TIME Security

Experts Warn Corporate Boards Aren’t Protecting Us From Hackers

A shopper walks past a large Home Depot logo inside a store
A shopper walks past a large Home Depot logo inside a store in New York,Tuesday, May 16, 2006. Bloomberg—Bloomberg via Getty Images

In the wake of hacks agains Target, Home Depot and JPMorgan, analysts say companies' boards need to be more vigilant on cybersecurity

As an increasing number of major retailers and financial institutions are falling victim to hacks like those against Target, Home Depot and JPMorgan, many experts say corporate boards aren’t doing enough to protect customers from cybersecurity breaches.While corporate boards are a step removed from companies’ day-to-day operations, the increasing risk of data breaches means that boardmembers need to be more involved in cybersecurity, observers say, whether by pushing for security oversight or reshuffling executives who don’t react properly to crises.

“We live in the post-Target era,” said John Kindervag, security analyst at Forrester. “There’s a moral obligation to consider firing an executive team because of a data breach. It’s a huge business failure.”

Corporate boards rarely review cybersecurity plans or involve themselves in the particulars of data protection, traditionally viewing security as an information technology problem. According to a PriceWaterhouseCoopers report released last month, just 42% of 9,700 executives in over 150 countries said their boards are involved in security strategy; just 25% said their boards are involved in reviewing security and privacy threats.

“They’ll say to the CEO, what are we doing about security, and then don’t get involved at all until they get breached,” says Avivah Litan, security analyst at Gartner. “Most companies don’t communicate at that level with the board. They’re out of touch and they’re totally clueless about information security.”

Securities and Exchange Commissioner Luis Aguilar put it more gingerly to board directors earlier this month at a New York Stock Exchange cybersecurity conference. “There may be a gap that exists between the magnitude of the exposure presented by cyber-risks and the steps, or lack thereof, that many corporate boards have taken to address these risks,” Aguilar said. There’s a discrepancy, too, between what shareholders demand of boards and what they’re actually doing — a survey published by Institutional Shareholder Services (ISS) last month shows that nearly 70% of shareholders view board oversight actions prior to hacking incidents as “very important.”

Negligent boards may find themselves facing questions from angry shareholders and customers after a cyber breach. In June, ISS made the unusual recommendation that Target shareholders oust seven out of 10 members of its board after credit card information belonging to 40 million customers was compromised, laying blame on two board committees in particular.

“The data breach revealed that the company was inadequately prepared for the significant risks of doing business in today’s electronic commerce environment,” ISS advised. “The responsibility for oversight of these risks lies squarely with the Audit Committee and the Corporate Responsibility Committee.” Shareholders re-elected the board, but ISS’ condemnation was a wake-up call for retailers. Target is now facing an investigation from the Federal Trade Commission into the details of the breach.

Home Depot, meanwhile, was a founding member of a threat-sharing group of major retailers earlier this year, and its board received regular updates on cybersecurity, according to a spokesman. “IT and IT security have regularly been items on our board meeting agendas for several years now, and the board has received regular updates on the breach since it occurred,” said that spokesman. But the hardware retailer was caught flat-footed by a data breach this year that jeopardized 56 million customers’ credit cards, and managers ignored weaknesses in cyber defense before the attack, the New York Times reported last month.

Analysts say a strong board of directors should know how to ask management the right questions about cybersecurity. “The board is not responsible for identifying risk, but it sure as hell needs to know that management understands that responsibility and knows how to respond to it,” said Rick Steinberg, former governance practice leader at PricewaterhouseCoopers.

Ultimately, it might be a financial motivation that gets corporate boards to take a closer look at their firms’ cybersecurity standards. Target’s net income dropped more than $400 million in the quarter the breach was announced compared to the year before; the company said direct costs from the data breach would reach $148 million in the second quarter of 2014 alone. The total expense of any breach, including lost profits from nervous consumers, are often incalculable. “A data breach is the equivalent of an oil spill,” said Kindervag. “It’s a fundamental business issue.”

MONEY Fast Food

Millennials to Blame for McDonald’s September Slump

The fast-food chain is getting hit not only by problems in China but also by rising costs and changing tastes. Coca-Cola is suffering too.

