The end of the year is a valuable time to clean up bad cyber habits. With a new year comes new opportunities for both you, and the bad guys. Bad guys prey on ignorance to compromise your identity and assets. I frequently hear, “I’m not worth a whole lot so bad guys aren’t going to waste time trying to compromise me,” or “there’s nothing in my bank accounts so I’m not a target.”

Consider this – in most cases, the content of your bank account is irrelevant to the hacker because the original hacker is only after your account information to be sold to a third party on the dark net. The average credit/debit card is worth about 25 dollars on the cyber black market. This is why you see “skimmers” being used at retail locations and gas stations. Each time a consumer swipes a card at that terminal with a hidden skimmer, bad guy pockets 25 bucks, regardless of the owner of the card, or their current wealth.

There are many easy steps that can be taken to better protect yourself from cybercrime on and off the internet. First and foremost, good password hygiene. Having at least a 10-digit password utilizing at least 2 upper and lower-case letters, as well as a special character drastically lowers an adversary’s ability to break your password. Think of it this way; if I was tasked with trying to guess a co-worker’s password, and the co-worker’s password was 123456, it may be a quick day at the office. However, if that co-worker’s password was 9ijhB&^72A, I’m in for a long night. The password cracking ability of a hacker works in the exact same manner. If a password is short and typical such as password1, the hacker’s computer will guess it correctly in a matter of minutes. If the password is 9ijhB&^72A, the hacker would give up long before the computer program came close to guessing the correct sequence. In addition, use different passwords for each website visited, especially sites with sensitive information such as online banking or social media accounts. This way, if one site’s credentials are compromised, the attacker doesn’t have access to all the others with the same credentials.

The internet however is not the only place you can unknowingly give up your identity or bank account information. Every time you swipe a credit/debit card, you give up your data to the vendor, hoping that they have the means and infrastructure in place to keep your information safe. As we’ve seen with Target and The Home Depot, assuming an organization is secure based on its size is a recipe for identity theft. So, the question isn’t should I never swipe a card again, as much as what card should I be swiping?

If you can navigate the temptations of the almighty credit card, this is your safest option. When using a debit card as your everyday method of payment, you are accepting the risk of losing the entirety of your bank account relevant to that card. In other words, when you swipe with your debit card, whatever amount is in all accounts relevant to that card, ie -checking, savings, IRA’s, you are liable for that full combined amount in the event that the card is compromised. With a credit card however, limitations of liability are attached, usually around 500 dollars, to which you are responsible for in the event of a breach. Banks and other financial institutions are getting better and better about not holding their members liable for these fraudulent activities, however, you can limit your liability simply by switching to a credit card as your go-to card for everyday swiping.

Around 90% of compromises are initiated from user’s ignorance of cyber best practices. In most cases, if it feels like a scam, it’s probably a scam. Fellas, no, the Victoria’s Secret model on Tinder did not come across your profile and decide she wants to immediately chat with you on this other website link for you to click on, and ladies, unfortunately no, you did not win the purse shopping spree that this email claims you won even though you never entered into a contest and only needs your social security number to process your winnings. Instead, if it feels like a scam, or might be too good to be true, consult with an information security expert who can diagnose the contact as legitimate or spam. If you don’t know one, I’m happy to help!