As WikiLeaks as shown us it's not just your average computer user that doesn't practice good security and protect their information. But there are good practices that we can learn and use to protect our data and make our security stronger. And as this article shows they aren't all about being fancy or using complicated tools but more about being careful and thinking about security all the time.
Anyway you say it security is a subject that brings yawns and glassy eyed stares when you bring it. But when you understand the risks and see the damage done by security lapses as you help someone clean up the mess left after a data breach it will wake you up.
So take a minute read this article and consider your security before you face the pain of identity theft or data loss.
How To Stop Your Personal Wikileaks--Personal Technology Security
Jason Perlow recently wrote about Personal Wikileaks, where he described how he had been sent a smartphone to be evaluated only to discover that the previous user was a high-level technology journalist; one that has the direct attention of major technology industry leaders. To give you an idea of what I’m referring to, my personal predictions for the tech specs of the next tablet from a fruit-named company were solidly confirmed. I’ll leave those for another article.
This wasn’t even an isolated incident. There are hundreds of instances in the tech journalism field where personal devices were used, evaluated and returned without being properly purged of personal information before being sent back, and they weren’t wiped at the vendor’s end, either. It’s a chain of carelessness.
When discussing this situation with Jason, he said it was an epidemic. I agree, but it’s not a recent one. It’s a systemic issue that is somehow ingrained in our personalities. As a people, humans do not typically consider security of their information unless they consciously focus on it. Instinctively we still go back to our early evolutionary ancestors: shelter, food, safety from predators.
Well, it turns out that there are predators everywhere, and they don’t typically want to eat your carcass in this day an age. They just want to consume your data.
I could provide dozens of links to articles concerning accidental data leaks. I’m sure my readers have seen them as well: celebrities losing their cellphones containing racy pictures of themselves; government agency employees losing their laptops, and we find out that the private information of millions of US citizens had been downloaded to it; political candidates having their email accounts hacked because they used simple passwords and easy to guess answers to security questions; commercial website databases getting hacked, revealing the financial information of their customers that ends up getting sold to some overseas black market group.
Let’s face it, there really isn’t going to be an end to these information leaks until people start treating their personal information the same way they treat their money, homes and families. Jason provided a number of examples of securing the data on your smartphone. Of course, wipe the data on phone and storage card before giving the phone to someone else.
Use remote admin capabilities with your phone in the event of losing the device so you can wipe all stored data on it. Use a screen lock PIN or password. Use a SIM lock password as well if available. Most phones will let you dial 911 (or whatever your local emergency number is) without having to unlock the phone so you can still make an emergency call even if you don’t have the time to unlock it.
But this goes much further than smartphone security. Your data is everywhere: on your smartphone, your home and work computers, dozens or hundreds of websites. One of the first mistakes people make is to use the same password for everything. If a hacker got into the user database of a popular website, such as those owned by Gawker Media, and the users there have the same passwords in operation in other places (they do), then it’s only a matter of time before they get their data compromised elsewhere.
Your passwords are probably one of the weakest links in your data security. Instead of having one regular password, have six. Make them all difficult to crack: at least 8 characters in length, and at least one capital letter, one number, and one special character (@, !, #, $, %, etc.). Don’t use actual words for your password, or anything that relates to your life. Rotate your password usage regularly. Using the same password for more than 90 days isn’t advisable.
Physical access to your personal computer and devices is another point to consider. Most of the time people carry their cellphones with them. Unless, of course, you are one of those people that gets a lot of phone calls but leaves their phone at their desk and disappears for an hour. If you are one of these people and worked near me, you may have been one of the many victims who found their battery contacts taped over, or your ringtone changed to a shotgun blast.
Practical jokes aside, it’s important to control physical access to your data devices as well. Walking away from your desk at work? Lock the screen with a password. Take your phone with you. Are you in an office where visitors can walk right in without being intercepted by security or locked doors? If you’ve got a laptop, it’s a good idea to either take it with you at the end of the day or lock it in your desk. Portable computer hardware disappears all the time. Don’t leave it on your table at Starbucks while you make room for more coffee.
Another item to secure is your cloud data. You may not realize it, but you very likely have data in the cloud right now. Your email, whether Gmail, or Hotmail, or Yahoo, or some other web-based service, uses cloud storage. Accessing your email from your own computers isn’t an issue, but accessing it from a strange computer is. Libraries, Internet cafes, pretty much any computer that isn’t your own.
You don’t know if there’s a keylogger on that computer, and even if there isn’t you may not be able to wipe the history and saved passwords from that system. If you are using a computer that you don’t fully trust, it’s not a good idea to use it to access your personal data. That goes for any website with your personal and financial data, not just your email.
Most people don’t even consider it until they suddenly discover that their identity has been stolen, or someone charged something expensive on their credit card. It even happened to me, which is why I won’t let someone read back my credit card number to me aloud when I give it to them over the phone. I won’t read it aloud either; that’s exactly how a former coworker ended up in jail by using my credit card to buy a $3000 plasma TV, emptying out my bank account in the process.
Just a small amount of effort and a shift in awareness can make all the difference. Thieves, even data thieves, are more likely to go after easy targets. If you don’t provide them with an easy target, they’re likely to go elsewhere. Keep your anti-virus and anti-malware software up to date, keep an eye on your devices, and play it safe.