7 ways to protect your personal data

Staying safe online is critical, especially as more concerns arise about personal information being compromised through cyberattacks or other potentially unauthorized access.

Recent reports reveal that 2024 saw some of the most extensive and damaging data breaches in history—resulting in billions of records stolen—affecting critical industries including a health insurance giant, a major internet and phone service provider, and a company specializing in background checks and fraud prevention.

Piling on top of breaches at major companies, new phishing scams pop up daily. For instance, a recent scam targets business Instagram accounts using fake chatbots and support emails aiming to trick business owners into handing over login credentials. A similar threat targeted Facebook users in February, which attempted to get users to click to set-up instructions for two-factor authentication or click through for a “system check.”

“These attempted attacks demonstrate a high level of attention to detail when the bad actors replicate legitimate webpages, chat bots and related communications to look almost identical to actual communications channels,” said Krista Taylor, information security program consultant at BOK Financial®. “This type of attack is always an important reminder to verify the URL before clicking on any link, especially if the communication uses urgent language.”

Where could compromised data go?
When personal information or financial details are compromised in a breach, victims could face lasting impacts including fraudulent accounts opened in their name, damaged credit scores or compromised online identities that could take years to resolve.

“What’s perhaps most concerning is that stolen personal data maintains its value indefinitely, creating ongoing vulnerability as information resurfaces on dark web marketplaces long after the initial breach,” said Taylor.

Meanwhile, cybercrime is projected to cost the global economy $10.5 trillion in 2025, with data breaches and phishing attacks being major concerns, impacting businesses and individuals alike.

“Current events or news about breaches may prompt some people to take action but now is always a good time to consider bolstering the protection of your personal information and accounts,” said Taylor. “There are basic proactive steps you can take to protect yourself and avoid exposing your information to unnecessary risk from online criminals.”

Taking these proactive steps now can save you from having to undergo extensive remediation efforts later, including freezing credit files, monitoring accounts, replacing compromised documents and navigating complex recovery processes with financial institutions.

How to protect your data
Taylor recommends taking seven actions to protect your data:

1. Strengthen account security. Create unique, strong passwords for each account, ideally using 16 or more characters with a mixture of letters, numbers and special characters. Taylor cautions against storing passwords in your browser, which can be vulnerable to data breaches. Instead, store your passwords in a reputable password manager, which can also generate these secure passwords. Finally, enable multi-factor authentication (MFA) when possible—for instance, using an authenticator app, hardware token or biometrics to verify your identity.


2. Monitor and avoid scams. Scams using artificial intelligence and other targeted attacks are increasing across the United States, which means being skeptical of unknown senders or links is essential. Taylor said it’s critical to avoid clicking on links or downloading attachments from unknown or suspicious senders in text messages or emails. Only visit trusted websites and avoid clicking on pop-up ads that might contain malware. “Never share personal or financial information over the phone, email or text, unless you initiated the contact with a trusted source,” she warns.


3. Secure your devices. Being proactive means ensuring that your devices are secured with strong passcodes, fingerprint locks or facial recognition, and keeping up with updates recommended by app creators. “It’s also important to make sure you enable features that will allow you to wipe your information off of lost or stolen devices so that someone can’t access your data,” Taylor said.


4. Only use secure connections. Access your sensitive accounts, such as banking or email apps, only on private, secure Wi-Fi networks. “You should always try to avoid using public Wi-Fi or use a trusted VPN for encryption and added security,” Taylor said.


5. Monitor accounts regularly. Pay close attention to your bank statements, credit card transactions and other accounts to ensure only authorized activities are reflected. Set up alerts for suspicious activities and consider freezing your credit with major bureaus to prevent unauthorized credit checks or accounts. With frozen credit, even if identity thieves have your personal information, they can’t open an account in your name. Note: you will need to freeze your credit separately on all three credit bureaus.


6. Limit personal information sharing. Avoid sharing too much on social media, such as addresses, birth dates, or phone numbers, as a lot of this info can be used to mine data to guess your passwords or gain access to your personal accounts. “Using caution when sharing contact details online can make a significant difference in protecting your information from falling into the wrong hands,” Taylor said.


7. Back up important data. Have a plan to back up your important files to encrypted external drives or secure cloud service.

“By staying vigilant and proactive, you can significantly reduce your risk of falling victim to cyber threats and data breaches,” Taylor said.