develop the right password-creating system, you won’t have to stress about keeping track of a never-ending list of different passwords. Password audit steps In this article, we’ll go over the following steps you can take to conduct a thorough review of your passwords. Step 1: Create your list Step 2: Review your passwords Step 3: Make a list of unique phrases, words, and numbers Step 4: Create your new passwords Step 5: Determine your password storing method and set your passwords Step 6: Get your family started When conducting a family-based password audit, the first thing you should do is lead by example. This means reviewing your individual passwords first. Step 1: Create your list To start, try physically writing down your most-used websites and accounts on a piece of paper. Then, add in the most important websites and accounts if they are not already part of your most-used list. At this point, you should have a lengthy list of websites. If you don’t have a solid list yet, try viewing your browser history and think of the websites you have used in the last three months or so. You can also check your email for ideas or to see if you have any digital receipts from websites you’ve purchased items from in the last few months. Additionally, you can check your bank accounts or credit card statements to see if you’ve made any online account purchases in the last few months from websites that aren’t already on your list. Step 2: Review your passwords Once you have your list of websites finished, review the passwords you use for each website and online account. If you can’t remember some of these passwords, make sure to make a note of that next to the website or account name. If you have extra time, you can try to visit the websites you can’t remember your passwords for and see if they have a recovery password option. If the only option they have is to reset your password, make a note and refrain from resetting it at this time. Try to look for your password weak points. For example, maybe you use the same password for multiple accounts, knowingly shared a password with others, or maybe you use your birthday or your name in your passwords. Step 3: Make a list of unique phrases, words, and numbers When you’ve determined what your password weaknesses are, your next step is to create three lists — one for unique keywords, one for unique phrases, and one for unique number sequences/dates. If you can, try coming up with at least five items for each list. Here are a few examples of unique keywords, phrases, and numbers you can write down: Keywords — your childhood best friend’s nickname, your first pet’s name, etc. Phrases — a recurring fun phrase a relative always said to you, a unique inside joke between you and your significant other, what you first said when you graduated from college, etc. Numbers/dates — your secret lucky number, your first dog’s birthday, the day your first relationship started, etc. Marcus Chung, CEO of BoldCloud, states that “any part of your name, birthday, Social Security number, or similar information for your loved ones is a bad password choice.” So, when you are making your three lists, make sure to think about what is unique to you that most people would never be able to guess. Pro tip: Make sure to not choose any numbers, keywords, or phrases that match up with what you’ve posted online, i.e. your social media accounts, blog, etc. Step 4: Create your new passwords Use the lists you created in step three to generate unique password combinations. Do not use one password more than once per website. If you run out of good password ideas, try creating more combinations from the phrases, keywords, and numbers you have listed. Stephen Arndt, President of Silver Linings Technology, believes that “a good password should be at least eight characters long (or longer) and have a combination of uppercase and lowercase letters, numbers, and symbols that are hard to guess.” He says it’s best to avoid using “dictionary words with proper capitalization because they’re easy to guess (like Password123#).” Arndt explains that “even though it meets the requirements we just discussed, it’s easily hacked. Remember, hackers have sophisticated password-hacking software that will run 24/7/365.” If you want a quick tip for remembering your new password, Arndt suggests that you use a “phrase and insert letters and numbers into it, like [email protected]” Read also: 10 Expert Tips to Help You with Password Management Step 5: Determine your password storing method and set your passwords Now that you have your different password combinations created, determine which secure password storing method you want to use. If you have a strong password sequence that can be changed per website and that is something unique to you and easy for you to remember, you can just keep that in your memory. If you have multiple passwords, you can either use a password notebook or use a secure password manager service like LastPass. Chelsea Brown, Security Analyst, Ethical Hacker, and Owner of Digital MomTalk says that “password generators are good, but can be difficult to remember for some. You can use a password manager like 1Password, LastPass or Dashlane, but be careful where you store passwords. She states that “many individuals aren't aware that, with browsers like Chrome and Firefox, hackers can use your browser account to access all of your passwords that your browser has stored. This can be done without even infecting your computer with a virus.” Brown recommends that you should make sure to not “use your browser for password storage. She explains that “this is one of the biggest reasons why you should always make sure you're logged out of accounts if using public access places like libraries and internet cafés or even friends' houses.” After you choose your storing method, reset your passwords. Again, never use the same password twice. Once you change your passwords, write down (on the first list you created in step one) the date you changed each password. Lastly, store this list in a secure location and revisit this list at least once per year and redo this password audit process. Step 6: Get your family started After you go through the steps (1–5) listed above, it may be a good idea to take the time to sit down with each individual family member and help them go through this process for their passwords. If your family members do not want you to help them or if you want to give them privacy regarding their passwords, provide them with the steps above and let them go through the process themselves. You can always provide them with helpful password resources found online or you can be their first point of contact if they have questions during the process. Additional protection Once you and your family have completed the password audit process above, you can choose to take your security to the next level by looking into different identity theft monitoring and protection service options. Professional identity theft monitoring and protection services can help you catch identity theft before it happens. Additionally, some services provide recovery and restoration assistance in the event that you or one of your family members do become an identity theft victim. Many identity theft protection services offer solid identity theft insurance and provide several different identity protection and monitoring options, including protection services for the whole family. Here's a brief overview of three of our top-rated identity theft protection companies — NortonLifeLock, Complete ID, and IdentityIQ. NortonLifeLock NortonLifeLock offers identity theft protection and monitoring services to individuals, families, and businesses. This company provides a variety of monitoring services including public records monitoring, financial account monitoring, and credit monitoring. In addition to monitoring services, NortonLifeLock also offers 24/7 live member support, recovery services, a helpful mobile app, a money-back guarantee, and a Million Dollar™ Protection Package. See a recent customer review below and read our full NortonLifeLock review to learn more. Customer Review: Jacob from American Fork, Utah "Norton has always been our top protection provider. With constant updates and communication, we are alerted of any suspicious activity immediately." Complete ID Complete ID, an Experian identity theft protection product, is offered to Costco members for a fairly affordable monthly price. This service includes helpful monitoring services like Social Security Number monitoring, dark web surveillance, non-credit identity monitoring, and child monitoring. Additionally, Complete ID provides around-the-clock live customer support, up to $1 million in identity theft insurance, and U.S.