MONEY Apple

Here’s What Happened When We Tried Apple Pay

Sure, the new payment system looks all shiny in Apple's demos, but does it really work on the streets of New York? We set off to find out.

Updated at 9:30 pm

We gave Apple Pay a real-world test run on Monday, the day the new payment system launched. And as you can see in the video, it worked pretty well. At least where we already expected it to work.

There are a few wrinkles you don’t see on camera. Setting it up wasn’t quite seamless. I deliberately tried to set it up on my new iPhone without reading in advance about how to do it—after all, that’s how most people use their iPhones in real life. I found myself roadblocked pretty quickly. The Passbook app where credit card info is supposed to be stored… didn’t seem to have any way to enter my credit card info. It turned out I had to update my phone to the latest version of iOS 8. I got the phone just last week, and have already upgraded once, so that was a bit of surprise.

Day two (Tuesday) of trying to use Apple Pay in everyday life, with no camera crew around, was less successful. At Starbucks, I watched other customers paying with smartphone apps, but learned that they were using the coffee company’s own system. Starbucks doesn’t do Apple Pay. At a Duane Reade drugstore—a New York brand of Walgreens—the reader didn’t work. But the cashier told me most of the other readers in the store did. Later on, I successfully paid for a couple of Lightning cables at a Walgreens in Brooklyn. “Wait, that thing actually works?” said the woman behind the register.

Apple Pay doesn’t feel revolutionary. You take out your phone instead of your credit card to pay for things—it just means reaching into a different pocket. But that probably counts as a success for Apple in the long run. Using Apple Pay is similar enough to what I already do that I can see it easily creeping into my everyday routine.

MONEY Autos

The Price of Hybrid and Electric Cars Is Plummeting. Here’s Why

2012 Toyota Prius
Toyota Prius David Dewhurst

Among the trickle-down effects of cheaper gas prices are lower sales totals for alternative-fuel cars—which in turn have forced automakers to slash prices on these vehicles.

USA Today just reported that Ford is cutting the sticker price of the fully battery-powered plug-in Focus Electric by a flat $6,000. That’s on top of a $4,000 price reduction on the same vehicle a year ago. The new sticker price is $29,995 including shipping—but not including federal tax credits of up to $7,500 and state incentives that might effectively knock another $2,500 off the amount buyers pay.

Obviously, Ford wouldn’t be instituting such dramatic price cuts if the Focus Electric was selling well, and part of the reason sales have been poor is that the model doesn’t stand out in an increasingly crowded field of midlevel-priced plug-ins where the Nissan Leaf, the pioneer in the category, remains the indisputable leader. Another reason for underwhelming sales of the Focus Electric—and for many alternative-fuel cars in general, for that matter—is simply that gas prices have been getting cheaper and cheaper.

According to the AAA Fuel Gauge Report, the national average for a gallon of regular was just under $3.10 on Tuesday, compared with $3.35 a year ago and around $3.70 this past spring. Gas prices for the year as a whole are down slightly compared with 2013, and projections call for continued lower prices in 2015. All of which hurts automakers’ efforts to convince buyers that it’s a savvy move to pay a premium over a standard gas-powered vehicle for a hybrid or electric car right now, with the anticipation that they’d more than make up the difference later on in the form of savings on gas.

To help sales, automakers have been trying mightily to make the difference in price between alternative-fuel cars and their traditional car counterparts disappear. Nissan slashed the price of the Leaf in early 2013, effectively bringing the takeaway price of the vehicle under the $20,000 mark. Leaf sales have been strong throughout 2014, up 23% year over year thus far. Ford Focus Electric sales are up in the U.S. as well, with September units sold up 60% compared with the same month last year. Even so, we’re talking about extremely small numbers: 176 Focus Electrics sold last month, versus only 110 for September 2013.

