It’s Not You, It’s Me
When hackers broke into the Home Depot database and stole massive amounts of credit card information, they did it by targeting a vendor who had a valid username and password. In other words, they didn’t pick the lock so much as they stole a key.
This is a similar concern for social media. You may think you know who can see what you post and share online, but the truth of the matter is that somewhere in your social network is a vulnerable weak link.
A good rule of thumb is to not post anything that you wouldn’t want made public knowledge. You may have the best privacy settings possible, but if your friend’s account gets compromised, those settings go right out the window.
Example: You may think you’re only sharing something with your friend Samantha, but if Samantha - who has used the same password for everything since High School - get’s hacked by her ex boyfriend…drama ensues.
Between Coursen Security Group, Date Site Data and pro bono work with a survivor advocacy group, I spend a good part of my day helping people who are being harassed, threatened and stalked both online and in person. In order to minimize risk, one of the first things I do is to conduct a vulnerability assessment. Many clients are surprised to learn how much “open source” information can be obtained through a “Deep Web" search and how easily their computers, wifi routers, and mobile applications are vulnerable to attack.
One of the first steps to ensuring safety is to embrace a positive protective posture; one that embraces a preventative methodology rather than a reactive response.
Here are a few tips and tricks to help get you started:
Security Settings Exist For A Reason
The recent cyber attack on Sony have brought much attention to online security protocol. The FBI was quoted saying that “90% of US Companies are vulnerable to attack.” Other security firms have estimated this likelihood as high as 97%.
Hacking is going to happen. It’s just the nature of today’s marketplace. However, it is important to understand that while it is nearly impossible to protect everything all of the time, the bad guys can’t attack everything at the same time either.
So what do we do?
- We don’t make it easy for them to get in. Strong passwords and protective measures matter.
- We don’t give away the store if they get inside the door. We compartmentalize and segregate the most critical information.
(Like a Bank: Security at the front door. More security behind the teller desk. Yet, even more security to get into the vault.)
PASSWORDS AND UPDATES
You don’t need a bullet proof door to keep your home safe, and you don’t need CIA-level encryption programs to keep your computer safe. But you DO want your front door to be shut and locked and you DO want your computer to have a strong password. Not being bothered enough to take even the most basic of precautions will most certainly come back to haunt you. (Remember Jennifer Lawrence talking on the red carpet about not bothering with her iPhone updates?)
Strong passwords combine capital and lowercase letters with numbers and symbols to create a more secure password. Separate passwords for every account to help thwart cybercriminals. It’s best if passwords are changed frequently (every 90 days) and immediately after ending any personal or professional relationships.
Avoid using words found in the dictionary. Instead, modify words you can easily remember and spell them using symbols and numbers whenever possible. Example: B@seB*11
Most of the updates that come across your screen are related to security updates that reduce vulnerability and patch security flaws. Always choose Yes!
The privacy settings on mobile applications and social networks allow you to control who can view the different aspects of your profile. Take a few minutes right now to update your settings and take control of your online experience in a positive way.
ALL FRIENDS ARE NOT CREATED EQUAL
Connecting a large group of friends and coworkers who would otherwise never meet helps foster new friendships. This DOES NOT mean they should all have the same level of access to everything you say and do online.
Consider making groups that compartmentalize your social network into smaller groups like work, family, friends, and perhaps a more specific “trusted” group that may include those who overlap certain boundaries.
THINK BEFORE YOU LINK
Research shows that 75% of corporate recruiters have rejected candidates based on information they found online. Recruiters respond positively to a strong personal brand so think before you link and don’t post anything online you wouldn’t want to be made globally available. (SONY)
WHEN IN DOUBT, THROW IT OUT
Most malware is delivered in the form of downloads, links, fake profiles, and false friends. If it looks suspicious, throw it out. Always check the address bar for a known and trusted address like, “www.facebook.com/" and not something like "www.facebook35.ki" or "www.2facebook1.php." Fraudulent domains names like these are a giveaway of nefarious activity intending to compromise your private information.
STOP UPDATING YOUR RELATIONSHIP STATUS
The people in your life who matter already know if you are single, married, dating, on-a-break, or involved in something “complicated.” Regardless of your personal situation it is usually unfavorable to make your relationship status public knowledge.
Those who have harassed or stalked you in the past would love to know that you just became newly single. In the mind of a pursuer, changing your status to “Single” is a green-light for them to use your update as an excuse to contact you. It also let’s them know that you are likely now spending your nights home alone. A positive protective posture is your best course of action, so it”s best to leave the relationship section blank.
KEEP PRIVATE INFORMATION PRIVATE
Embrace the “less is more” philosophy when it comes to your personal information. Be mindful to not post pictures of your home, your car, your office, your parking spot, and other distinguishable facets of information that make it easier for you to be singled out of the crowd and identified. The more information you provide to your online audience, the easier it may be for someone to use that information to target you for identity theft, data breaches, harassment, or stalking.
KEEP SENSITIVE CONTENT ON A PASSWORD PROTECTED EXTERNAL DRIVE
In addition to being a preferred practice for regularly backing up your computer, it is best to keep photos, emails, documents, and other files which may be private or sensitive in nature on an password protected external hard drive that is not connected to the internet.
These devices are lightweight, mobile, and small enough to travel with you yet keep your private files compartmentalized and separated from being compromised by a security breach to your network.
REAL FRIENDS LOOK OUT FOR EACH OTHER
Everyone has a different tolerance for how much they want the world know about them. Similarly, everyone has a million things going on in their own life that may not be for public knowledge. Be honest about those pictures, posts, and tags that make you feel uncomfortable and let your friends know how you feel. Likewise, be sure to keep an open mind and respect the opinions of others when it comes to postings you have made with regard to them.
DON’T CHECK-IN UNTIL YOU CHECK-OUT
Lot’s of people love to use the geo-location and “check-in” features of Instagram, Facebook, and Twitter. The problem is that now you’ve just told everyone where you are and where you are not. If a stalker is trying to find you, you’ve just told them where you are. Same goes for the robber determining which homes offer the highest likelihood of success. Live-tweeting your vacation from the beach makes you that much more of a candidate.
When in doubt, turn off the geotagging and if you want to share the moment with friends and family who aren’t there with you, use text or email. Wait until you get home to share with those who don’t matter the most.
UPDATE BASIC INFRASTRUCTURE SETTINGS
Regularly running virus scans on your computer and updating the security features of your wireless router are extremely important. This is especially the case if you have had your wireless router for a few years and you are still using WEPencryption.
Standard WEP is easily cracked within minutes and only provides a false sense of security. An amateur hacker can defeat WEP security in a matter of minutes. If you are still using the default router password posted on the bottom of the router, it’s even easier. Unfortunately, many people set their wireless routers up years ago and have never bothered to change their wireless encryption from WEP to the newer and stronger WPA2 security. Updating your router to WPA2 is easy as browsing the manufacturer’s website for details.
Interested in learning more?
Follow on Twitter: @SpencerCoursen