Cybercriminals go after a lot of different kinds of personal information to perpetrate fraud, sell identities, or blackmail people. Some examples are financial information (credit and debit card numbers, bank account details), login information (usernames, passwords, answers to security questions), personal information (Social Security number, driver’s license, passport), health and medical records, and contact information (email addresses, phone numbers, and home addresses). Attackers also want any private emails, images, or online profiles that they can use or sell. In real life, hackers usually go for the “big three” of identity theft: personal information like your name, birthdate, address, and SSN; financial credentials like your bank and card information; and account logins. More and more people are stealing medical data and insurance information because they are hard to find and can be utilized for more fraud.

Common Cyber Threats

There are many different kinds of cyber risks. Phishing is one of the most common types of cybercrime. Attackers send you emails, texts, or phone calls pretending to be from reputable organizations like banks, government agencies, or companies and try to get you to give them personal information like your credit card details or login credentials. Malware is bad software (such viruses, worms, trojans, spyware, and so on) that gets into your devices to steal information, watch what you do, or break your system. Ransomware is a very dangerous sort of malware that discreetly encrypts your files or systems and then asks for money to unlock them. A data breach happens when a hacker takes advantage of security holes to steal a lot of private information from a business or service. This often puts consumers’ personal information or login information in the hands of the criminals. Finally, identity theft happens when criminals use stolen personal information, like your Social Security number or account details, to pretend to be you. They might do this to open credit accounts, file fake tax returns, or make purchases without your permission.

Best Ways to Keep Your Data Safe

To lower your risk, follow these tried-and-true security tips:

For every account, use a strong, unique password or passphrase and keep it in a trusted password manager, such Bitwarden or 1Password. This means you can use long, random passwords everywhere without having to use the same ones again, which makes credential-stuffing attacks far less likely.

Turn on multi-factor authentication (MFA) for all of your accounts that allow it, such as banking, email, and social networks. MFA adds an extra step or code to your password, which makes it extremely tougher for someone to get in without permission.

Make sure your software and gadgets are always up to date. As soon as you can, install updates for your operating system and applications. These updates often fix security flaws that attackers could use to get into your system. Also, make sure you have the latest antivirus and anti-malware software. Windows comes with Microsoft Defender, but you can also choose another trusted security package.

Use networks that are safe. Don’t use public Wi-Fi to do banking or other critical things. When you have to use public Wi-Fi, as at a café or airport, use a VPN to connect. This makes a secure “tunnel” that stops people from listening in. At home, always use encrypted Wi-Fi (WPA2/WPA3) and a strong password for your network. Also, change the default router credentials.

Watch out for links and emails. Even if the email or text looks important, you should never click on links or open attachments in emails or texts that you didn’t ask for. Check the sender’s address carefully because it can be fake. Phishing emails frequently have spelling problems, strange URLs, or ask for personal information. If you’re not sure, go to the organization’s website or call them to confirm any strange requests.

Make sure to back up your data often. Make backups of vital files (such papers, images, etc.) often and store them on an external drive, an encrypted cloud storage account, or a cloud account. The U.S. Federal Trade Commission (FTC) says that if you don’t back up your data, “you risk losing everything if your computer gets hacked, crashes, or downloads a virus.” A recent backup can make the difference between being able to retrieve your data and losing it forever if ransomware or a hardware breakdown happens.

Tools and Tech

There are a number of tools that can help you defend yourself:

Managers of passwords. Services like Bitwarden, Password, and others encrypt and store all of your passwords behind a single master password. They help you make long, genuinely random passwords for each site, so you never have to remember or use the same complicated password more than once. (Wired’s security guide says that a smart password manager allows you use “long, random, and unique passwords across all your accounts” for safety and ease of use.)

VPNs, or virtual private networks. A VPN client, like Proton VPN, Mullvad, or Cisco AnyConnect, encrypts your Internet connection to a server far away. This makes sure that anyone who is spying on a public Wi-Fi can’t see your data. Cisco says that a VPN is “an encrypted connection over the Internet from a device to a network.” This keeps what you do online private. Use a VPN all the time, but especially when you’re on a public or untrusted network.

Software that protects against viruses and malware. Put trusted security software on all of your computers and mobile devices, and keep it up to date. Microsoft says, “Installing an anti-malware app and keeping it up to date can help protect your PC from viruses and other malware.” This can find known risks and put them in a safe place until they can be dealt with. Windows users have Microsoft Defender built in, and it gets updates automatically through Windows Update. There are also third-party programs like Norton, Malwarebytes, Bitdefender, and others.

Cloud and backup storage that is encrypted. Use cloud services that encrypt your data both when it is being sent and when it is not being sent. For instance, you could utilize encrypted cloud drives like Google Drive, iCloud, or Dropbox, or end-to-end encrypted vaults like Tresorit, Proton Drive, Sync.com, NordLocker, and others. Make sure that any cloud service you use “encrypts your data while at rest and in transit” and has tight access controls. If you encrypt your backups and use secure cloud storage, attackers won’t be able to quickly read your data even if they break into the service.