What’s especially noteworthy is that the combination of lower gas prices and increasingly fuel-efficient internal-combustion engine cars appears to be putting the squeeze in particular on hybrid cars like the Toyota Prius. According to Toyota data, 14,277 Priuses were sold in the U.S. last month, compared with 15,890 for September 2013. For the year thus far, Prius sales are down 11.4% compared with the same period a year ago—and mind you, this slump took place a time when Toyota sales overall are up 5.7%. By far the worst-performing Prius has been the plug-in PHV; only 353 sold in September, a decline of 71% versus the same month a year ago (1,152). As for hybrid sales overall, a total of 31,385 units sold in the U.S. in September 2014, a decrease of 35% from the previous month, and a decline of 6.5% from the same month in 2013.

Bear in mind that the hybrid sales slump has occurred while automakers have gotten more aggressive with discounts. As Automotive News lately noted about the struggles of alternative-fuel cars:

Data from KBB.com show that Toyota boosted Prius incentives to $2,300 per vehicle in September from $1,400 a year ago while Ford ramped up C-Max spiffs to $4,900 from $2,650 per vehicle in the same period; neither move helped sales.

So cheaper gas prices benefit drivers not only in terms of the obvious—cheaper gas prices—but also because they’re forcing automakers to slash prices on hybrids and electric cars that boast savings on gas as a primary sales pitch.

MONEY Tourism

Price Hikes Up to 150% Are Planned for Your Favorite National Parks

Entrance sign near Big Oak Flat Entrance Station, Yosemite National Park.
Entrance sign near Big Oak Flat Entrance Station, Yosemite National Park. Fred van Wijk—Alamy

A proposal is on the table to hike prices of admission, annual passes, campsite reservations, and more at roughly 130 national parks and recreation areas.

A broad proposal from the National Parks Service (NPS) first exposed by the Denver Post could make visiting some of the country’s biggest and best national parks significantly more expensive as early as next summer. Admissions to popular national parks such as Yosemite, Mount Rainier, and Crater Lake are likely to see price hikes of 50%, while prices at some lesser-known gems like Colorado’s Great Sand Dunes National Park might rise upwards of 150%. Price increases are also being proposed for annual passes, campsites, boating permits, and other services at dozens of park and recreations areas.

Before storming the parks service in protest, bear in mind that even if the price increases are accepted, our national parks would remain one of the world’s great vacation bargains. The current price of a seven-day pass for a vehicle and all of its occupants at Yosemite is $20, rising to $30 if the proposal is approved. To make its case that the increases are necessary and appropriate, the NPS noted:

The current park entrance fees have been in place since 1997, when a seven day pass was increased from $5 to $20 per vehicle. According to the U.S. Bureau of labor and Statistics, $20 in 1997 is equivalent to $29.64 in 2014. This fee change will allow Yosemite to maintain consistent revenue while adjusting accordingly for inflation.

Likewise, the price of admission at Great Sand Dunes would rise to $10 per person up from the current rate of just $3 (there’s no flat vehicle rate offered), while the cost of an annual pass would increase from $15 to $40.

Park visitors could start to see the price increases as early as next summer, and/or fees might be incrementally hiked over the next couple of years. One of the reasons cited for the proposed increases is that the NPS is celebrating its 100th anniversary in 2016, and it wants to commemorate the centennial with parks and recreation areas looking their finest.

None of this is a done deal, however. The parks service is allowing the public to weigh in with comments over the next couple of weeks, and at least in theory the response could have an impact on how the proposed price increases play out. What’s especially complicated about the matter is that the average Joe is being asked to submit comments related to each park’s price hike individually; there is no central spot where people can respond to the general idea of raising prices across the board. There’s one spot where you can offer your opinion on price increases at Yosemite, for instance, another for the price increases at Washington’s Lake Roosevelt National Recreation Area, and so on. (The nightly cost of an individual campsite at the latter would go from $10 to $18, by the way.) The dates for open commenting and public meetings at each park are different as well. The commenting session at Yosemite began on Monday and stretches through November 20, and there’s a two-hour meeting open to the public on November 12, while comments for Lake Roosevelt can be made through October 31, and three meetings are being held in nearby state-owned facilities this week.

The superintendents of each park also have some authority to decide if and how price hikes go into effect, though a broad range of parks—including Mount Rainier and Olympic in Washington state, Rocky Mountain in Colorado, and Glacier in Montana—are expected to follow through on some if not all of the proposed increases. Jon Jarvis, the NPS director, noted in a memo that there will always be “significant public controversy” about any price increases for use of lands that we as a nation own. Yet he stated that the increases “will allow us to invest in the improvements necessary to provide the best possible park experience to our visitors.”

