7 online security steps to take this holiday season year-round

The advice in this post is good year-round, so I've changed the headline and it's the Daily Tax Tip for Monday, March 5, 2018. Be safe out there taxpayers and keep an eye out for the latest Dirty Dozen tax scams!

Today is Cyber Monday, the first post-Thanksgiving weekday when millions of shoppers go online seeking holiday bargains.

It's also the start of National Tax Security Awareness Week. For the next five days, the Internal Revenue Service will focus on ways to protect tax and financial data during this hectic holiday season.

Each day this week, the IRS and its Security Summit partners in state tax offices and the tax industry will focus on one issue that poses a threat to individuals and businesses.

In addition to highlighting the issues, these groups will offer steps we can take to protect ourselves and our businesses from cyber criminals.

Online tips kick off security awareness week: Fittingly, today's first National Tax Security Awareness Week tip deals with online security.

Online crooks seek to turn stolen data into quick cash, either by draining financial accounts, charging credit cards, creating new credit accounts or even using stolen identities to file a fraudulent tax return for a refund.

The following seven steps can help you improve your online safety this holiday shopping season, as well as protect the tax returns you'll file and refunds you'll receive in 2018.

1. Shop securely: Buy from familiar online retailers. Beware purchases at unfamiliar sites or clicks on links from pop-up ads. Look for the "lock" icon in the browser's URL bar. Also note whether there is an "s" at the end of the http in the URL. Generally, sites using "https" at the start of the URL are secure. Remember, however, that even bad actors may obtain a security certificate so the "s" may not vouch for the site's legitimacy.
2. Avoid unprotected Wi-Fi: Unprotected public Wi-Fi hotspots also may allow thieves to view transactions. Do not engage in online financial transactions if using unprotected public Wi-Fi.
3. Don't fall for phishing bait: Learn to recognize and avoid phishing emails that pose as a trusted source such as those from financial institutions or the IRS. These emails may suggest a password is expiring or an account update is needed. The criminal's goal is to entice users to open a link or attachment. The link may take users to a fake website that will steal usernames and passwords. An attachment may download malware that tracks keystrokes.
4. Keep a clean machine: This applies to all devices — computers, phones and tablets. Use security software to protect against malware that may steal data and viruses that may damage files. Set it to update automatically so that it always has the latest security defenses. Make sure firewalls and browser defenses are always active. Avoid free security scans or pop-up advertisements for security software.
5. Strengthen passwords: Experts suggest a minimum of 10 characters but longer is better. Avoid using a specific word; longer phrases are better. Use a combination of letters, numbers and special characters. Be unique. Use a different password for each account. Use a password manager, if necessary.
6. Use multi-factor authentication: Some financial institutions, email providers, social media sites and even the IRS allow users to set accounts for multi-factor authentication, meaning users may need a security code, usually sent as a text to a mobile phone, in addition to usernames and passwords. Use it. For added protection, some financial institutions also will send email or text alerts when there is a withdrawal or change to the account. Sign up for these. Also check your account profiles at these locations to see what added protections may be available.
7. Encrypt and password-protect sensitive data: If you keep financial records, tax returns or any personally identifiable information on computers, encrypt this data and protect it by a strong password. Also, back-up important data to an external source such as an external hard drive. And, when disposing of computers, mobile phones or tablets, make sure to wipe the hard drive of all information before trashing.

Identity theft follow-up: Even if you take security steps, criminals might find a way into your financial and tax data. Yes, I'm talking about the recent hacks of Equifax and Uber, which were not revealed to potential victims for months and years.

Unfortunately, such security breaches are all too common, putting us at risk of identity theft through no fault of our own.

That's why we should take added steps throughout the year to ensure we haven't become identity theft victims.

A key action is to request a free credit report from each of the three major credit bureaus once a year. Check it to make sure there are no unfamiliar credit changes.

Also create a My Social Security account online with the Social Security Administration. There you can see how much income is attributed to our Social Security number. If it's more or less than you know it should be, that's an indication that some is using your federal identification number for false employment purposes.

Check your bank and credit card statements as soon as they are available each month. In this digital age where many of us get such information online, it's easy to just let the notices that our statements are available sit in our email boxes. But by ignoring the statements, we'll miss signs that our accounts have been compromised.

Nothing is guaranteed, and creative crooks are always finding new ways to get access to our financial and tax data. But by being aware of the possibility and taking some simple steps, we can at least make it harder for them.

You also might find these items of interest:

• Beware year-end ID theft and quick cash scams
• Watch out for the Dirty Dozen tax scams of 2017
• 5 ways to protect your identity (and money!) during National Tax Security Awareness Week
  (and year-round!)