Treat Your Online Banking Accounts Like You’re About To Be Hacked

In the past week alone, Facebook and Google have both experienced (or divulged, in Google’s case) security breaches of various levels of seriousness, potentially exposing people’s private information. And that’s not counting the thousand-plus other breaches that occurred last year.

That’s why it’s important to be on the defensive when it comes to your financial security, and set up your accounts as if you’re going to be hacked, as Sheera Frenkel writes in the New York Times.

The most important step is also the most obvious: Creating a strong password. “If I could get people to stop two practices, they would be: Don’t use an obvious password like your name, your kid’s name or your birthday, and don’t use the same password for everything,” writes Frenkel. Use a password manager. Lifehacker likes LastPass and 1Password.

Next, pull a credit report and bring up your banking statement. Look through each for signs of fraudulent activity and immediately contact your bank if you see something you don’t recognise. They will be able to put a freeze on your account and reimburse stolen funds – but only if you tell them about it.

Consider using a single service, like PocketSmith, to keep tabs on all of your various accounts so you can check all of them more seamlessly for strange activity. Check your child’s credit report, too.

Turn on two-factor authentication for all of your accounts that allow it (and consider not using services that don’t offer it if they want your financial info). Remember, if a site wants you to input, say, the first car you ever purchased as an answer to a recovery question, you don’t have to. You can write anything you want, so long as you remember that your ‘first car’ was actually an ‘[insert fake answer here].’ Better yet, use your password manager to keep track of your answers.

You should also be wary of calls, texts and emails from someone claiming to work at your bank, brokerage, etc. There are plenty of horror stories of “banks” calling to tell you you need to change your PIN from the number associated with your bank, only to have it be a rather savvy scam. If you get a text, call your bank and ask to speak to someone. If they call you, ask if you can hang up and call back, no matter how urgent they make the situation seem. This is also true for a government agency like the ATO – they certainly won’t call you and threaten you with jail time, though that is a common scam.

Remember that you don’t need to give out your personal information just because someone, like your doctor, asks for it. “When in doubt, ask why the data is necessary or leave the space for it blank,” suggests Kiplinger. “Some companies want your driver’s licence so they can track you down in case you fail to pay bills. An alternative identifier — say, your phone number — may suffice.”

Finally, set a calendar reminder to check one of your free credit reports every four months going forward. You might also consider a credit monitoring service for an extra layer of protection. But remember, too, that the best thing you can do is approach each new account or service as if it’s going to get hacked the next day: Choose a strong password, enable two factor authentication and be mindful of the information you hand out. And stay vigilant.