When it comes to data security and the real-life impact of identity theft, public awareness is at an all-time high. But there is still great confusion and ignorance about what it is, how it happens, and what can be done to avoid the pitfalls of life after a data breach or personal compromise.

Most of us still feel flummoxed—and perhaps a bit panicked—when we get a phone call, an email or a letter saying our data or identity has been compromised. Even if it’s a situation that can be easily remedied, like a compromised credit card, where the problem is relatively small, it’s still frustrating. Even if the only real-life consequences are a day or two’s wait for a replacement card and the need to notify a few creditors that your billing information has changed, you feel violated. You wonder if it’s going to happen again. And depending on the source of the compromise and what’s been taken, it may well happen again. So, you stew and wonder some more.

The unfortunate part is that identity thieves understand this. In the mad dash to understand the full ramifications of what’s happened to you, you may expose yourself to further trouble—for instance, by providing your information to a phony identity theft resolution expert, only to be guided through a process of information shedding that brings about further compromise by the very data wolves in sheep’s clothing who ran the scam in the first place.

Taking a few simple steps will help you avoid crooked “helpers” like these, as I explain in my forthcoming book Swiped. You can make a proactive decision to change the way you conduct your affairs going forward.

Be Prepared

If you don’t subscribe to an identity theft resolution service or lack a plan of action before you suffer a personal compromise (other than the theft of a payment card, which can be solved with a couple of phone calls), you will need to spend more time and more money than you are probably prepared to spend. Then, after you have worked your way through the maze of law enforcement, credit bureau, creditor and record-keeping requirements necessary to put yourself back together again, you will almost assuredly spend additional time—more than your thought humanly possible—rearranging the way you make your information available both online and in your everyday transactions.

For this to really work, you need to be willing to make a few adjustments in the way you approach your identity and your data hygiene.

The Best Defense Is a Good Offense

What the great majority of current and future identity theft victims fail to understand is that they really must be their own first line of defense. Since identity thieves can’t realistically be completely stopped, you can instead focus on making yourself a harder target, and on being more ready when the attack comes.

A simple practice like shredding your personal documents can help, but it’s not a solution. Identity thieves can be anyone from a dental hygienist pilfering patient files to small-time crooks breaking into mailboxes or stealing unshredded garbage or tax-related documents during filing season. The more you know what the bad guys want and need, the better you can practice proactive data hygiene.

The fact of the matter is that when it comes to international crime syndicates that breach the databases of multi-billion-dollar international corporations and sell the liberated information, deploying a paper shredder is like bringing a knife to a gunfight.

The above is an adapted excerpt from Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves, which hits bookstores everywhere Black Friday.