-based certified identity theft restoration. Several customer reviews, like the one below, have praised Complete ID's customer service. Read our full Complete ID review to learn more. Customer Review: Joseph York from Atlanta, Georgia "The customer service professional was fantastic! She was knowledgable, professional, friendly, and very helpful explaining what my notifications meant and she provided going forward recommendations." IdentityIQ IdentityIQ provides a number of monitoring services including dark web and internet monitoring, credit monitoring, and more. The company also offers a specific family protection service that involves identity fraud restoration. In addition to its monitoring services, IdentityIQ also offers up to $1 million identity theft insurance and up to $25,000 for children, U.S.-based fraud restoration, and lost wallet assistance. Check out the recent customer review below and read our full IdentityIQ review to learn more about what this company has to offer. Customer Review: Ariel H. from Cleveland, Ohio "I haven’t had any problems with this service and it helped me get help fixing my credit. Good investment." The bottom line Although there is no way to make sure you and your family are 100 percent protected from cyber crimes and identity theft, you can be proactive and help your family avoid falling victim to such threats. For instance, conducting an annual (or even biannual) family password audit and considering professional identity theft monitoring options can better your family members' chances of staying safe online. Overall, it's important to make sure you and your family have continual conversations about personal security and that each family member recognizes the importance of creating and having strong passwords.
Guest Post by Kayla Matthews In this age of massive data breaches, identity theft is arguably more likely now compared to when people did not share their information so freely online. One of the precautions you can take to protect against identity theft is to activate a credit freeze. Here's a breakdown about what that means, plus what else you can do to keep your identity safe. What is a credit freeze? A credit freeze, also known as a security freeze, closes access to your credit report. Then, it's harder for people to fraudulently open new accounts in your name. Creditors generally want to see your credit report before finalizing any agreements related to new accounts. If they can't, they likely won't let you, or any person who stole your identity, proceed with creating an account. How do you apply a credit freeze? Freezing access to your credit report requires separately contacting each of the three main credit reporting bureaus. Whether you do so by phone or online, the process involves answering some questions to verify your identity, such as giving your name, birth date, and social security number. Some people may remember applying for a credit freeze a while ago and cannot recall if it's still in place. If you're in that situation, the credit reporting bureaus offer various ways to check, including by calling phone numbers and logging into online interfaces. How do you lift a credit freeze? After receiving your request to freeze your credit, a credit reporting bureau may provide you with a PIN. You'll need it to lift the credit freeze at any point in the future. However, if you did not get a PIN, the process of unfreezing your credit typically requires logging into a dedicated portal and providing your username and password, plus answering questions to prove your identity. You can also initiate a lift over the phone or by mail. People who did receive PINs but lost them still have several options to pursue. However, the specific process you go through for regaining the access that lets you lift the freeze varies with each credit reporting agency. Remember that a credit freeze restricts access to your account. That means if you want to apply for a new credit card, for example, you'll need to lift the freeze temporarily. There is no charge to do it and no impact on your credit report. Additionally, a credit thaw is a long-term choice for unfreezing credit. People who may need to open several new accounts in a relatively short period, such as after a move, may find that option is best for them. The steps you take for thawing a credit freeze are the same as for a shorter lift. If you request a credit freeze lift over the phone or online, representatives will do it within an hour of hearing from you. In contrast, when you initiate a request by mail, they'll take care of it within three days of receipt. Options beyond credit freezes Credit freezes can sometimes provide people with a false sense of security. They only make it harder for people to open new accounts and don't impact existing ones. Moreover, pulling information from applicants' credit reports is something most creditors do, but it is not a requirement. Due to those limitations, some people opt to initiate fraud alerts instead. A fraud alert requires potential lenders to take extra identity verification steps, usually by asking the applicant to consent to a phone call or face-to-face meeting. Fraud alerts last from one to seven years, depending on the type you opt to request. Unlike a credit freeze, you only need to contact one of the three credit reporting bureaus to place a fraud alert. Current law in the United States requires the entity you communicate with to reach out to the other two. Moreover, consider whether a credit lock suits your needs. A lock serves the same purpose as a credit freeze, but you can deactivate it with an app. However, whereas state laws govern credit freezes, the credit lock specifics get spelled out within a contract between you and the credit bureau. Most entities that provide credit lock services charge monthly fees, too. A credit freeze is generally better than a lock, but it's still smart to know about both.It's also worthwhile to activate two-factor authentication (2FA) on your bank accounts and any other websites you access that could give people sensitive information they may use to impersonate you. 2FA is an effective identity theft measure because it means that your username and password are not enough to grant access. A person must also have another piece of information — often a temporary code sent to a smartphone — to get into an account. Finally, examine your bank statements, regularly and check your credit report at least once a year for suspicious activity. Federal law in the United States allows residents to get free copies of their credit reports annually. However, many credit card companies offer credit monitoring that shows how your credit activity and overall score differs from month to month. Staying aware of any changes could help you spot identity theft evidence early. Decisive action prevents disastrous consequences Identity theft is a scary prospect. While there is no guaranteed way to safeguard against it, understanding your options and selecting the right precautions for you can give valuable peace of mind. Kayla Matthews, a tech and security journalist, has written articles for sites including WIRED, Information Age, Security Boulevard, and the National Cyber Security Alliance. To see more of her work, follow her on Twitter @KaylaEMatthews or check out her tech blog, Productivity Bytes.
