Source: MoneyWatch

Your personal information is under a nearly constant assault from hackers and criminals, and you can no longer trust in luck and safety in numbers for protection. Just a few days ago, I told you about how criminals can use social engineering to completely circumvent the need to have your password, for example. So is all hope lost?

Nope — if you’re careful and follow some simple rules for protecting your privacy, you can still win the war against cybercrime. Here are some things you absolutely should already be doing — or, failing that, start doing — today:

  • Never reply to emails with personal information. I’ll start with a gimmie. Everyone know this already, right? It’s easy to send an email that looks like it came from your bank. But financial institutions will never ask you to reply to an email with your Social Security number, password or any other personal info. If an email asks for information like that, just delete it — it’s a phishing expedition.
  • Never click a link in an email to go to your banking web site. Even people who would never think to reply to an email with their account number and password might still click a link in a message to “conveniently” go to their account login page. But this might still be a phishing trip, and you could be clicking to a site that’s about to capture your login information. Always navigate to a web page yourself via your browser.
  • Use a unique password on every site. Don’t use the same password on Facebook and your bank — if Facebook is ever compromised, you’ve just given away the keys to your finances. Use a password keeper like Roboform or Lastpass so you don’t need to remember 500 passwords.
  • Use 2-factor authentication whenever possible. If your email service and financial institutions offer it, enable 2-factor authentication. This is a security process that requires you to enter a new, unique passcode every time you try to log into the site — and that code comes from your phone. So unless a cybercriminal has access to your phone, they can’t log in, even with your ordinary password.
  • Be careful what you say online. Social engineering scams often work because cybercriminals know enough about you to bluff their way through a call with customer service. Don’t share details about recent Amazon purchases, for example, to cut off one vector that scammers can use against you.
  • Password protect your devices. It’s a pain, but you should lock your phone, tablet and laptop with passwords or PINs. Don’t use the same PIN for every device, and don’t use an easy-to-guess PIN like 0000 or 1234.

Good advice as you enter 2013!