Watch CBS News

6 ways to make your family harder to hack in 2018

Chip security flaw
Computer chip security flaw could expose users to hackers 01:59

By Adam Levin/

While 1,000 resolution-worthy action items are out there, the time is always now for the things that need to change in our lives. Never were truer words spoken when it comes to our potential vulnerability to hackers.

The number of breaches and the granular nature of the data exposed in those attacks over the past year are both unprecedented. The Equifax breach alone included everything (and then some) that a scammer needs in order to buy a house or a car, pay for college or medical procedures, steal a tax refund or any other transaction.

But that's not the only reason you should be on high alert. Technology is the friend of the hacker. Cybercriminals make a living being up-to-date on the latest security protocols and protections. They're also the most common spur for innovation, discovering the latest "eureka" moment in cybersecurity while reverse-engineering existing ones to steal data.

Side by side with the general threat is a "pre-set" attitude prevalent among consumers. Breaches and the identity theft that flows from them have become the third certainty in life, right behind death and taxes. The attitude tends to be, "There's nothing I can do about it," or "If it happens, it happens."

I get it. I own a company that among other things, helps consumers resolve the fallout of identity theft. But working on the front lines of what amounts to a war of attrition against the bad guys, I can tell you that consumers can, and should, be doing more.

Here are my suggestions: 

Avoid account takeover with better password tactics

According to a recent survey, more than 80 percent of people 18 and older reuse the same password across multiple accounts -- a practice called daisy-chaining.

Here's the scary part: You'ill almost certainly be able to guess the most popular password used by consumers in 2016. (It was "123456.") Consider, affordable machines on the market today can hit a website's authentication system with billions of passwords per second. "Password" isn't going to do much in the way of keeping you from getting got.

Even if your personal email address hasn't been exposed in a data breach -- you can check on -- you need to take extra precautions.

Here's why: If scammers get control of your personal email, they can commandeer many, if not all, of your accounts -- retail, financial and beyond. For this reason, whenever possible, don't use your name or email address for login purposes. Rather, treat it like another password (but bear in mind, many sites will not allow you to do this).

If that seems like a hassle (remember, security and convenience aren't always compatible) a startup called Joinesty offers an automated solution that uses a Chrome extension to randomize the email addresses used for login on various accounts thereby rendering your personal email address useless to a hacker.

Use two-factor authentication

Do you use two-factor authentication on all your accounts that offer it? It's a relatively seamless process whereby every account login requires both a password and a six-digit code that's emailed or sent to your smartphone via SMS.

It's not failsafe. If a criminal has control of your personal email account or possession of your phone -- and your password -- he can beat two-factor authentication. That said, you're a much less attractive a target -- the predator equivalent of a spiny hedgehog waddling down the road with an excessively plump piglet. Which one would you rather be?

Turn off location services, and don't overshare

Remember the bumbling duo in the holiday classic "Home Alone?" It used to be that burglars cased a neighborhood. With oversharing on social media, including location data posted in photographs that permit geotagging technology or volunteered by way of preference settings, we're constantly "casing" ourselves for the would-be thief.

An added layer of complication here is that even if your social sharing doesn't include location data, other members of your family might be sharing it. Remember, you're only as secure as your most insecure family member.

The conversation about cybersecurity should be ongoing with those closest to you, because increasingly we're all connected in ways that can get people robbed. 

Have nothing to ransom

Ransomware is going to continue to plague consumers in 2018.

It's a form of malware that occupies a victim's computer and then encrypts every file on its hard drive. Few things are scarier than a ransomware attack, especially when the victim has no idea what just happened.

First rule of thumb: never make a payment to get files back (or stop someone from sharing embarrassing files -- another prevalent scam). Contact a resolution expert first.

Second rule: Back up your files daily.

If you want to be 100 percent unaffected by ransomware, back up your hard drive on an encrypted, long-and-strong password-protected external drive and store a mirror backup on a cloud server. Then when your would-be extortionist demands cryptocurrency (which if you own any, should also be stored on an external wallet), you can say: "No," and go on with your day.

Enroll in transaction alerts and identity monitoring

There's no better way to calm fears of account takeover than transaction alerts. All banks and credit card companies offer them for free. They make fraud a momentary crisis that's easily contained because the moment a fraudulent charge occurs, or a scammer attempts to open a new line of credit, the consumer is notified.

Think of it as an underage keg party that gets shut down by the police -- a quick burst of annoying nothing, and then everything is back to normal.

Transaction alerts have an added benefit: Every charge you make pops up on your phone or in your email, detailing the purchase, which can help you curb spending, given the constant -- albeit instant -- reminder of how much money is going to be due at the end of your billing period.

Practice the 3 Ms

Minimize your exposure. Don't authenticate yourself to anyone unless you're in control of the interaction, don't overshare on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity, and freeze your credit.

Monitor your accounts. Check your credit report religiously, keep track of your credit score, review major accounts daily if possible. (You can check two of your credit scores for free every month on If you prefer a more laidback approach, see No. 5 above.

Manage the damage. Make sure you get on top of any incursion into your identity quickly and enroll in a program where professionals help you navigate and resolve identity compromises. These are often available for free, or at minimal cost, through insurance companies, financial services institutions and employers.

The New Year offers the opportunity to turn a now-old threat into new peace of mind.

The dangers out there are manifold, but if you're prepared, even the worst attacks are survivable. The above suggestions aren't resolutions. They're common sense. At their best, New Year's resolutions are an arbitrary deadline to change your habits in one way or another. When it comes to hack-proofing your life, we're way past midnight.

More articles from

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.