Guest Post by Kayla Matthews As the 2020 census draws nearer, you may be concerned about identity theft. The U.S. census only happens once every ten years, so you may not be used to what it looks like or how it works. This uncertainty can be stressful, and the presence of scammers doesn't help.The census is a golden opportunity for identity thieves. People across the nation are expecting someone to ask them personal questions, making it easy to get sensitive information just by asking. These scammers may make you wary of participating in the real census.Even with scams aside, the idea of a census can be intimidating. Why is the government asking you questions, and what are they going to do with the answers? Giving away information is uncomfortable, even if it's to an official source.To help settle these fears, here's how the census works, what it won't do and how to avoid a census identity theft scam. How the census works The good news is you have nothing to fear from the real census. The questionnaire won't ask about anything too sensitive, and the government cannot release any of your information by law. The Census Bureau will mail out invitations for the census in March. This survey seeks to determine how many people live in the United States and generate statistics about them, such as homeownership percentage. All of the information you give will relate to this goal.The questionnaire will ask things like how many people live in your home and their ethnicities. It will not ask if you or anyone in your household is a citizen or ask for financial information. To prepare, or to help spot a fake, you can even see the census questions ahead of time.If you haven't responded to the questionnaire by May, census takers will come to your home to make sure you participate. If you're not there when they arrive, they'll leave a notice on your door with a number you can call to set up a visit. Fake census surveys Unfortunately, many people try to take advantage of others by posing as Census Bureau officials. These scams come in many forms, from phone calls to in-person visits. While these fake surveys are potentially dangerous, you can easily spot them.The population count (what most people mean when they refer to the census) occurs just once a decade. But the Census Bureau does send out other surveys regularly. These polls, like the American Community Survey (ACS), may seem suspicious, but there are ways you can be sure of their validity.Census takers do not need to worry about legal implications of revealing their citizenship status or previous criminal penalties to the government, either. The survey doesn’t ask about things like past criminal history or citizenship. A fake survey, however, might have these questions.While official inquiries try only to get a better picture of the population, scams try to access sensitive information for criminal activity. How to spot a scam You can spot if a census or other survey is fake or not in a few ways. The easiest method to figure out if someone is trying to scam you is by looking at the questions they ask. No official government survey will ever ask for the following: Your full social security number Donations or other forms of money Your mother's maiden name Anything on behalf of a political party Your bank account or credit card numbers If you see any questions like these in a poll, it's a fake. If a person comes to your door to conduct the study, you can ask for identification. If their badge does not convince you, you can call your local Census Bureau Regional Office to verify their identity.If you get a questionnaire in the mail, check the return address. Anything from the Census Bureau will come from Jeffersonville, Indiana. What to do if you think you've found a fake If you think you've come across a census scam, the first thing to do is not answer any of the questions. It always helps to be sure, so call a Regional Office or a National Processing Center to verify whether or not it's a real government survey.You can report fraud by calling 800-923-8282 or by going online at FTC.gov/complaint. If you get a suspicious email, you can forward it to [email protected] and then delete it.Lots of scams are out there. Yet if you know what to look for, there's nothing to worry about. With the right knowledge, you have nothing to fear from the 2020 Census. Kayla Matthews, a tech and security journalist, has written articles for sites including WIRED, Information Age, Security Boulevard, and the National Cyber Security Alliance. To see more of her work, follow her on Twitter @KaylaEMatthews or check out her tech blog, Productivity Bytes.
