This is an outline of a presentation I delivered called "Safeguarding Your Digital Life." It summarizes best practices to follow for keeping your online identity safe from hackers and identity thieves. Feedback and additional tips are more than welcome. Enjoy!
- We have a ton of IT security systems installed, but the weakest link is the human one.
- The most fortified castle will fall due to 1 person opening the door for the Trojan Horse.
- Security is inherently inconvenient. But dealing with identity theft is far worse.
HOW DO THEY TRICK YOU?
- Email: Spam & Phishing
- Phone, FAX, paper letters
- Send fake friend requests
- Follow you on Twitter, YouTube, etc.
- Find your resume on LinkedIn, then call you to get more info.
- Hack a website and steal username/passwords, then try them on other sites.
- Tempt you with a great deal on a product or service.
WHAT DO THESE LOSERS WANT??
- Most want money.
- A current frightening trend right now is "ransomware," a type of malicious software that will encrypt all of the data on your computer. A message appears demanding a ransom to decrypt your data.
BEST PRACTICES - GENERAL
- Install antivirus software. Avast is good and there's a free version for both Mac and Windows. I documented more here: The Hunt for the Ultimate Free Antivirus Software
- Keep it updated. Update. Patch. Reboot. Repeat
- Do at home what you do at the office. Password protect. Change passwords. Encrypt. Use multi-factor authentication. Backup your data.
- Close accounts you don't use. You have Twitter, but never use it. Close it.
- Be paranoid. Be skeptical. Fail on the side of caution. Not clicking it is safer than clicking it.
BEST PRACTICES - PASSWORDS
- Change passwords. Use complicated ones. I prefer sentences with punctuation that mix languages. They're long, but easier to remember. For example:
- Don't use the same password on multiple sites. One site gets hacked, and you're in trouble.
- Use a free mobile app like MiniKeePass to securely store your passwords.
- Setup OTP (one-time passwords, aka multi-factor authentication) for your financial and critical accounts, like Facebook, Google, etc. All the major sites now support this--they usually use SMS or Google Authenticator. It's a HUGE security boost!
- Check if your username/email address has been involved in a breach by using this site --> https://haveibeenpwned.com/
BEST PRACTICES - EMAIL
- Are you expecting this communication?
- Is the address generic? "Dear Colleague..."
- Is it from a generic email provider? Gmail, Yahoo, Hotmail, etc.
- How's the language? Is it native?
- Do they encourage you to click a link or open an attachment?
- Is there an office address specified?
- Try googling the company info, address, etc.
- Don't click links in email. Go direct to the site.
- Get a "throw-away" email address and use that.
- Personally, compared with the other free email providers, I think Gmail has their act together when it comes to anti-spam.
BEST PRACTICES - WEB
- Clear your browser cache and cookies from time to time.
- Use "Incognito" or "Private" mode on your browser.
- Try Googling the website without visiting it. For example, google this: "company.com scam"
- Use free website reputation tools. I made a list here: Website Reputation Tools
- Use Rapport Trusteer, free security software from IBM that validates website addresses. It works alongside anti-virus software. I cover it here: The Hunt for the Ultimate Free Antivirus Software
- More info here: How to Spot a Fraudulent Online Business
BEST PRACTICES - FINANCIAL
- Set OTP on all financial accounts (if you can).
- Never use a debit card. Use credit cards or Paypal instead because it's easier to initiate charge-backs if necessary.
- Turn on credit card & bank email notifications. This sends an email each time your card is used.
- Get free credit reports. USA credit reporting agencies are required by law to provide this free once a year upon request.
- Enable credit freezes, preventing new credit to be opened in your name.
- More info here: Living Abroad - Credit Reporting, Alerting, and Freezing
BEST PRACTICES - SOCIAL MEDIA
- Review your security and privacy settings. Then review them again.
- Turn on login notifications. This emails you when someone logs into your account.
- Most sites like Facebook allow you to "view public profile." Do it and see what you're sharing publicly.
- Visit your profile page using "Incognito" mode on your browser. This way you can see what's public.
- Google search your name and see what's out there about you.
Am I forgetting anything??