Skip to main content

Editors' pick: Originally published Jan. 31.

Hackers are always on the prowl for more victims, as the incidences of identity theft continue to rise while massive data breaches among companies and government agencies become the norm. Billions of consumers have been affected as fraudsters have infiltrated retailers, health insurance companies, Yahoo and even the IRS.

Instead of relying on a company to protect your identity, personal information or even credit score, consumers need to be pro-active in the aftermath of being hacked and follow these five tips once their personal data has been compromised.

Tip 1: Change every password and use a password vault

Whether your email, social media or bank account has been hacked, double check and ensure that the passwords are changed on all your other accounts, especially if you tend to use the same version, said Nathan Wenzler, chief security strategist at AsTech Consulting, a San Francisco-based security consulting company.

"If an attacker has been able to get credentials to one of your accounts, they can likely leverage that to get to all of your other accounts," he said.

Instead of attempting to memorize all of them or storing them somewhere safe, use a personal password vault which can randomly generate passwords that are difficult to guess or compromise.

"It gives you a simple interface in which to log in without having to remember them all or write them down everywhere," Wenzler said. "There are many vaults out there which are free, so there's little reason not to use one."

Change your password immediately, but ensure it is over a safe network and not over public WiFi in a cafe or hotel, said Joseph Carson, head of global strategic alliances at Thycotic, a Washington D.C. based provider of privileged account management solutions.

"Once the password has been changed, check the account activity log for abnormal activity such as log-on locations, browsers or changes to the profile," he said.

Tip 2: Keep monitoring your accounts after the fact

Hackers are extremely patient and consumers may not even realize they have been hacked. Since many consumers opt to check their financial accounts only once a week or even monthly, some attackers will wait to "take advantage of your accounts, especially if it's a credit card or other financial account," Wenzler said.

"This gives them time to see if you or your bank has noticed and puts distance between them and the initial attack so it's harder to figure out what happened," he said. "If you know your accounts have been compromised, you should keep an eye on all your accounts to see if there's another attacker lying in wait to use the stolen data."

Tip 3: Update your security questions

The multitude of questions required by your credit card company is one method for consumers to authenticate their identity. While the questions may seem silly, they are meant to deter good social engineers from gleaning even more personal information from your social media accounts, such as your first dog's name or your mother's maiden last name.

"They can easily figure out a lot of that information if you're posting things like your birthday, where you live, where you went to school and more on your social media sites," Wenzler said. "If you've been compromised, it's a good idea to change the questions you use. You can even consider changing the answers to something unrelated, but that you'll personally remember such as answering a question about where you attended high school with an answer such as peanut butter sandwich."

Tip 4: Get free Credit Monitoring or Identity Protection

Many companies are defending themselves from fraudsters incorrectly, "believing they can defeat all attackers rather than adding effective detection technologies and procedures," said Kasey Cross, director of product management at LightCyber, a Los Altos, Calif.-based provider of behavioral attack detection solutions.

Many companies who have failed to protect its customers offer free credit monitoring, credit locking or identity protection to compensate for the inconvenience or loss.

"Take advantage of this offer immediately," she said. "At the same time, change your passwords and try to come up with something resistant to more casual attackers such as setting up additional controls using your mobile phone as a secondary means of security. Most entities provide this as an option now."

Facebook recently added more options to provide layers of security for people logging into their accounts. In addition to two-factor authentication for log-in, consumers can use security keys such as a universal 2nd Factor (U2F) security key to log in through USB or NFC.

Tip Five: Learn New Tech Topics

Relying on companies to protect your identity is a fallacy and learning the latest online tools, which are often free, is the best way to prevent hackers from stealing your data and reselling it.

Learning the last information on the Internet of Things (IoT), cloud computing, mobile device settings and backups of important data will lead to "real behavior change," said Dan Lohrmann, chief security officer at Security Mentor, a Pacific Grove, Calif.-based provider of security awareness training.

"Security awareness training can be fun and achieved by using gamification and focusing on brief, frequent and focused content," he said. "Make sure you learn and apply the available security setting that is offered to you at social media sites and with new devices - such as wearable technology."