Guest Post by Kayla Matthews Don't let the funny name fool you. The identity theft tactic known as "smishing" is anything but cute. In fact, it's one of the most personal, invasive and, unfortunately, effective ways to separate somebody from their important information. What is smishing and how does it happen? “Smishing” sounds a little like “phishing.” So what makes them different?Phishing is where an unscrupulous individual attempts to trick somebody else into giving up their account credentials, financial information, or another piece of sensitive personal information. Hackers make these attempts using spam emails, fake (but convincing-looking) websites, social media messaging, instant messages and other communication tools.In phishing and smishing alike, the targeted information typically includes credit card numbers, bank account numbers, Social Security numbers, home addresses, and usernames and passwords for online accounts.Smishing is considered distinct from phishing because it specifically uses SMS and text messages to get in touch with the targeted individual. It earned a name of its own, not to mention increasing media and industry attention, because people tend to take these types of messages more seriously and are more likely to trust and respond to them. What forms does smishing take? Smishing is a textbook case of social engineering, which itself is a consequence of unsecured technologies like email and regulators’ sluggish response to epidemic levels of spam and robocalls. Social engineering is about capturing somebody else’s information for personal gain or conditioning that person to take a desired action later on.The Facebook-Cambridge Analytica scandal uncovered a social engineering campaign designed to identify peoples’ political leanings and then serve them personalized ads designed to either reinforce their biases or compromise their convictions.Most phishing and smishing attempts have a more obvious financial incentive for the party carrying out the deception. Once the fraudsters have the desired information, they can apply for new credit cards in the victim’s name or commit other types of fraud — including mail identity theft, driver’s license identity theft, account takeovers, tax identity theft, child identity theft, health insurance fraud, and many others.Smishing preys on the politically motivated as well, plus individuals in other social circles: People who have supported legitimate fundraisers and causes in the past People participating in online forums and communities People supporting or donating to presidential candidates Ultimately, the best victims for smishing and identity theft are people who are technologically illiterate and potentially lonely or disillusioned. In 2016, 37 percent of seniors in the U.S. reported experiencing some form of fraud. One-fifth of these cases concerned identity theft.Once the fraudster has made contact, they’ll use all the persuasive language they can muster to convince the other party to give up the desired information. How big is the problem of smishing and identity theft? Cases of identity theft declined slightly in 2018 after peaking in 2017. Even so, a 2019 identity theft study found that 14.4 million Americans fell victim to some form of identity fraud in 2018.According to the Federal Trade Commission, one-quarter of identity theft and fraud cases in 2018 involved the loss of money. In total, U.S. consumers lost around $1.48 billion due to fraud and the cost of recovering from fraud.As far as smishing goes, the FTC received complaints of more than 93,300 unwanted text messages in 2018, indicating a 30 percent increase since 2017. As many are fond of saying, the text message is “the new phone call” — and according to tech and cybersecurity experts, criminals are changing their tactics accordingly. How can people protect themselves against smishing? The seductive nature of smishing campaigns, and how best to protect oneself, is best understood with examples. Here’s what to look for: Messages with hyperlinks, claiming the victim has “unused funds” to add to their “digital wallet.” Messages claiming to be from the Social Security Administration or the IRS asking for personal financial information. Messages claiming to be from “tech support” that request account names and passwords in order to “unlock” the account on the victim’s behalf. Messages claiming to be from financial institutions, offering new services in exchange for personal banking information. Fifth Third Bank had to warn customers in three states in 2018 after smishing campaigns made off with around $68,000 from 125 of their customers. In this case, the combination of successful smishing attempts and new “cardless ATMS” — a convenient but perhaps ill-advised feature for legitimate customers — was a recipe for disaster.There are a few steps to take if you believe you’re being targeted by a professional “smisher”:Never respond to requests for personal information received over digital communication channels. Never click on any hyperlinks in a message if it’s from a sender you don’t know or don’t trust. Never install an application through a hyperlink you received in a suspicious message.If somebody contacts you claiming to represent a bank or another company you have a relationship with, hang up immediately. Find the official phone number for the company and call them yourself. Tell them what happened and why you’re concerned. They’ll either confirm it was them or help you get to the bottom of the fraud attempt.Be suspicious of messages that claim a sense of urgency or that use overly friendly language. Many smishing attempts may also have telltale spelling and grammar errors that give them away. If you do receive a suspicious text from a number you don’t recognize, delete it immediately and block the number.Finally, remember to report the incident to the FTC and to the FCC. Common sense can get you out of even the ugliest smishing attempts but bringing justice to those responsible requires collective action. Kayla Matthews, a tech and security journalist, has written articles for sites including WIRED, Information Age, Security Boulevard, and the National Cyber Security Alliance. To see more of her work, follow her on Twitter @KaylaEMatthews or check out her tech blog, Productivity Bytes.