Surely, many park goers will be upset by the proposed increases, and it would be surprising if a majority—or even a significant minority—of those commenting on the proposals were voicing their approval of higher fees. For some perspective, Kurt Repanshek, who runs the National Parks Traveler blog, points out that admission to Yosemite cost $10 a century ago, so we are more than due for a price hike:

When you think of how inflation has treated park entrance fees — that $10 fee charged in 1915 equates to $230.74 in 2014 dollars — entrance to the parks under the existing pricing structure might literally be described as a steal.

TIME Ask TIME Tech

Ask TIME Tech: Best iPad for the Money Right Now?

iPads
The iPad Mini 3 (left) and the iPad Air 2 (right) Asahi Shimbun / Getty Images

A rundown of all the available models, highlighting the differences in search of the best value

Question: I need a new iPad, but I’m not sure which one I should get. Is the iPad Air 2 worth it or is one of the other models a better deal? I don’t really care if it’s a full-size iPad or one of the smaller ones. And I’m okay with spending $500, but if I don’t have to, obviously I would like to save some money. What are the main differences between all of them?

Short Answer: Last year’s iPad Mini 2 is a good deal at $299.

Long Answer: Someone who says “I need a new iPad” is apparently a rarity nowadays, with Apple having trouble convincing people to upgrade their tablets regularly. I’m part of the problem: I’ve been using an iPad 3 for the past million years and it still suits me fine.

Here’s a video comparison of all the currently-available iPads, which contains much of the advice you’ll otherwise read below:

iPad Air 2 ($499+)

If you have $500 to spend on an iPad, the new iPad Air 2 won’t disappoint. Of all the available models — there are now five: the iPad Air 2, the iPad Air, the iPad Mini 3, the iPad Mini 2 and the iPad Mini — the iPad Air 2 has the newest processor, which might help you squeeze an extra year out of it over one of the other models.

Don’t get too distracted by the iPad Air 2’s other specs, though. It’s thinner than the first iPad Air, yes, but we’re talking half of a tenth of an inch. It’s lighter, sure, but we’re talking 0.04 pounds for the Wi-Fi model. The big news here is the processor. The iPad Air 2 is also rumored to sport two gigabytes of RAM versus one gigabyte for all the other models, which should increase performance.

The iPad Air 2 has the fingerprint sensor that debuted with the iPhone 5S, which makes unlocking your iPad quick (assuming you lock it with a passcode) and lets you buy stuff from iTunes without typing in your password. You’ll also be able to log into certain third-party apps with your fingerprint as well.

Finally, the iPad Air 2 uses newer, thinner screen technology that makes colors pop a bit more. Apple added an anti-reflective coating as well. The front-facing camera is a little better than the previous model’s, and the Wi-Fi chip uses newer technology that allows it to connect to certain networks faster. Oh, and you can get it in gold (gold is best) and in a 128-gigabyte storage configuration.

iPad Air 2 ($499+) vs iPad Air ($399+)

iPad Air 2 v iPad Air
Apple

Step “down” to last year’s iPad Air, and you lose the gold option. You get a less efficient processor. The screen is still the same resolution, but there’s no antireflective coating. It’s marginally, marginally, marginally less thin and light. The front-facing camera is five megapixels instead of eight. There’s no fingerprint sensor. It doesn’t connect to certain superfast Wi-Fi networks as fast as the iPad Air 2 does. It might not have as much RAM.

