Depending upon the type of breach, there may be absolutely nothing you could have done to prevent your data from being exposed. This would include a breach with a component internal to the company and could include an employee using their access to your data inappropriately and potentially illegal ways. Examples of this type of breach would be having a check that was not to or from you and did not match your account cashed against your account anyway. Another example would be having your birth date and social security number exposed by a person who worked in an IT department at an educational institution or hospital.
Other times however, your data is breached because you set a weak password for an account and someone was able to hack the weak password giving them access to your account. An example of this type of breach would be having an order placed against an account you have with a vendor even though you did not place an order. Often in these situations your credit card is charged because it has been stored on file with the account. Another example of this type of breach would be getting locked out of an account because your password was hacked and then changed by the person responsible.
The first line of defense to reduce the likelihood your password will get hacked by someone guessing or software trying to hack your password, is to create more complicated passwords. When you create a password, try not to use names or items that are important to you. In other words, if someone broke into your home and found baseball memorabilia all over your office and a poster of one ball player, do not set your password to that ball player's last name. This may be an obvious example but people often use their children's or pet's names and anniversary dates as passwords. These types of passwords are easy to guess and therefore put your data at risk. Instead, make sure you use a password with some randomization, at least eight characters, and substitutions.
The best passwords use upper and lowercase letters, numbers, and special characters when they are supported. Remember, the longer the password is the longer it takes to hack even if clever password hacking software is being used. Some examples of how to take regular passwords and strengthen them are shown below:
- downtherabbithole becomes d0WntH3r@BB1th0L3
- todayisagreatday becomes t0D@y1s@gR3@tD@y
- leavemystuffalone becomes 13@V3MyStuff@10n3
- ilovejillian becomes 1L0v3j1!!1@N (even though we would not recommend using a password like this, we list this example to show ways the password can be modified to be more secure since some people will still use this format of password)
Make sure you do not write your passwords down and keep them in plain text documents or in site. This may seem obvious but often passwords can be found written on small pieces of paper and hidden under keyboards, mice pads, or in desk drawers. Anyone who has gone to the trouble to break into your home or office will surely find these "hidden" passwords. Instead, keep passwords in a file that is encrypted, or write them down and store them in a safe deposit box or other protected location.
Lastly, protect yourself by using a few different passwords with the accounts you create. This works because if someone happens to get your password, whether they hacked you directly or a company you had an account with was hacked, they will not be able to gain access to every other account you have if you use different passwords. This is especially important if you use the same user id when you create accounts. To best protect yourself, use a few different user id's and passwords when creating accounts. Doing this will reduce the likelihood someone who has gained access to one of your accounts will be able to gain access to additional accounts.
Taking these steps will seem tedious at first, but they can help prevent much more pain at a later date if you follow them.