In the past few days, we learned that Global Payments Inc, a middle-man credit checking company, suffered a breach of its systems starting in January of this year. It has been speculated that up to 10 million card holders might be at risk.
Even with the growing trend of these types of attacks, your personal security both online and offline is still heavily dependent upon your own behavior. The sites you visit, your personal account management and password policies, and the data you post online can all help or undermine your personal security.
There has been quite a bit of noise about the Girls Around You app, and similar smartphone applications that make it far too easy for a stalker or potential attacker to consolidate information about who you are and where you go. This is information that people are storing about themselves, thinking that it is being stored securely.
People are still the biggest threat to their own security and privacy. Employee actions are still the most likely vector by which an attacker will gain access to the network of their employer. Please don’t fall for the silly notion that you must give up your privacy in order to get access to free goods and services. Your privacy is worth more than that, as you will quickly find out if you lose it.
Here’s an overview of the key steps that you should implement to improve your security profile before it bites you by way of financial loss or identity theft.
- Manage your accounts and passwords carefully
- Don’t use the same account/password combination for every single resource.
- Use strong passwords.
- Avoid sites and services that don’t support strong passwords.
- Use a password manager such as LastPass or something off-line to keep track of your passwords
- If a site support two-factor authentication, use it!
- Never give your password in response to an email request.
- Don’t share passwords with others!
- Don’t click on strange links
- Not even from friends!
- If a link seems strange or out of place, reach out to the person and verify that they sent it.
- If you see an email from your bank, visit it directly.
- Be careful what information you put out on the web
- You have control of what you put out there – right up until you put it out there.
- Look at the permissions requested by the apps you put on your smartphone. Reject apps that are asking for things that seem excessive.
- If you give up your name, full birthdate, address and employer to every website that asks, you make it so much easier for identity thieves to get the last few elements they need.
- Parents! Know what your children are doing online.
- Constantly review your privacy on social networks
- Your goal (privacy) is in direct opposition to their goal (access to your info for financial benefit)
- Privacy policies and privacy mechanisms change rapidly. Make sure they still provide the protection you care about.
- Check your privacy by looking at your profiles from different machines where you are not logged on, or logged on as a different user.
- Perform regular internet searches on your name to see what turns up Parents! Know what your children are doing online.
- Manage your banking carefully
- When you do online banking, have that as your only open browser window.
- Call your bank if you see anything wrong with your statement or receive a strange email.
- Select a bank that is diligent about tracking fraudulent activity in real time.
- Use Credit Cards rather than Debit Cards for online purchases, as there is more legal protection for you, and less direct access to your bank account.
I will look to elaborate on these over the next week or so, but these should be a good start. Don’t rely on others to make you secure – you hold the keys.