Within security awareness training programs, cybersecurity experts promote various tactics and best practices to implement within personal and work environments to protect your identities online and reduce the risk of theft or privacy loss. While these concepts seem like a broken record to some people, here are 3 best practices that can significantly reduce the opportunity for a cyber criminal to steal your data:
1. Stop Oversharing Personal InformationWhen creating new online accounts with a financial institution, or other accounts that contain a lot of sensitive information, there will come the point in the process after creating the username and password, where you will be asked to enter responses to various security questions. Examples of these questions include "what is your mother's maiden name?", "what was the make and model of your first car?" or "what is the name of your high school mascot?" While this feature is designed so that only you know the answers, many cyber criminals can find the responses to these questions through social media or other public records and by using Open Source Intelligence (OSINT). Most of the time, it comes from reviewing user's social media accounts.
When searching on various social media platforms and with a bit of ingenuity, it is easy to search public profiles and find out where you grew up, and what schools they have attended. Another quick Google search for the high school and mascot, and they have an answer to one of the security questions. Finding the make of a car model can be discovered after searching through comments, or if you post about getting a new car.
While this seems far-fetched and a little unusual, it's easier than you think to overshare information online, and believe it's only being shared with your friends. With more and more social media apps for short videos, pictures and posts, you could be share more information than you realize.
One best practice is to review and lock down the privacy settings of the app. Limit it to just the people who follow you and make sure you know all of them. Make sure to review that follower list several times a year to make sure you still know everyone. Imagine that you are posting videos or images for the world to see. In that case, one recommendation is to make sure it does not contain anything about the location or other personal information, like license plates in the background or information about the area.
2. Google Yourself: Know Your Online PresenceSeriously. We are always searching for recipes, videos on do-it-yourself projects, etc. Given the oversharing that often takes place on social media, an additional method to protect your identity online is to discover your digital footprint by seeing what the internet knows about you. Start with your first and last name. Search by your street address, email address, your mobile phone number and review the results. Most likely, the information found online will not come as a surprise. It is important to consider that cyber criminals can also use this information in an attempt to gain trust and have the user click a link, open an attachment and be socially engineered to take any action you may not have otherwise taken.
Suppose information online is discovered that is something that is not to be shared or known. In that case, there are procedures that the hosting organizations must have to allow you to request that your information be removed. Sometimes it does take a few attempts for the request to occur, but the site does have to remove the data relating to you after you prove it is you.
3. Protect Your Data: Make Your Passwords More Secure
Oh no! Not passwords again!? Surprisingly, this is the most damaging to online identities. Too many victims learn too late that cyber criminals have access to their accounts because they used a password from another account in a data breach. As BJ Fogg, founder of the Stanford University Behavior Design Lab, states, "Three truths about human nature: we're lazy, social and creatures of habit." This analysis applies to people when it comes to passwords. Too lazy to create strong passwords, or it is just easier to remember one password or maybe a slight variation to it for each website to make it easier to remember.
It's important to never reuse passwords on your social media accounts, financial institutions and any site that provides personally identifiable information (PII) to an organization. Suppose that organization suffers a data breach and usually involves customer data. In that case, the cyber criminals can sell that information online for money or use it to target people with emails that entice the user to click the link and open the front door for cyber criminals.
One idea is to make passwords easier to keep track of inside a vault, which provides many benefits. The password vault allows you to store their strong and unique passwords securely. In the unfortunate event that an organization is breached, you only needs to change the password for that one account and not all the other accounts where they used the same password. This action alone can take a significant amount of time if they have to log in and change the various sites' passwords.
Remember those security questions earlier? Well, the password vault can also store those responses. Instead of answering those questions truthfully, you can provide a random response to any of the security questions and keep the answer in the vault for that account. Instead of responding with “Toyota Camry” as your first car, the response could be "lightbulb." No one will guess a completely random word, but as it is stored in the password vault, it is secure. It will reduce the risk of the account being compromised because the cyber criminal wastes time finding information that will be wrong for the security questions.
One other important note about password vaults: you users have to remember the primary password to get into the vault. The various commercial password vaults do not store or know the password for your user's vault. This concept is known as zero-knowledge storage. The developer organization stores the password vault database file, but you own the decryption key, so it is important not to forget the password.
Keeping a password vault with strong and unique passwords is one of the best ways to protect your accounts online, but also knowing what information is out there about you is essential. Events and other information about people's lives these days are posted for the world to see. However, one must be aware of what is shared and strive to ensure that the information cannot be used against them.
We recommend sharing these tips with your users to help them make smarter security decisions every day!