On paper, Apple makes a somewhat convincing case for going with the iPad Air 2 over the iPad Air. In reality, what you’re giving up in order to save $100 might not be all that important. The iPad Air is still plenty fast, plenty thin and plenty light.

iPad Air ($399+) vs iPad Mini 3 ($399+)

iPad Air v iPad Mini 3
Apple

Now we’re going to basically step laterally to the iPad Mini 3, Apple’s newest iPad Mini model. Aside from it being smaller than the iPad Air models, under the hood, the iPad Mini 3 is almost identical to the iPad Air — all the way down to the $399 starting price. You do get the fingerprint sensor with the iPad Mini 3, the gold color option and the 128-gigabyte storage option. The processor, cameras, connections and just about everything else are the same.

iPad Mini 3 ($399+) vs iPad Mini 2 ($299+)

iPad Mini 3 v iPad Mini 2
Apple

Here’s where things get interesting. The iPad Mini 3 and the iPad Mini 2 share pretty much the exact same innards, except that the iPad Mini 3 has the fingerprint reader, the gold color option and the 128-gigabyte storage option. For $299, the iPad Mini 2 is on par with both the iPad Mini 3 and the iPad Air, which makes the iPad Mini 2 a great deal relative to the other available iPads. As long as you don’t care about the fingerprint reader, you’re okay with the space gray or silver options, and you don’t have enormous storage requirements, the iPad Mini 2 is arguably the best bang for your buck.

iPad Mini 2 ($299+) vs iPad Mini ($249+)

iPad Mini 2 v iPad Mini
Apple

Don’t fall for this one. You might save $50 by going with the original iPad Mini, but it’s got a much slower processor than all the other iPads and its screen is much lower-resolution. If ever you had a reason to cough up an extra $50, this is it. The iPad Mini at $250 allows Apple to offer an iPad that can kinda-sorta compete with low-cost Android tablets, except that any $250 Android tablet would almost certainly feature much more potent specs. This is half a marketing play by Apple (“iPad starts at $250!”) and half a chance to clear out leftover inventory of a two-year-old tablet.

If you’re looking for even more info, Apple has a handy iPad comparison page for your perusal.

Related:

 

MONEY Sports

S.F. vs. K.C. By the Numbers: How the World Series Teams and Towns Match Up

San Francisco blows away its opponent in terms of global cachet and higher incomes, but Kansas City has barbecue—and more importantly, the Royals are favored to win it all.

The Kansas City Royals have skipped through the 2014 playoffs thus far without a loss, and sports betting operations named the team as a slight favorite to win the World Series over the San Francisco Giants. What’s particularly impressive about the Royals’ run is that the Giants’ payroll is more than 50% higher ($148 million versus the Royals’ $91 million).

The home markets of this year’s World Series contenders couldn’t be more different either. San Francisco is a hip, high-powered, and high-priced magnet for tech startups where the average home sells for close to $1 million, compared to a mere $186,000 for the typical house in Kansas City, a low-key, highly livable Midwestern hub famed for top-notch barbecue. Nonetheless, the secondary market price of World Series tickets for Kansas City home games is roughly 30% higher than games hosted by San Francisco. That somewhat unexpected disparity likely comes as a result of San Francisco owning the edge on most recent World Series title. Giants fans have been spoiled of late with championships in 2010 and 2012, whereas Royals’ fans have been waiting since 1985 for another World Series title.

With the Series starting tonight, click through the gallery above for a look at how the competitors match up, on and off the field.

MONEY Odd Spending

8 Ways Somebody Is Making Money Off Ebola Fears

Clorox and Lysol on shelves in store
Patti McConville—Alamy

The buzz over Ebola has triggered sales that might be described as overboard (body suits), ironic (Ebola Halloween costumes), or downright bizarre (protective masks featuring a hip-hop artist's face).

On Monday, the World Health Organization declared that the Ebola outbreak is officially over in Nigeria. Yet fears of the deadly virus continue to grip the world, meaning that sales of Ebola-related products like these are likely to continue being strong.

Anti-Germ Products
Disinfectants, Clorox, Lysol, and hand sanitizer are among the germ-fighting products that have experienced a boost in sales since Ebola fears have hit the U.S. and other nations. In a recent four-week period, for instance, Clorox sales were up 28%. Anecdotally, travelers report that hand sanitizer and other anti-germ products are appearing more often near the checkout areas of airport shops, though that may be partly just because it’s flu season.