The holiday season is a time for joy, family, and gifts. And it's a season that you may look forward to all year. Unfortunately, you're not the only one. Scammers also look forward to the holiday season each year because of the large number of holiday shoppers, who, to be honest, often end up being pretty easy targets. Most holiday shoppers are likely more focused on getting the best deals and gifts than they are on maintaining their personal security and privacy throughout the holiday season. If you still have some holiday shopping to do this year, you’ll want to make sure that you don’t fall for the common holiday scam. And the first step to avoiding these scams is to become aware of them. To help you have a secure and happy holiday season, we asked several experts to discuss which common scams you should keep an eye out for around this time of year. 1. Email phishing Shannon Wilkinson, CEO and President of Tego Cyber Inc. “Typical email phishing scams for the holidays come with subject lines about shipping delivery notifications for packages from USPS, FedEx, UPS or offers for gift cards. If you click on the links in the emails, they’ll redirect you to spoofed (look-a-like) websites that use the same logos and layout as the real site but you really are giving your information to a malicious actor. For spectacular savings deals you might receive by email, a good rule to follow is that if a deal is too good to be true, it usually is.” Sean Messier, Credit Industry Analyst at Credit Card Insider “The holidays are a perfect time for phishing, a scam that involves the use of fraudulent emails to coerce recipients into forking over their private information. Because emails related to holiday offers are so common, it’s important to be suspicious of any that require you to private personal information before viewing an offer or receiving a discount.” 2. Fake websites and deals Sean Messier “Certain enterprising scammers may build entire fake shopping websites to steal information. If you’re browsing the web and notice a deal that seems way too good to be true, there’s a chance that it is.” Chelsea Brown, CEO and Founder of Digital Mom Talk “The most common scams shoppers need to be aware of this holiday season are fake coupons and websites of legitimate sources and e-skimmers. While virtually every company out there is trying to entice their customers to shop with them, not every coupon or email discount you see is legitimate." Ray Walsh, Digital Privacy Expert at ProPrivacy.com “The most common scheme that consumers should watch out for are deals that are too good to be true. Scammers know that by advertising cheap goods and offers either in spam adverts, emails, or messages, consumers may be tricked into following links and entering their personally identifiable information (PII) and payment information. When a deal seems too good to be true, be extremely wary because it probably is.” 3. Website plugins Chelsea Brown “Customers also need to be aware of plugins on legitimate websites that aren't normally there. These are usually indications that a virus called an e-skimmer is in place. These devices simply copy the payment process to obtain levitate account information for customer's legal purchases.” Tips from the experts Knowing about the three common holiday scams is the first step to take when trying to avoid becoming a victim. Now, it's important to recognize what preventative measures you can take to avoid these scams this holiday season. The following are a few preventative steps provided by the experts: Sean Messier “While shopping during the holidays, use credit cards over debit cards. Credit cards are known for their excellent, federally mandated fraud protections, and using a credit card means it’s the issuer’s money that’s on the line, not yours. Before submitting personal details online, make sure the address bar displays a lock symbol and the URL contains “https” instead of ‘http’ to confirm that your information is encrypted.” Chelsea Brown “Keep track of your store accounts; especially ones you don't use often. Criminals will open new accounts in your name or try to break into existing accounts. Many customers don't check on store accounts and won't see the additional charges until the bill comes in the mail.” Ray Walsh “Stick to well-known services, and be careful when browsing the web by checking the URL address to ensure that they are really visiting the websites and services they believe they are.” Four additional scams and how to avoid them Although the three holiday-related scams listed above are some of the most important to know, unfortunately they aren't the only ones to worry about. There are countless other scams and identity theft threats waiting in the shadows as the holiday season continues to approach. It's nearly impossible to cover every holiday scam out there; however, we can provide you with some additional information regarding four other scams you can look out for this year: Fake charity scams Scam: Scammers are known to create fake charity organizations and use them to collect easy money from unknowing donators. What you can do to avoid this scam: Make sure to do your research before you make a donation to a charity that you've found online. Ask yourself the following questions when determining if the charity you are wanting to donate to is legitimate: Does the charity's website disclose a good amount of information about the cause and where the money will be going? Does the charity listing show up when you search for it in a popular search engine like Google? Does the charity's website URL look legitimate? Are there any misspellings or major grammatical errors on the website? Have you received an email from the charity without giving them your email address? Additionally, make sure you use a secure form of payment when making online charity donations. Social media scams Scam: Scammers can use social media platforms to create fake giveaways, contests, and surveys and use them to gather personal/sensitive information from you. What you can do to avoid this scam: Be wary of the contests and giveaways you enter on social media. A scammer could potentially use a popular influencer's photos and style to make you think you're entering a legitimate giveaway. Do your research to make sure that the person or company that is conducting the contest/giveaway is legitimate. Check their websites, look up the exact products they are announcing, view the comments, and make sure that you don't provide too much information when you enter. If you are truly worried about giveaway and contest social media scams, it's easiest to just avoid entering giveaways and contests altogether. Travel scams Scam: Scammers know that the holiday season is a popular time to travel, so they create fake deals, websites, and even send fake flight confirmation emails to get people to provide them with information and payment details. What you can do to avoid this scam: Don't fall for too good to be true deals and prices. Some scammers create fake websites that promote fake flight deals that are way too good to be true. If you see a price for a flight that's unbelievably low on a website that isn't that well known, then you might want to avoid that deal at all costs. It's better to spend a little extra than to fall for a fake flight scam. Overall, do your research, keep track of the flights you have booked (keep your email confirmations organized), and try to only book flights from well-known travel booking sites or official airline websites. Package scams Scam: Scammers also know that more and more holiday shoppers purchase their gifts online each year and, not only create fake websites to lure customers in, but also have been known to create certain shipping and delivery package scams that involve fake emails and mail notices. For instance, a fake email situation might occur if you order something online and get an email that claims there is an issue with delivery or shipping. Scammers can trick you by using popular delivery service logos (UPS, FedEx, etc.) and email addresses. What you can do to avoid this scam: Track your packages on the delivery service websites and research the names, websites, and phone numbers on official-looking mail notices before you provide information or call the number on the notice. Additionally, if you receive an email confirmation, keep a close eye on the email address that the confirmation was sent from. If it doesn't match the website or delivery website that you're using, avoid clicking on any links within that website and contact the real company about the issue. The Bottom Line Key Takeaways: There are several steps you can take to avoid scams • Use credit cards instead of debit cards • Check website URLs before you provide information • Keep track of your store accounts • Stick to using well-known services online • Do your research before you buy anything • Use a secure form of payment when making online charity donations • Track your packages after they ship As previously mentioned, there are many more holiday scams that you should know about than what is provided in this article. In order to prevent falling victim to these scams and other identity theft threats, you can make sure to stay up-to-date on the latest scam news, consider paying for identity theft protection/monitoring services, and take the time to do your research before you click any links in an email and/or make any online purchases this holiday season.
