Zappos, online shoe and clothing retailer, is the latest merchant to succumb to a data breach. More than 24 million customer accounts were compromised, which may have included customer names, e-mail addresses, addresses, phone numbers, the last four digits of credit card numbers and "cryptically scrambled" passwords. Zappos encrypts payment card data and said no credit or debit card information was accessed.
The recent Zappos breach has us all thinking about trust. We start to think about all the online sites in which we've placed our trust—accounts we've opened, where we've shopped and social networking sites where we disclose our lives, to name just a few. Many of us can't remember them all; let alone the email or password we used. As we go about our daily lives, we repeatedly take leaps of faith. For convenience and opportunity, trust seems to be the only choice. However, there are some practical ways you can protect yourself. Here are just a few:
- Take the time to create a strong password. The strength of a password is comprised of length, complexity, and unpredictability. For example, use a minimum password length of 12 to 14 characters, including numbers and symbols, using mixed case, if possible.
- Avoid using the same password for multiple sites.
- Don’t share passwords.
- Don’t write down or email credit card information or passwords.
- Log out when you complete an online session.
- Change your password regularly.
As you choose sites with which to interact, take a moment to look at a web site's privacy and security pages. Find out how they collect, use and store your information. If the site accepts payments, is it PCI compliant? Does the web site instill confidence? If not, trust your gut and look for other options.
2011 was a difficult year in terms of breaches—Sony, Michael's, Citibank and many others were affected. The trend continues in 2012. Be that first line of defense. Although following some of these tips may seem inconvenient, would you rather be left wishing you'd done things differently?