Protective Gear
After word spread that someone in the U.S. was being treated for Ebola, sales of medical-grade masks, gloves, body suits, and other protective gear made by one Chicago-area firm spiked. The number of phone calls the company handled increased fivefold almost overnight, and sales of face masks jumped by 40%. Sales of a wide variety of infection protection and doomsday prep kits have soared as well. And speculative investors see opportunity in the situation, too. One day in early October, the stock price of Lakeland Industries—which manufactures industrial protective gear worn by professionals who might come into contact with dangerous chemicals and viruses—surged more than 50% (before retreating significantly of late).

Hip-Hop Ebola Masks
Basic polypropylene masks sell for less thanb 10 cents apiece when purchased in bulk. But when you’re going to the trouble of protecting yourself from germs with a mask, why not go the extra step and protect yourself in style? That, presumably, is the sales pitch from the rapper Cam’ron, who is selling polypropylene masks for $19.99 each, featuring an image of his likeness on them—oddly, while he’s speaking on a pink flip phone. Perhaps even more oddly, the item is only available for preorder at the moment. “Ships 11/7/14,” the order page explains. You’ll have to hold your breath or (gasp!) use a lame, basic mask until then.

Ebola Halloween Costumes
Thanks to the world’s lightning-fast-moving attention span, we’re guaranteed that anything that’s been buzzing in the news or has achieved meme status in October is bound to pop up in some form as a Halloween costume. Even if it’s a subject as grim and deadly serious as Ebola. So it shouldn’t come as a surprise that the “hot costume” label has been applied to Ebola-related outfits, including Ebola containment workers, Ebola victims, and Ebola zombies.

Ebola Toys
To be fair to Giant Microbes, the Connecticut-based “Learning & Fun” company has been manufacturing plush toy versions of Bed Bugs, Chickenpox, Dengue Fever, Black Death, and no fewer than three Ebola products long before Ebola sales became trendy. In any event, sales of Giant Microbes’ “uniquely contagious” Ebola toys have been off the charts since the virus became a mainstay on cable TV news; the company has been completely sold out for days.

Fake Charity Scams
The Better Business Bureau warned consumers about “a variety of Ebola-related scams and problematic fundraisers” that have popped up in recent days, including crowdfunding ventures that aren’t necessarily providing any aid to Ebola victims and sketchy phone solicitations that aren’t tied to any genuine, known charities.

Vitamin C
Essential oils and herbal remedies are among the many unproven “cures” that have been suggested as strategies for fighting off Ebola, but of all the groundless theories for protecting oneself, none has gotten more attention than Vitamin C. One opportunistic New York businessman has been selling up to 14,000 packages per day lately of a supplement with 554% of the daily recommended intake of Vitamin C—which he packages under the name Ebola-C.

Science blogs have felt compelled to combat the misinformation, describing one effort to pump up sales of the vitamin as a “particularly irresponsible bit of quackery promotion.” In a Los Angeles Times story about purported Ebola “cures,” Gerald Weissmann, editor-in-chief of the Federation of American Societies for Experimental Biology and professor of medicine at New York University, said that while Vitamin C is part of a healthy diet and helps build up one’s immune system, “there’s no evidence it has any effect on infectious disease” when taken in higher doses. What’s more, “all this quack stuff takes money and effort away” from legitimate research devoted to coping with Ebola and other health dangers.

Web URLs
In 2008, a forward-thinking entrepreneur named Jon Schultz purchased the Ebola.com URL for $13,500. He’s now willing to part with control of the site for a mere $150,000, the Washington Post reported.

MONEY identity theft

4 Reasons Why You Should Shop at Stores That Got Hacked

141020_EM_CCBreachStores
Mike Blake—Reuters

Almost half of all consumers surveyed are afraid to shop at retailers like Target. They shouldn't be.

Retailers are gearing up for the holiday shopping season, but one thing has some consumers spooked: According to a new survey by CreditCards.com, 45% of respondents say they are less likely to shop at stores that have suffered a data breach, such as Target, Home Depot, or Michaels. Almost 30% say they will “probably” avoid stores that have been hacked, and 16% claim they “definitely” will.

While it’s hard to believe that half of all shoppers will actually skip the sales at major retailers come holiday season, Target did suffer a 5.5% decline in transactions last year after its data breach.