Advice on how to keep your mobile device safe

Protect your mobile phones and tablets because they have just as much personal data as PCs.

Set a robust lock on your screen. Set a PIN, password, or biometric lock (such a fingerprint or face ID) on your device so that other people can’t easily get to your data if you lose it or it gets stolen. Experts in security say that “none of [the virtual security] measures matter if someone can physically grab your device.”

Set up security software and keep it up to date. A mobile device can get viruses just like a PC. Use the security features that come with the device (like Google Play Protect on Android or Apple’s Security & Privacy features) and think about getting a mobile security app. Always install updates for your operating system and apps as soon as they are available. These upgrades often correct security holes. If you don’t use an app anymore, uninstall it. To avoid getting fake copies, only download programs from the official app store (Google Play or Apple App Store).

Make a copy of your mobile data. Turn on cloud backup (like iCloud or Google Drive backup) to store your contacts, photographs, and documents. You can also copy crucial files to a computer or external device every so often. Regular backups safeguard you from losing data if your device is attacked, lost, or broken, just like with PCs.

Allow tracking and wiping from afar. Activate the “Find My Phone” (iOS) or “Find My Device” (Android) option that comes with your phone. If you lose or have your phone stolen, you can find it, lock it, or erase it from a distance.

Be careful with connections. Turn off Bluetooth, NFC, and Wi-Fi when you aren’t using them to keep anyone from getting into your device. Don’t click on links in text messages or messaging applications that look strange; phishing schemes can also target phones. Also, don’t “jailbreak” or “root” your device, because that stops important security upgrades from happening.

Cloud Service Security Tips

When you use cloud-based services like email, storage, apps, and more, here are some tips for keeping them safe:

Make sure to use secure passwords and MFA. Make sure that all of your cloud accounts (email, file storage, social media) are safe by using different passwords and two-factor authentication. This way, even if login information gets out in a breach, attackers still need the second factor to get in.

Protect private information via encryption. Use end-to-end encryption if your cloud provider offers it and you are the only one who has the key. You can also encrypt files manually before sending them with programs like VeraCrypt or 7-Zip. Make sure that the service encrypts data both when it is being sent and when it is at rest.

Check the settings for sharing. Be careful about who you provide cloud files or links to. When you distribute links, use secure passwords and, if you can, impose expiration dates or download limitations. Check for and delete any old sharing permissions or public links that you don’t need anymore.

Look at the permissions for the app. A lot of cloud apps need a lot of permissions. Only give the app the access it needs to work. Remove permissions from any third-party apps you no longer use or trust.

Keep an eye on what happens with your account. Check your cloud services’ login activity or security alerts on a regular basis. Many companies, like Google, Microsoft, and Apple, will let you know when someone logs in from a new device or location. You should pay attention to these alerts.

Identifying and responding to strange behavior

Keep an eye out for symptoms of an assault or data breach, and respond promptly if you see anything strange:

Activity on the account that isn’t normal. Look for credit card charges, bank transfers, new accounts or bills in your name, or credit that you weren’t expecting. Keep an eye out for emails or other messages that imply someone else logged in or reset your password without your permission (for example, an email claiming someone logged in from a device or location that isn’t you). These things could all mean that someone has taken over your accounts.

Weird things happening with the device. If your computer or phone suddenly slows down, shows a lot of pop-up adverts, has apps you don’t know about, or has a battery that drains quickly, it could be malware. Some types of ransomware can show ransom notes or texts that are encrypted.

Attempts to phish. Be careful of calls or texts that come out of the blue and ask you to send money, verify accounts, or install software. A lot of the time, scammers act like tech support or government authorities. Real businesses won’t threaten you with “immediate action” or ask for private information out of the blue.

Look at the notices about data breaches. Keep an eye on your email and credit reports for notices about breaches. You can check to see whether your information has been leaked in a known breach using free tools like the FBI’s IC3 or the FTC’s identification services.

If you think an attack is happening, do something right away. Change any passwords that may have been stolen, conduct anti-malware scans, and, if required, unplug from the network. Tell your banks and credit unions about any charges that aren’t real, and think about putting a fraud alert or credit freeze on your accounts. In the U.S., people who have been victims of cybercrime or identity theft can report it to the FBI’s Internet Crime Complaint Center (IC3) or go to IdentityTheft.gov, which shows them how to get their lives back on track. Quickly reporting crimes helps police find the people who did them and can help you get your money back faster.

You may dramatically lower the danger of a cyberattack stealing your personal information by knowing what data attackers seek, being aware of frequent threats, and adopting certain security best practices. Be on the lookout: keeping your personal information safe is an ongoing effort that requires good habits, the correct tools, and quick action when you see warning signs.