Sounds simple enough right? Yet many people including myself have broken this rule at one time or another. In this post I would like to share a few ideas on how you might protect yourself from invasion of privacy attacks.
First, as a side note let me mention that hacking is not about super genius coders or the malicious scripts that they write; hacking is about finding vulnerabilities that arise from the typical behaviors shared by many. Behaviors such as using the same password for multiple sites, the use of weak passwords, using no password at all, using passwords that are comprised of personally identifiable information that may be known, and worst of all writing your password down in a place that is accessible by others.
No the world isn’t all bad and not all people are malicious but, not all people are trustworthy either…this includes coworkers, bosses, friends, whomever.
So a few personal security practices that I recommend are:
Have A Personal Information Policy. Define what information about yourself you deem to be public and what information about yourself you regard as private and then take a look at your behaviors to ensure that you are doing the right things to ensure that private information is not mistakenly disclosed.
Never use the same passwords in the office and at home. I’ve worked in IT for years and companies have access to all company resources that you use, and rightfully so because they own them. So, if you don’t want that nosy boss and/or coworker reading your personal email or logging into your personal accounts, have a work only password. Also, use company resources for company purposes. I am not a human resources specialist so don’t miss the message. The point here is that without the use of a privacy protection suite, merely emptying the recycle bin does not delete items from a hard drive.
Use Context Sensitive Passwords. Never use the same password for multiple sites. As challenging as it may be to manage separate passwords for each site that you access, creating a password for each of these sites will ensure that one breach remains only one breach. One way this can be accomplished is through the use of context sensitive passwords such as the purpose for the account and the date upon which it was opened. For example, “makeMeR1cH!1111” might be used for a financial institution. This incorporates both letters, numbers, mixed cases as well as a special symbol. This is only one example, but the use of grammatical devices and patterns can make remembering multiple passwords as easy as remembering your favorite taglines. The key point is that by being creative, you can become a bit more secure.
Be Conscientious of Public Networks. When using a public network, try to limit logins to sites that offer alternate authentication methods. For example, Hotmail’s Single Use Code. The single use code feature is great because instead of typing the actual account password, you can have a single-use temporary code sent to your mobile phone as long as the number is saved in your account profile. This single-use code expires immediately after use. Another great feature offered by some providers are access notifications. Facebook has a feature whereby a text message is sent to the phone number in your account profile whenever the account has been accessed.
Don’t Use Personally Identifiable Information. I like sites that allow you to compose your own secret questions and answers because you can always think of something that only you would know. But in the event that you can’t, you mother’s maiden name, could be your favorite teacher’s last name. Birthdays, children’s names and spouse’s names are given no-no’s.
Don’t Click Hyperlinks Received Via Email. Unless you are absolutely positive that it is safe, never click on hyperlinks received in email messages. Especially if it is an offer for something that you didn’t directly solicit. First, perform a web search on the topic using a search engine such as Bing and see what results are found. You may find that it has already been reported as a scam.
You don’t have to become a paranoid techie to be safe, but you should consider your normal behavior and know that the stakes have changed in the digital arena. Protect yourself and your reputation, by protecting your personal information.