But shoppers, you’re being silly. You don’t need to avoid stores that have been hacked. Here’s why.

1) If someone steals your credit or debit card number, you have very limited liability.

You’ve got at least one reason to thank Congress: The Fair Credit Billing Act and the Electronic Fund Transfer Act cap how much money you’ll lose if someone steals your credit or debit card. If someone steals your card number but not your actual card — which could happen during a data breach — you are not liable for any fraudulent transactions. Read: You won’t lose any money. Just be sure to report any fraudulent debit card charges within 60 days of receiving your statement.

The rules are a little different if someone steals your physical card. With credit cards, you still won’t need to pay anything if you report the loss before a thief uses the card. Otherwise, your liability is capped at $50. With debit cards, you’ll only pay up to $50 if you report the theft within two days, or up to $500 if you report the theft within 60 days of receiving your statement.

There’s another reason to prefer credit over debit. When someone makes fraudulent charges on your credit card, you can challenge the bill when you receive it. But when someone else uses your debit card, that money comes straight out of your account, so it could take a little bit longer to recover your funds.

And if you’re really afraid, just stash the plastic. CreditCards.com reports that 48% of shoppers say data breaches have made them more likely to spend cash.

2) Avoiding these stores won’t protect you from the scariest kinds of identity theft.

When someone steals your credit card number and spends your money, that’s considered “existing account fraud.” Banks and credit card companies have gotten pretty good at identifying abnormal spending patterns, so you’re likely to catch existing account fraud early, and your liability is limited.

But if someone steals your Social Security number, opens a new credit card in your name, provides a new billing address, and runs up big charges, it might take you a while to notice. That’s called “new account fraud,” and it’s a real headache.

To catch new account fraud, check your credit report three times a year. It’s not hard to do, and it’s free. Your report will show all your accounts and debts, as well as your payment history. Check to make sure all of the information is accurate and all of the accounts actually belong to you. (Go. Do it now. Did you catch a problem? Here’s what to do.) If you’re afraid that your social security number has already been stolen, you can put a free fraud alert on your credit file to let lenders know or freeze your credit so that no one else can open new accounts in your name.

But you don’t give out your Social Security number every time you swipe your credit card, don’t worry about going shopping.

3) Safer cards are on the way.

Are you sick of all these data breaches? So are businesses — after all, they’re the ones on the hook for fraud, not you. That’s why Visa and Mastercard are sending out new “chip-and-pin” cards. These cards have embedded microchips, which are more secure than magnetic stripes. If you’ve ever traveled abroad, you might remember what chip-and-pin technology looks like; Europeans have been using this system since the 1990s. While not foolproof, these cards are a great improvement. President Obama signed an executive order last week requiring that all government credit cards use chip-and-pin technology.

Practically speaking, chip-and-pin cards won’t do much more to help consumers at point-of-sale — remember, you have limited liability. But starting Oct. 1, 2015, the liability will shift to whichever business has the oldest technology. If credit card companies don’t update their cards, they will be liable for any fraud; if retailers don’t offer chip-and-pin terminals, they’ll be on the hook. So everyone has an incentive to make payment systems more secure, which is ultimately in consumers’ best interest.

4) Retailers that got hacked are working harder to win back your trust.

Guess which retailer is installing chip-and-pin technology in all of its stores and on all of its branded cards — Target!

Guess which retailer offered free credit monitoring to all its customers — Target!

Given that there have been 606 data breaches already this year, according to the Identity Theft Resource Center, you can probably expect more to come. But the retailers that have already been hacked are beefing up security and offering free identity theft protection services to consumers, so you’re probably safer there than everywhere else.

If that doesn’t put your mind at ease, here are some more steps you can take:

 

TIME Ask TIME Tech

Amazon’s Kindles Compared: Voyage vs Paperwhite vs Standard

Kindles
Amazon's new Kindle Voyage e-book reader sits atop last year's Kindle Paperwhite Doug Aamoth / TIME

Amazon’s Kindle e-book readers are generally hot holiday items, so let’s explore the various differences between the three available models.

There’s the new $199+ Kindle Voyage, the $119+ Kindle Paperwhite and the $79+ standard Kindle to choose from. Here’s a closer look at what you’re getting.