Guest Post by Kayla Matthews Identity theft happens when someone gets ahold of your private and personal information, such as your Social Security number or bank account information. With access to this data, criminals can make purchases and commit fraud. The elderly are often targets for such scams. They have more money, are less suspicious, and are not always entirely aware of new technology. While this is a concerning topic, here are six ways that seniors can keep themselves safe: 1. Adopt safe online behaviors Identity thieves do most of their work on the internet, so it's important to operate securely online. Always log out of bank and government websites that hold sensitive details. Never post your birthday or location on social media if you can help it. Criminals often grab this information and forge birth certificates and passports with it. Avoid fishy websites — look for a lock symbol in the address bar. Never work on anything confidential on public Wi-Fi. 2. Don't fall for email tricks If you receive an email telling you that you've won a trip to the Bahamas, or that a foreign prince wants to send you $1 million, report it as spam and delete it. Criminals love to send fake rewards or deals, called phishing scams, to victims in hopes that they'll click on it. A good rule of thumb is to never respond to a sender that's offering you money or asking for personal information. Any legitimate organization or company will never ask you do divulge your data like this. 3. Beware of phone calls Have you ever gotten a call from someone claiming to be the IRS? This is a common scam that many Americans fall for. The IRS, along with most government institutions, will probably never contact you by phone. If they need to get in touch, they'll send a letter in the mail. The same goes for calls exclaiming that you've won the lottery. If you answer a call like this, hang up and block the number from your phone. 4. Limit access to your money There are plenty of older adults who allow their family members to help manage their funds. As you age and begin to plan your retirement more thoroughly, you'll want to make sure your money is secure.Consider hiring a designated financial advisor to help you navigate your earnings and use them accordingly. If you prefer to have someone you know to assist you with this, make sure they're trustworthy. 5. Keep physical copies locked away Private documents, like your Social Security card and passport, should remain in a secure place at all times. Choose a designated area that only you and a handful of trusted individuals know. If you ever move, you'll be able to grab your files and ensure no one else has access to them. Caregivers can help protect seniors by overseeing who has access to this information. 6. Consult someone you trust Should you ever be in doubt about how to protect your identity, talk to a family member or friend that you trust. They can help you conduct further research on how to keep your data safe. If you answer an odd phone call or come across suspicious activity in your bank account, contact one of these people. Having trusted confidants in your arsenal is always a great idea. Become informed and prepared today By taking these steps, you can keep yourself safe from criminals. Make sure to operate securely on the internet, be on the lookout for suspicious phone calls, and keep your physical documents guarded. If you're concerned that you've been a victim of identity theft, a host of resources are available to help you. Kayla Matthews, a tech and security journalist, has written articles for sites including WIRED, Information Age, Security Boulevard, and the National Cyber Security Alliance. To see more of her work, follow her on Twitter @KaylaEMatthews or check out her tech blog, Productivity Bytes.
