How to Protect Your Confidential Data Online

Even with tremendous investments in cyber security, the most common way for hackers and fraudsters to gain access to your confidential information is to trick you into opening or responding to an email or other online message that looks legitimate.

Here are eight tips to help you avoid becoming an easy target for hackers and fraudsters.

• Make your passwords at least eight characters long, and include a mix of uppercase letters, lowercase letters, numbers, and special characters, such as @, #, % and &.
• Don't use all the same character, such as 333333, or consecutive keys on a keyboard, such as ASDFGH.
• Don't use words that would appear in a dictionary (English or other). They can be easily compromised by password-cracking programs that use electronic dictionaries.
• Use a line from a favorite song, poem or movie, and pick the first letter of each word for your password. Also use at least one number. For example, "The early bird catches the worm" becomes the password TEBCTW1.
• Use two short words and connect them with a number, such as WIN7ONE.
• Use a word that's easy to remember, but take out the vowels and replace them with numbers. For example, "summer" becomes the password S2MM3R.
• Don't write down your passwords anywhere or store them in your phone.
• Don't reuse or recycle your passwords.
• Don't use your (or any family member's) name, nickname or initials in any form (forwards or backwards spelling).
• Don't use your user ID in any form.
• Don't use other information about yourself that's easy to find, such as birth dates, phone numbers, license plate numbers, Social Security numbers, street addresses and the kind of car you drive.
• Use a different password for each online account or application.
• Never post your password on your computer monitor, at the bottom of your keyboard, under your mouse pad or any other place near your computer system.
• Change your password right away if you suspect it has been discovered by anyone else.
• Never give your password to anyone over the phone.

Multifactor authentication requires additional verifying information when you’re logging in to an account, which gives your accounts an added layer of security. Multifactor authentication can include:

• SMS or email notifications 
• Biometric identification
• Tokens

• Be suspicious of any message that asks you to provide personal information. McGriff never uses emails or text messages to ask for your personal information.
• Hover your mouse over links to inspect their true destination. If it looks suspicious, don’t click it!
• Before sharing any confidential information on a website (such as your name, address, birth date, Social Security number, phone number or credit card number), make sure it’s a secure site. Look for the lock symbol or “https” in the browser’s address bar to verify its security.
• Never open email attachments from senders you don't know. Simply delete the messages altogether.
• Use caution with email attachments, even if you know the sender. If you weren't expecting the message or if you have any suspicions, contact the sender to make sure they sent the message.

It’s wise to avoid posting any of this information on social media:

• Your birthdate 
• Your street address
• Geotagged photos 
• The time you're away on vacation

• Always keep your device's software updated (use the latest operating system and browser versions available). 
• Install security software and keep it up to date.
• Download apps only from trusted app stores. 
• Turn off Wi-Fi/file sharing/AirDrop options when not in use. 
• If you must use unsecured, public Wi-Fi (such as in an airport or coffee shop), never access confidential websites (such as your online banking) or enter any credit card data (such as to make an online purchase).

Order a free copy of your credit report once a year from AnnualCreditReport.com(opens in a new tab) and from a different bureau (Equifax, Experian, TransUnion) every four months so that you're always covered.

Email transmitted across the internet is normally not protected and may be intercepted and viewed by others. That's why you should never send us any confidential or private information by unsecured email.

Rest assured, McGriff will never ask you to send any confidential information by email, such as your logon ID, password, account number or Social Security number.

Protect your personal computer by purchasing and installing antivirus software, such as McAfee's VirusScan or Symantec's Norton AntiVirus, to find and remove potential viruses on your computer.

Consider buying antivirus software that automatically scans for virus updates whenever you go online. If your software doesn't have this feature, update your antivirus software at least weekly by contacting your antivirus vendor to get the most current antivirus signature files.