Screen

Size

Choosing by screen size is easy since they’re all six inches diagonally. Things change once we dig into resolutions and lighting technology.

Resolution

The Kindle Voyage has the best screen, with a 300 pixels-per-inch resolution. The more pixels smooshed into an inch of screen, the better everything looks. The Kindle Paperwhite smooshes 212 pixels into an inch; the standard Kindle smooshes 167 pixels into an inch.

The big question is whether your eyes can discern the differences. I can tell you that when looking at the Paperwhite and the Voyage side by side, the difference is noticeable when looking at graphics and slightly less noticeable when looking at text. The standard Kindle looks… I wouldn’t say “the worst” because it doesn’t look bad. It just looks least good; let’s say that. I’d say the $40 jump from the standard Kindle to the Kindle Paperwhite is a much better value than the $80 jump from the Paperwhite to the Voyage, though.

Reading Light

The standard Kindle has no light; the Paperwhite and Voyage both have built-in lights. They both max out at nearly the same brightness, although the Voyage looks a little cleaner and whiter, and can automatically adjust its screen brightness to match your environment.

Touchscreen

All three devices feature touchscreens, though the Kindle Voyage features squeeze-able side bezels that allow you to turn pages back and forth as well. There’s a nice little vibration feedback with each press when using the Voyage.

Video: Kindle Paperwhite vs Kindle Voyage

Here’s a closer look at the $119 Paperwhite up against the $199 Voyage, with some analysis of all three models at the end:

Storage

Wondering which Kindle can hold the most books? The answer is yes. Yes to any of them: They all have four gigabytes of storage, good for over a thousand books.

Size

The Kindle Voyage is the smallest, measuring 6.4″ long by 4.5″ wide by 0.3″ thick and starting at 6.3 ounces (the 3G version weighs 6.6 ounces).

The Kindle Paperwhite measures 6.7″ long by 4.5″ wide by 0.36″ thick and starts at 7.3 ounces (the 3G version weighs 7.6 ounces). The standard Kindle measures 6.7″ long by 4.7″ wide by 0.4″ thick and weighs 6.7 ounces (there’s no 3G version).

They’re all incredibly portable. I’m not sure buying one over the other based on a tenth of an inch here or an ounce there makes a whole lot of sense, but those are the measurements.

Battery Life

The standard Kindle lasts up to four weeks on a single charge, assuming a half hour of reading each day with the wireless connection turned off. It fully charges within four hours.

The Kindle Voyage lasts up to six weeks on a single charge, assuming a half hour of reading each day with the wireless connection turned off and the light set at 10 (the max is 24). It fully charges within three hours.

The Kindle Paperwhite lasts up to eight weeks on a single charge, assuming a half hour of reading each day with the wireless connection turned off and the light set at 10 (the max is 24). It fully charges within four hours.

So as we see here, the Paperwhite actually has the best battery life. That’s probably a factor of its screen not having to push as many pixels around as the Voyage’s screen. The Paperwhite being ever so slightly thicker than the Voyage might make for a slightly higher-capacity battery as well.

3G or Not 3G?

That is the question. Adding a 3G cellular connection to your Kindle Paperwhite or Kindle Voyage adds $70 to the price tag, but results in being able to download books anywhere you have an AT&T signal — over 100 countries and territories are covered (see this map). There are no monthly service charges for downloading books, though you might incur added charges for downloading magazines and other periodicals.

If you read a lot of books and want to be able to download new ones frequently — especially while you’re on the move — the 3G version of whichever Kindle you’re considering is a no-brainer. If you’re going to be using the Kindle at home a lot or you’ll be around accessible Wi-Fi networks, save the $70.

Best Bet

To be clear, the new Kindle Voyage is an amazing e-book reader. It’s super portable, its screen is gorgeous and the added haptic-feedback page turns are a nice touch. However, the $119 Kindle Paperwhite is still a dynamite e-book reader and is a very worthy upgrade for $40 over the standard Kindle because of its higher-resolution screen and its built-in light. Making the $80 jump from the $119 Paperwhite to the $199 Voyage is simply a much tougher sell.

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser