by Jim Lynch
Around 15 million people in the U.S. experience identity theft each year with financial losses totaling over $50 billion. It’s not our imagination. The risks of being on the Internet are increasing.
There are a few simple things we can and should do to protect our online privacy.
Now that we can use our phones to make credit card purchases, do online banking, email our doctors, and store lots of personal information, it’s probably time to take few precautions. Smartphone users are 33 percent more likely to experience identity theft than people without them.
Set up a strong screen-lock passcode to secure a phone, preferably one that is longer than just four numbers. The four-number passcodes are easily hacked. I like Consumer Reports’ two-minute video on how to set a strong smartphone password. Well over half of smartphone owners don’t password protect their phones at all.
Use public WiFi sparingly. Eavesdroppers can easily hijack account information traveling over those networks. PC World has a great article about what they can get. Smartphone and tablet users are far more likely to use unsecured WiFi than laptop users. Instead use the phone’s 3G or 4G data plan, which is much more secure.
For those of us who especially value our privacy, turn off the phone’s location tracking feature until it’s needed for something like getting driving directions.
2. Don’t Overshare on Social Media
Most social media is free. To reiterate Andrew Lewis’ MetaFilter dictum, “If you’re not paying for something, you’re not the customer; you’re the product being sold.” The information we reveal about ourselves on Facebook, Google+, Twitter, and all the rest is being harvested, packaged, and used for targeted marketing and who knows what else. It’s simply the business model now for all social media. Have a quick look at the Facebook Data Use Policy. They lay it out pretty plainly.
The sensible precaution? We shouldn’t overshare and shouldn’t say or display anything we don’t want to be perfectly public. Social media is not the place for private conversations. The U.S. Federal Communications Commission (FCC) recommends that we treat our personal information like cash.
3. Use Strong Passwords
Most or all of us feel like we’re drowning in passwords. We need one to get in to lots of websites, our email, social media — everywhere.
Here are a few precautions for keeping passwords safe. First a list of things to avoid:
- Don’t keep passwords on sticky notes or on scraps of paper — keep passwords out of plain sight.
- Don’t use the same password for many accounts. If it’s stolen from us, or from a website we use — it can be used to unlock our lives.
- Don’t share passwords on the phone, in texts, or by email. Legitimate companies will not send any messages asking for a password.
Now some things we should do:
- Change our passwords from time to time, especially our work logins, and change them if we hear that a website we use has been hacked, like what happened recently with the Heartbleed bug.
- The longer the password, the tougher it is to crack. Ten character passwords are good; twelve characters are even better.
- Mix letters, numbers, and special characters. Try to be unpredictable — don’t use our name, birthdate, common words (foreign or domestic), or the name of our beloved pet. One option is to try out free password strength checking websites like Password Strength Checker or How Secure Is My Password?
Consider an online password manager like PasswordSafe, LastPass, or KeePass. These maintain a secure and encrypted username and password list. Each of them has a freeware version. I like my colleague, Dulcey Bower’s, entertaining piece about trying them out, Password Herding in Less than 10: Getting Started.
4. Beware of Social Engineers
Social engineering, as it’s called in information security, is someone calling us on the phone to trick us into disclosing personal information and login details for our organizations. It’s also called pretexting. Famed hacker Kevin Mitnick, in his memoir, Ghost in the Wires, revealed that persuading people to do things for him like emailing him some company source code was one of his most effective information theft tools. He researched his targets ahead of time so he could sound convincing by “using the correct terminology and lingo that they expected.” Social engineers are basically con artists. They can also pose in-person in our offices as maintenance people or contractors.
TechSoup’s recommendation is to be skeptical about anyone asking for any passwords or account information — unless we know them well personally. Also, as previously mentioned, don’t leave post-its or scraps of paper with passwords on them lying around.
One of the big annual high tech conferences is DEF CON. It attracts hackers from all over the world. Hacking is a massive industry. Information thieves find new ways to break the security features in our software on both our computers and mobile devices.
Software makers create updates pretty frequently to patch these security holes as they discover them. Essentially every update is more secure from hacking than the previous update.
The most important software to update on our devices is the software we use every day like our operating systems (for example, Windows, Apple, or Android), antivirus or anti-malware, browsers, office suites, Java, Adobe Reader, and Flash. Important software on our devices usually alerts us when an upgrade is available. TechSoup’s recommendation is to update when we get the alerts. Don’t postpone updating. The FCC also recommends that we use security software that updates automatically.
One of the biggest security risks currently is Windows XP, which cannot be patched or updated. Microsoft ended support for Windows XP in April 2014, but it is still the world’s second most popular operating system. Millions of PCs worldwide are still on it. The most pressing software update is to upgrade from XP to a supported operating system like Windows 7 or Windows 8.1. I recommend our webinar recording, Beyond XP: Upgrading Windows Operating Systems.
I hope you get a few useful nuggets of information from these basic recommendations to protect privacy.