Marriott-like breaches: 16 actions to prevent data theft & minimize damage if it occurs

In recent weeks, I’ve written about the massive Marriott data breach in which the accounts of 500 million of its guests were compromised. I’ve written about what actions affected guests should take and about how and why the U.S. should create a comprehensive data-protection plan.

The Marriott data break-in was massive, but it’s not the only recent breach affecting consumers. According to Verizon’s 2018 Data Breach Investigations Report there were 2,216 confirmed data breaches in the last year.

With so many data breaches of organizations providing products and services, consumers, including travelers, must be their own first line of defense to combat hackers. While outside services and tools can help, commonsense, thoughtful actions by each of us are among the most important measures we can employ. Moreover, there is no doubt that no one will watch out for our well-being more diligently than ourselves.

I’ve got sixteen actions you can take to help prevent your privacy, identity and finances from being compromised and if they are, minimize the damage.

Strong passwords:
Set a strong password and make it at least twelve digits long. According to How Secure Is My Password, using an eight digit password with at least one small and one capital letter, a symbol and a number would take a computer just four weeks to crack. If you add four extra numbers, twelve digits total, it would take about 3 million years to crack it. Don’t use addresses, telephone numbers, pet’s or kid’s names, birth dates or passwords you’re using elsewhere for new passwords.

Password manager:
A password manager can create, store and automatically fill in your passwords, along with other login information. You can store them for accessing websites, online accounts, etc. I personally use LastPass and highly recommend it.

Change passwords regularly:
Passwords for banks, credit cards and other sensitive accounts should be changed 2–3 times per year. Others can be changed less often. A password manager can help you keep track of new passwords.

Don’t repeat security secondary questions:
Some sites use questions/answers to beef up site security. Never use the same questions/answers on different sites.

Use two factor authentication whenever possible:
Don’t depend on password protection alone for your accounts, whenever possible. Change to two factor authentication, such as using an additional security code texted to your cell phone to be entered to validate your password entry. If possible, consider using a security key such as Google’s Titan or YubiKey by Yubico.

Minimize personal account information:
Enter only the minimum information required by companies and organizations for online accounts and social media, plus the minimal information needed for the convenience of using the account. Carefully set your privacy settings. If it’s not there, it can’t be stolen during a data breach.

Credit/Debit card information:
Unless required for an account, don’t store your credit card’s security code. Enter it when you make each purchase. Don’t store debit card information online as a payment option. If the information is stolen, they don’t have the same consumer protections as credit cards.

Mobile payments are safer:
Whenever possible, use mobile payments for online and store purchases. Mobile payment systems only transmit a transaction code to the company, not credit/debit account information.

Review bank accounts and credit/debit card accounts:
Regularly review your bank and credit/debit card accounts for errors and potential hacking. I check my accounts several times per week.

Regularly check your credit report:
It’s important to check your credit report on a regular basis. It can reveal if anyone is attempting or has opened accounts or loans in your name through stolen information. With that information you can properly react to protect your good name and credit standing.

Medical insurance reports:
Check your medical insurance reports to make sure they are correct. Identity theft has been known to occur within medical insurance, with bills from unknown doctors showing unknown treatment, and unpaid bills for deductibles, etc., that can damage your credit.

Government and account notices in the postal mail:
Take notices from governmental agencies, banks and companies seriously. Always open them. They may be informing you about new accounts opened in your name. In case a notice is part of a phishing scheme, contact the government agency and/or organization through published phone numbers and addresses.

Update operating systems regularly:
Install computer, cellphone and tablet operating system and app updates regularly to keep your devices as secure as possible, once it’s known the updates are safe.

Antivirus, anti-malware and VPN:
Use antivirus and anti-malware apps including ones that warn you about malicious links in emails and websites. Use an Internet VPN (virtual private network) connection to encrypt your online data connections from “end to end,” on computers, cellphones and tablets.

Contact list:
Don’t allow apps to access your contacts. They often contain information that you don’t want to share.

Web apps vs. built-in apps:
Built-in apps for information and purchasing often have complicated tracking technology built into them that’s hard to turn off, while it’s possible to block such trackers in browsers.

No preventative action is guaranteed to make you perfectly safe online, preventing all identity theft or your data from being stolen. The above measures, however, can increase your safety significantly and help you minimize hacker damage.

(Image: Marriott – Berlin 2018 by Pascal Volk)