Six Internet hygiene tips after 18 million hit by Chinese hackers

The Chinese government hacked federal employees’ personal and security clearance information as part of a counterespionage campaign earlier this month. The Office of Personnel Management network was breached, affecting as many as 18 million people in the U.S.

Now, federal employees need help figuring out what happened. So they called up the Office of Personnel Management. OPM transfers them to CSID — the agency’s credit monitoring contractor — which puts people on hold for hours. They go to their website? It crashes.

Last Friday, the Colorado Public Interest Research Group released this response.

Screen Shot 2015-06-29 at 11.11.17 PM

The consumer advocacy group also offered data hygiene tips for all internet users — not just federal employees.

Here’s what they recommend:

1) Get a security freeze. 

A security freeze shields your credit report from creditors. It’s the only way to stop new accounts from opening in your name — like abstinence for your personal data. In Colorado, the first freeze is free. After that, it’s up to $12 every time you want to lift or place it.

Read this if you’re considering a security freeze.

2) Don’t bother with credit monitoring.

A lot of big agencies and firms offer credit monitoring services like the Office of Personnel Management does through CSID. Monitoring your credit doesn’t prevent theft — it only tells you once it’s happened.

Also, don’t pay anyone to monitor your credit. You can do it yourself for free by checking Equifax, Experian or Trans Union every few months.

3) Make your passwords robust, not simple. 

It’s the opposite of KISS – Keep it simple stupid. When it comes to passwords, don’t.

Use different passwords for different accounts. 8-12 characters minimum. Combine numbers, upper and lower case letters and special characters. (&, %, $, #).

And because there’s no way you’re going to remember them all, consider using a password keychain. says don’t trust iCloud — try mSecure or 1Password.

4) Don’t click on spam. 

Don’t click on those emails from a Nigerian Prince asking for money transfers.

Don’t give any information to someone who calls “from your bank.”

Don’t click things you’re not sure about.

Just don’t do it.

5) Learn more. 

The Federal Trade Commission provides lots of information that goes well beyond simple identity theft. Ever considered the perils of tax refund theft, medical services theft or child ID theft? Read the FTC’s advice. Need to clear your name of false criminal charges? Read the FTC’s advice.

6) Tell Congress. 

Good Internet hygiene can only do so much.While Congress works on data breach response legislation, CoPIRG advocates beefing up data security and victim rights.

Photo composite by Nat Stein via WikiMedia