Our society is made up of all types of information. And the amount of “stuff” that is known about us is growing as speeds never before seen. Think back 50 or 100 years. What identified a person? Their names, their ancestry, their address and their bank. Eventually phone numbers and a few other bits of personally identifiable information made it into the fold. Now look at what could possibly identify you – it’s almost unfathomable how much data is collected on is each and every second and not only that, how this data is connected to us.
We have bank accounts, phone records, credit cards, subscriptions, just to name a few of the obvious ones. But if you use a computer or a cell phone, much more information is not only able to be linked to you, but also trackable. This is what online advertising does. Based on the sites you visit, the people you are friends with on social networks and even the type of hardware you are using, companies good and bad are compiling information and creating personas that represent who your are so as to better advertise to you. Some companies or even government agencies (gasp – conspiracy theory alert!) are probably compiling details on you, your family and those people you interact with.
And with all of the various accounts, services and sites that we frequent, we have to have accounts with those in order to get the services that we requested, and of course, to be sold to or upsold at every turn. Do you participate in those “short surveys” that sites often hit you with? That’s so that they can better sell you additional (and hopefully better) products or services.
Let’s think a few minutes about the accounts that you have and the type of information on there. If that information got into the hands of someone who’s job it is to drain your bank account, create fake credit cards in your name and steal your identity, would you know what to do? How would it make you feel? Violated? Exposed? Scared? If you have ever had your car broken into, you probably get a little bit of that feeling. I have had my identity stolen. My case was a small one, but it was way too large for even me.
We have always been told that being proactive is better than being reactive. When it comes to your digital identity, this couldn’t be more of the case. It is a heck of a lot easier to jump over some hurdles and endure some pain before you have your identity stolen than it is to repair and rebuild everything after it has all been lost. It’s like they say “an ounce of prevention is worth a pound of cure.”
As we all sign up for new services, whether they be banking or others, we entrust our private information to a 3rd party. We typically have faith in these businesses to do their extreme best to protect our private information, but we also expect these companies to make the process easy for us to do. That is where the danger lies. The easier it is for US to do, the easier it is for SOMEONE ELSE to hack or use social engineering to gain access to your data.
There was a recent example of how through some crafty social engineering, coupled with some relaxed security protocols, Mat Honan, a Wired magazine senior writer, had not only his various account accessed, but also 3 years of his young daughter’s pictures completely deleted from his computer hard drive, his mobile devices wiped, his Twitter account hijacked and used to send racist and homophobic messages, and email accounts deleted, all done remotely. I recommend reading through his account of what happened and how it was achieved because this type of danger is present for all of us, regardless of whether we are tech-savvy or not.
This scary story hopefully will inspire people to look at their own electronic fingerprint and network and search for loopholes and areas of softness.
To help, I have compiled 10 tips on how to make it a bit harder for your identity to be stolen or lost:
- Use 2-Factor Authentication – Many sites and businesses are starting to roll this functionality out. Basically, if your account is used by an unrecognized computer or device, you get an additional notification (e.g., via text) to have you authenticate that it is indeed you accessing that service. Gmail and DropBox both have implemented this, for example. Many financial institutions do this as well.
- Use a Unique Password (and even user name) for each and every site – Back in April 2012, I wrote about some things that you can do to make your passwords even stronger. And, check those user names. Do you use your Social Security Number as an ID? Do you use the same ID to log into multiple services?
- Write “See ID” on all of your credit & ATM cards – While not all merchants look at the back of your credit cards, this is a good “physical 2-factor” type of authentication you can easily implement.
- Shred all junk and financial solicitations that come in the mail – It’s amazing that this type of thing still happens and part of the reason I have a locked mailbox and why I shed all of the junk mail I get. It’s easy for people to fill out some of the forms on this mail and take your identity in the process.
- Sign up for a credit monitoring service – While this type of service typically has a fee, it does provide peace of mind knowing that a company is watching for suspicious activity regarding your information.
- Password protect your cell phones, tablets and computers – Our mobile and portable devices are now even more than ever, our life blood. But should they fall into the hands of an evil-doer, they are instantly a key and access to all of our data and accounts.
- Go to financial website directly – As I mentioned in this related article and others, stay away from clicking through links that come to you in email as they may be phishing scams. Type in web addresses directly.
- Make secure backups of your data and media – There are so many online and offline backup products and services available, it’s imperative that you make regular backups of your devices. If your hard drive crashed or your laptop was stolen, would you be able to easily recover the data and media that was on it?
- Avoid linking all of your accounts – Linking accounts is convenient and quite easy. Think about those sites that ask if you want to use your Twitter, Facebook or Google account to ease the login process. While it is exactly that – easy – that means that it is also easy for a hacker to access those linked accounts the same way. If they get your Facebook account credentials, they could change that password and then see what you have linked to Facebook and then authenticate with those other services without you knowing it.
- Set up security questions that are hard to know or guess – Whenever possible, avoid the “what is your home town,” “what was your high school,” and “what is your mother’s maiden name” type of additional security question. These items can easily be looked up. Go for the hard ones like “who was your favorite teacher” or “what was your first pet’s name” (assuming these cannot be researched).
As part of the Trend Micro, Digital Joneses program that I’m participating in, each month we receive a “Challenge” or topic for discussion. Obviously, much of the content revolves around security, privacy and safety when working or playing online or with digital devices. The subject of protecting your digital identity is one that could, in my opinion, be something discussed each and every day. Often, improving or increasing your security or privacy best practices takes a lot of work, especially if you have been doing it wrong for a long time or in a less-secure way.
But, there are always ways to tighten your security, especially if you bring a new device into your business or family environment. Take tablets for example. Most likely, you will want to integrate in all of your social and email accounts right into the tablet settings. But take a few minutes first to think about what you want to hook in. What if you were to lose your tablet? Would your entire digital identity be compromised? Both Apple and Android tablets have ways to securely track your tablet and erase your private data (be sure to check out Trend Micro’s Mobile Security App or Apple’s Find My iPhone app). But while helpful in its positive use case, these same apps could be dangerous (e.g., Mat Honan’s case) if you don’t implement some of the protection tips I mentioned above. Technology is great, until it gets into malicious hands.
As I mentioned earlier, an ounce of prevention is worth a pound of cure. When it comes to protecting your digital identity, you really need to live by those words. Take precautions. Do a little security tightening ahead of time. In the long run, a little bit of effort now can save you a ton of potential pain in the future!
Disclosure Text: For the Digital Joneses Study, Trend Micro has provided each of the bloggers involved, including me, technology and/or software items for use in the various challenges and/or for review. I have a material connection because I received these items for consideration in preparing to write this content. I was/am not expected to return these items or gifts after my review period or the study duration. All opinions within this article are my own and not subject to the editing or approval by Trend Micro or its contractors. More information can be found in my About page as well as here.
HTD says: What steps are you taking to protect and secure your digital identity?