In the wake of yet another major hack announcement (this week it is Lowe’s, last week it was eBay), it is important to understand that you can have a secure online identity, but it takes work.
It starts with education:
- Understanding that email is clear text (which means that it is not encrypted) and can be intercepted.
- Appreciating the danger of using weak passwords.
- Being mindful of how ubiquitous web and Internet technology works.
- Understanding that once your private information is on the Internet, you have lost control of it. (Remember your late-night Facebook post from last weekend?)
Next, you need to put aside the idea that you have to trust organizations on the Internet to protect your sensitive data (banks, retailers, etc.). Here are some suggestions on how you can be proactive and protect your online identity:
Start with the basics. Don’t click through links from untrusted parties or in unsolicited email. Don’t download software while browsing – your computer already has the software it needs; avoid “sketchy” sites (e.g. gambling or porn).
Use strong passwords and some common sense. Think twice when filling out a profile on one site, and then using the same information as secret questions to recover a password on another site. Use a different username and password for different sites – think about work vs. personal and always think about the sensitivity of the data. For example, your password for Facebook and your bank should not be the same.
Control your online destiny. Keep your digital life organized and think about the data you post online. For example, if your banking website is compromised and you have a different username and password for your online banking than you do for your eBay account, which is different that your Amazon account, you can survive the compromise.
The bottom line with protecting your online identity is to be vigilant and educated on the steps you can take to keep yourself and your family secure. You can never be too careful when it comes to your personal information.
Located in Pennsylvania, Jason Rhykerd, CISSP, is a security professional with over 10 years of experience in assessing, analyzing, and auditing IT security risk. Jason has worked in multiple industries including healthcare, manufacturing, nuclear power generation, and government.