Guest Post by Dan Matthews What is your company doing to prevent the next big cyber attack? If you don't have a good answer to that question, then you are putting your business at risk. Every year, cyber attacks from all around the globe are infiltrating the computers of businesses and consumers alike, and the companies that take the biggest hits are finding it harder to bounce back. The fact is that you never know when the next big data breach will occur, but if you prepare accordingly, you can prevent your business from becoming a victim. Know the risks As sad as it is to think about, every business big and small is at risk of cyber attacks. In fact, there is a hacker attack every 39 seconds, and 43 percent of attacks are dealt to small businesses. Large corporations often have vast IT departments to fight off these threats, but smaller businesses usually have to fight on the local level with smart security decisions. Don’t worry. It can be done. The key is to be vigilant in your efforts to prevent cyber attacks because the damage done can often bring a business to its knees, as 60 percent of companies close their doors six months after an attack. The cost to bring your business back after a major breach can often reach around $250 for every record that is stolen. But that’s not it. When customers realize their information has been compromised, they will blame your business and lose trust in your services, putting your reputation at risk. Once they feel slighted, they may never return. Diligence is needed from day one, so if you haven’t already, it is time to create a risk assessment. Think about your company and the products you produce. Then think of all the potential threats that could happen to your business, everything from cybercrime to natural disasters. What precautions do you have in place to prevent the damage from these issues, and if they do occur, what are the steps you have lined out to remedy the issue? These are all important answers that you must have in writing and make sure every individual that is part of the plan knows their assignment. Keep your customers safe The next step is to seal any holes in your current digital armor. Start with your website. Ensure that you have a proper firewall that is set up correctly to block attacks. Then, put a lot of attention into the antivirus software that monitors your site. Make sure your software is regularly updated and that you scan your system regularly. During these scans, take note of any vulnerabilities and work to safeguard those leaks. You should also have all essential information backed up on secure and dependable servers. Backups should occur weekly or daily so that you can access the necessary files if you are the victim of any number of intrusions, including ransomware attacks that can corrupt your current systems. It is wise to keep your backup servers in a secure location that is not connected to your main system so they can not be likewise corrupted. If you use mobile devices around the office, including phones or tablets, you need to keep that equipment secure as well. Mobile devices should be encrypted so that stolen data cannot be used by those without authority. You could also consider a private network, so your devices are “hidden” from people who are not meant to see them. If tablets are only used on company premises, then ensure that they stay there and that they are properly locked up at the end of the day. Finally, make sure that all security software is updated regularly. Educate all employees While your business leaders may be on board with a stronger stance on cybersecurity, if the employees aren’t on the same page, they may unknowingly open the door to attacks. The threat of cybercrime is so high that many companies are requiring mandatory security awareness training sessions that keep everyone abreast of current threats and how to fight them. Such training shows employees the bigger picture, including how attacks happen, what hackers can do with the data they steal, and how an attack affects not only the business but also their well-being. Many common-sense solutions can make a big impact on data protection, and it starts with passwords. A good password should be difficult to guess and include a combination of letters, numbers, and special characters. On top of passwords, two-factor authorization should be implemented, which has the employee use a hardware token or even biometric identification in addition to a password. Computers should never be left unattended, and screens should be locked whenever the employee leaves the desk. One of the most frequent hacker schemes that can catch employees and consumers off guard is an email attack. One popular method is spear phishing, which is a targeted attack that usually occurs in the form of an email that looks like your standard communication.. However, it often includes a link or attachment, that when clicked or opened, actually creates a hidden door into your organization. Users are lured into clicking the links because the emails are set up in such a way that they look like they are from an authority, like your bank or employer, so they create a sense of urgency. There are common signs of phishing emails that employees need to look out for: It comes from an email address that looks official but is off by a letter or two. The body of the email contains many spelling errors. It is written with a sense of urgency along with a link you were not expecting. In the end, it is every company's responsibility to protect their data against cyber attacks. Although hackers are always getting smarter, they still need to gain access to your systems, so heed these tips and stay a step ahead. Dan Matthews is a writer with a degree in English from Boise State University. He has extensive experience writing online at the intersection of business, finance, marketing, and culture. You can find him on Twitter and LinkedIn.
Disney+, a new streaming TV and movie service provided by Disney, allows customers to view everything from classic movies to original, exclusive television shows. Although the streaming service has only been active since November 12, 2019, customers have already complained about technical issues with their Disney+ accounts. Many customers were not able to access their Disney+ accounts and, therefore, were not able to use the company’s streaming services. And it turns out, these Disney+ technical issues may be correlated to a customer hacking situation. What happened Many Disney+ users claimed that hackers logged them out of their devices and changed their email and password information associated with their Disney+ accounts, according to CNBC. And, as stated on a Global News article, “thousands of Disney+ accounts have been hacked and are being sold online on the dark web, according to a report published on Monday.” According to a ZDNet, the accounts that were stolen “were put up for sale on hacking forums within hours after the service's launch.” ZDNet also found that the accounts put up for sale on the dark web were priced between $3 and $11 per account. Although Disney+ user accounts are being affected by hacker efforts, it doesn’t seem that the streaming service, itself, was breached. According to Global News, a Disney spokesperson recently provided a statement saying that “Disney takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+.” What you can do Disney+ isn’t the only streaming service that has faced this type of hacking situation. In fact, other streaming services like Netflix, Amazon Prime, and Hulu all continue to struggle with similar threats. These popular streaming services have made an effort to protect customers against hacker-related threats; however, there is still a long way to go in terms of protection. According to a recent BBC article, Disney+ “does not have two-factor authentication.” And users may quickly realize that this lack of multi-factor authentication definitely puts them and their information more at-risk. Since there is a lack of preventative measures on the company side of things, the one thing you can do to make sure your account is safe for any streaming service is to use a unique password. Although creating and using a unique password for every online account you have may sound exhausting, it’s an incredibly important step in protecting your account and your personal information. The bottom line It can be difficult to know how to protect yourself when using popular streaming services like Disney+; however, the more active you are in taking control of your personal security, the less likely you’ll be to fall victim to common hacking situations. If you are struggling to find ways to enhance your streaming service account security, here are five basic tips you can follow: Avoid sharing your password and writing it down Change your passwords up at least once per year Use a secure password management service to stay organized Follow these steps to create unique, secure passwords Immediately report any suspicious account activity Along with following the tips listed above, it’s important that you stay up-to-date on the latest data breach and hacking trends. After all, knowing what is happening in the news today can help you protect yourself tomorrow.
