My writing lately has revolved around media, technology, use of data and consequential psychological impacts. However, in a conversation with my friend Michael Becker of Identity Praxis he urged me to write about Personally Identifiable Information (PII) security fundamentals. According to Michael, personal data privacy is “the new luxury good” and we have all heard about the malicious hackers who find creative ways to steal it. Consequences of identity & personal information mismanagement, for the individual and company alike, can lead to reputation damage, debt, criminal records, loss of income, potentially impact your employment prospects, and yes, death. For those of us “non-techies”, when thinking about security on our devices we often default to, “I have antivirus software on my computer, so I am good”. Well congratulations, I’m sure that hacker from who knows where has never gotten past antivirus software. Those questionable pictures of you at your bachelorette party are completely safe and your privacy is protected, NOT (Wayne’s World reference). For your reading pleasure, below are actions, recommended by Michael and explained by me, you can take to protect your devices from being compromised and unleashing holy hell on you personally.
Begin with using common sense before sharing your PII. This doesn’t involve buying expensive software, it requires taking an extra two seconds to think before acting. Consider the trustworthiness of a website, mobile site or application you engage with before sharing your personal data – if something seems suspicious, don’t share. Furthermore, don’t complete a transaction online or in a phone app if you don’t feel it is secure. Either call the company or go to a different site where you can order the same product. With email if you don’t know the sender and they ask you to click on a link it could be a phishing attack which can grab data off of your computer. Make sure not to just look at the email name or link, look at the actual email address and URL within the link as the name can be used to mask a malicious address link. Sorry, that email you received from a stranger asking for your SSN and credit card information to redeem your grand prize is likely about as real as the Easter Bunny.
According to an article from the Telegraph last year, more than 50 percent of people use at least one of the top 25 passwords and almost 17 percent use the password “123456” (Wasn’t this password used in “Spaceballs”?). When creating passwords, the best practice is to include capitals and special characters in our passwords as well as use different user names and passwords for each account. Reality is that with all the different accounts we have now, it is tough to keep track of it all so we all pick a favorite username and password for everything. Therefore, if a hacker can figure out credentials to one account likely it will work on several others. Password managers such as LastPass or 1Password are good programs that can make your life easier. A password manager is an application that will store all your different usernames and passwords and opens with the use of one master password. They also often contain the ability to auto fill log in credentials on websites. What’s nice about this feature is that it is obviously faster and more accurate, but also protects from hacker keylogging attacks. Password managers are also able to detect whether you are on the right URL which helps protect you from phishing sites. Some of them also have unique random password generators so you don’t have to think of new passwords for every account. DO NOT use the autofill features available from your selected browser, these are not secure! Finally, enable two-factor authentication (either SMS or application) on your accounts, e.g. banking, retailer sites, that support it. I know it is a pain in the ass, but so is having your bank account drained or social media account hacked.
With the Equifax breach last year most of us have at least heard about the risks from news coverage. However, most people think there are only three major credit bureaus (go ahead name them in your head…). BUT NO, Michael reminded me there are in fact FOUR. Make sure to visit all four major credit bureaus to freeze your credit (Trans Union, Equifax, Experian, and Innovis). Freezing your credit stops any credit inquiries on you which stops anyone from opening a credit account without your knowledge. When freezing your credit, you will receive a PIN code from each bureau to “unfreeze” it should you need to have a company run your credit perhaps to get a loan. Keep those PIN codes in a protected place (how about that password manager above?). While I know some people are concerned about the inconvenience of needing to unfreeze credit when applying for legitimate credit – it can act as a loan deterrent. True story, my husband and I were considering a larger purchase where a credit application was needed and then never did it because of the time it would take to unfreeze our credit, but I digress. Put it on your calendar to check your credit score annually. You can go directly to the credit bureaus and get the reports for free or use companies like Credit Karma, Credit Sesame, or Quizzle (each offer different services). You might want to consider getting cyber/identity insurance and darknet monitoring services. The darknet is a layer built on top of the Internet that is hidden and designed specifically for anonymity of which the biggest use is peer to peer file sharing. You can only access the darknet with special tools and software so most of us can’t see what data is on there about us. Besides monitory compensation and support in the case of identity theft, this type of service will provide you alerts for the types of things you wouldn’t know such as an unauthorized USPS address change. There are a number of companies like LifeLock, Identity Guard and Experian that offer this service and I recommend you check out this PC Magazine article on the subject.
Yes, I know my introduction started with a rant about how antivirus software will not protect you from everything, but YES YOU STILL NEED IT. PC Magazine recently tested the best antivirus software and the reviews can be seen here. However, antivirus software should not be your last line of defense. For example, antivirus software doesn’t always protect against malware, and what if you lose your laptop? Encryption solutions prevent access to your files (remember those pictures?). On a Mac you can use Filevault features and for Windows, PC Magazine recently wrote a review of the best encryption software for 2018.
Running your computers on the latest operating software and paying attention to those annoying notifications for OS updates can stave off major attacks (my husband a previous systems administrator is rolling his eyes right now because I used to ignore them). According to a Popular Science article the WannaCry malware attack had an update two months prior to the event that protected users from the attack. The same article calls out the importance of selecting a good email provider and mentions Google and Microsoft as smart choices since they filter many suspicious emails (but not all) before they get to your inbox.
Make sure to password protect your home Wi-Fi router (yes I know people who don’t) and use a VPN when you are connecting to a public Wi-Fi network such as at an airport, hotel or nearest Starbucks. You can also consider installing a cybersecurity hub on your home router such as Bitdefender Box, Fing or Cujo. These tools will monitor and block any suspicious traffic on your Internet coming from any of your connected devices (they often come with a virus protection software package). I also like that those mentioned come with parental controls allowing you to block offensive websites, limit social media and control Internet access by device. What I really liked about Bitdefender is that there are features to detect cyberbullying and online predators.
Identity theft is big business affecting more than 15 million consumers with fraud losses of $16 billion in 2016 according to an identity fraud study released from Javelin Strategy and Research in 2017. Digitally connected consumers, defined as those that “have extensive social network activity, frequently shop online or with mobile devices, and are quick to adopt new digital technologies” are at a 30 percent higher risk of identity fraud than the average person. Costs associated with the above suggestions can range from free to a few hundred dollars which could likely be offset by avoiding a couple of unnecessary purchases. Will it take some time? A few hours per year maybe, but the return on effort outpaces the same number of hours you already spend checking your social media or reading the latest salacious news story about identity theft or privacy invasion that stresses you out.