Guest Post by Lori Wade The current business environment is incredibly competitive and relentless. With excessive competition, companies will take any measure necessary to surpass the competition. That includes stealing sensitive information from their competitors. This is a serious offense that could cost the company millions in fines, while CEOs get prison time for several years. Nevertheless, companies still take that risk. However, companies are not the only threats that you face in this industry, as hackers can hold your private and confidential information ransom. Hence why your company must protect its confidential information, especially since all it takes to hack into a company is an internet connection and a laptop.To preserve the integrity of your business, here are a few ways that you can protect and improve the protection of your confidential information: 1. Limit access The first thing that you can do to secure your company better is to limit the access of confidential information to a handful of people. And although transparency is vital to building trust within the company, it should not come at the cost of the company’s secrets. For this, we recommend using virtual data room security. Keep employees on a need to know basis and keep a handful of people that you can trust with sensitive information. Giving only a few people access to sensitive information can reduce the risk of information spreading. Furthermore, when fewer people know, the easier it will be to track down the leak in the system. 2. Notify the new employer Employees leave their jobs to move on and develop their careers elsewhere; it’s a part of their journey and happens all the time. Whether it is because of disputes over the locale, payment, or travel times, it is not uncommon for employees to go for better jobs; especially when they are in higher positions. And if that employee had access to confidential information, you can send a letter to your competitor, informing them about the legal obligations that their new employee has. While this may not be news to the recipient, it shows that the former company is aware of its legal bindings. This makes for a chilling legal effect, which can stop the new company from enticing your former employees. 3. Conduct an exit interview Speaking of your employees leaving, it is always important for you to conduct an exit interview before they leave. The exit interview is not just a formality; it is a reminder that your employee should return any tangible confidential information to the company. This is also the time that you should remind them of their legal obligation to your company about the disclosure of company secrets. Of course, the exit interview should not be a threat to your employee; treat it instead like a friendly reminder of their agreements. 4. Review NDAs of all your employees NDAs, or non-disclosure agreements, are paramount in the information age. They legally bind your employees to keep company secrets; otherwise, the company can take them to court. However, these NDAs are only valid until a certain period, after which confidential information is no longer subject to the contract. You will have to look out for this, as the end of the NDA means that employees can freely share confidential information without any consequence. So be sure to check this timeframe on your NDAs before signing them. 5. Add a confidentiality policy to your employee handbook If you do not already have a confidentiality policy in your employee handbook, now would be a good time to include one. This clause also has to spell out how your employees will be handling this confidential information. A good example of this is the disposing of documents. Instead of simply placing documents in the recycling bin or the garbage, employees handling sensitive information should shred tangible evidence and permanently delete files. This agreement will also have to be consistent with other employment agreements as well as other legal obligations. 6. Add non-disclosure provisions to employment contracts Now, this is not necessary for every employee in a company. After all, not everyone will have access to confidential information. That being said, this should be a part of any employment contract in which the employee will be allowed to access company secrets. The contract should also be clear on what the company considers confidential or not. The contract should hold the employee accountable for returning tangible company secrets to the rightful owners. And even though there are laws regarding confidentiality among employees, these provisions show that your company takes this matter very seriously. 7. Label the information In court, employees who violate their NDA and disclose company secrets can claim that they did not know the information was confidential. And if proved to be correct, the employee will not have to face any charges. Therefore, putting distinctly visible labels on classified documents can save your company a fortune and can avoid mistakes like your employees accidentally disclosing company secrets. Labeling should be on both hardcopy documents and softcopy files, and the label can be something simple like "Property of XYZ Company" or "Classified." 8. Develop confidentiality training Other than spelling out confidential proceedings for your employees in their handbook, a training program can also prove to be very beneficial for them. As part of an onboarding process, employees will be able to learn how to handle classified information. Of course, seminars held in the office are not necessary, as online training and videos can also make for great learning experiences. The benefit of online videos is also that employees can access it at any time. The bottom line All of the different points and suggestions above can be summarized to train your employees, to handle classified information and inform them of confidential policies. These two alone are possibly the best ways to improve the security of company secrets and will allow your company to protect its assets better. The best part about these steps is that none of them violate your employee’s trust, while still allowing you to maintain a healthy relationship with your employees. In conclusion, taking active steps to protect your confidential information is a necessity in the age of a digital workplace. Lori Wade is a writer who is interested in a wide range of spheres from business to entrepreneurship and new technologies. If you are interested in M&A or virtual data room industry, you can find her on Twitter and LinkedIn or find her on other social media.