8 Ways to Protect Your Privacy Online

The only sure thing in the world of information security is that there is no such thing as a failsafe solution. It’s crucial not only to keep abreast of the latest threats out there, but to also act as though the mission is to find your way to safety from the middle of a lawless demilitarized zone that’s lousy with enemy snipers.

Sound extreme? Remember that Cold War classic “A Few Good Men” when Colonel Jessup (played by Jack Nicholson) tells Tom Cruise’s character “You have the luxury of not knowing what I know”? It applies here. I’m not saying I have all the answers, mind you. If anything I think the opposite. But I do know that I don’t know what’s going to happen next in the land of Data Insecurity, and that gives me a better chance of staying safe.

Still Not Worried?

Symantec just reported more than 500 million digital identities were stolen in 2015 while fake tech support scams increased by 200% and ransomware attacks increased exponentially as well. Hackers are getting better at their game—ensuring better results with better techniques and technology.

Want more? Dell SecureWorks annual report was recently released. The takeaway? Hackers are getting organized and entrepreneurial. Want to get access to a U.S.-based email account? It doesn’t matter if it is Yahoo, Google, or Hotmail, they’re all available for a pretty decent price: $129. (Note the market-appeal pricing!) According to the report, it costs a little more to get into a corporate account—understandably—and a little less to get into a Russian email account.

Also on the menu: access to Facebook and Twitter accounts — and for the same price as an email hack! There’s a panoply of services on offer out there — ranging from malware that aids snooping to doxxing — that opens up the possibility for all kinds of identity-related crimes.

So What Can You Do?

There is plenty you can do. The first thing is to change your life. I mean it. You have to completely change the way you approach your life as it intersects with things digital.

I’ve mapped out a way to do this in my book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves, which provides different discussions and strategies for specific situations ranging from identity-related tax fraud and medical identity theft to phishing and child identity theft.

But if you read nothing else on the topic, there are three simple things you should bear in mind, which I call the Three Ms.

  1. Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction. Don’t over-share on social media. Be a good steward of your passwords, safeguard any documents that can be used to hijack your identity and consider freezing your credit.
  1. Monitor your accounts. Check your credit report religiously, keep track of your credit score, and review major accounts daily if possible. (You can view two of your credit scores for free every month on Credit.com.) If you prefer a more laid-back approach, sign up for free transaction alerts from financial services institutions and credit card companies, or purchase a sophisticated credit and identity monitoring program.
  1. Manage the damage. Make sure you get on top of any incursion into your identity quickly and/or enroll in a program where professionals help you navigate and resolve identity compromises — oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions and HR departments.

Beyond the Three Ms, here are a few common-sense changes you can make to your daily digital life that will make you a moving target for identity thieves.

  1. Beware phishing. Never click on a link sent to you via text or email from a stranger. If you get a link from someone you know, first check if that person actually did send it, because they may not even know that they got hacked and have become a font of malware. Assume the worst!
  1. Be smart about passwords. Never use the same password for different accounts, and do not keep all your passwords saved behind a single password (like on your computer). Make your passwords complex, long and make sure they contain punctuation marks, numbers and other random symbols. 
  1. Use multiple-factor authentication. You may have received a notice recently from your email provider asking for a phone number that can be used to contact you in case your account is hacked — that’s multiple-factor authentication. If you are given this option, use it. Security is sacrificed on the altar of convenience way too often, and a little extra effort can make a huge difference in vulnerability.
  1. Consider encryption. It’s not as hard as you may think to start using a pretty good privacy-based encrypted mail system, and the upshot is that you will be much harder to hack.
  1. Tighten your privacy settings on social media accounts. Never post anything that will make it easier for a fraudster to guess things about you, because that could compromise any account that’s protected by security questions.

We all occupy a digital privacy landscape that is treacherous. It’s a no man’s land where criminals not just figuratively, but in actuality, hold sway over the good orderly direction of daily life. Whether you become a statistic may be out of your hands, but there are ways to improve your odds of staying safe, and it’s very much worth your time.

More on Identity Theft:

Image: moodboard

The post 8 Ways to Protect Your Privacy Online appeared first on Credit.com.

Privacy vs. Security: Where Should We Draw the Encrypted Line in the Sand?

phone_privacy

The recent Game of Phones between the FBI and Apple underscored an area in our jurisprudence that is screaming for more clarity. If there is a tipping point when the protection of consumer privacy should yield to the needs of a criminal investigation, where is it?

Few will dispute the obvious cases where the Constitutional rights of a citizen are disrupted by a judge who knows (or at least has access to) the legal precedents informing the decision to suspend a citizen’s right to privacy. A court-ordered search warrant trumps those rights, for a defined period of time, and it can happen fairly quickly when a member of the judiciary believes there is good and sufficient reason for it. Sometimes, in instances involving probable cause and easily discernible physical evidence, the law permits on-the-spot access.

The latter scenario came into play with the phone belonging to San Bernardino shooter Syed Rizwan Farook, an iPhone 5C running iOS 9. Law enforcement officials had every reason to believe there could be time-sensitive information on the device—information that very well might save lives. They attempted to access that information through Farook’s iCloud account. But, in the process, they made a mistake. They reset the password remotely. When they did that, they cut off a way into the device, an auto-backup, which may have been possible had the phone been transported and connected to a Wi-Fi network that it recognized—in this case, the shooter’s home wireless network. There was only one way to find out if that would have worked, and it disintegrated when a law enforcement official reset that password.

Locked out, the government requested Apple’s help. Apple CEO Tim Cook refused to provide that help on the grounds it would compromise consumer privacy and set a dangerous precedent. The FBI secured a court order demanding Apple unlock Farook’s iPhone, and still the company refused to comply, which begged the question: Should the government be allowed special access to information that is protected by encryption or any other method designed to protect user privacy?

In October 2015, the Obama administration had decided it was not a good idea to legislatively force decryption at the behest of law enforcement. “The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry,” FBI director James B. Comey told the Homeland Security and Governmental Affairs Committee. Not long after that announcement, the San Bernardino shooting caused the Justice Department to do a 180—getting a court to order Apple to decrypt. The case made daily headlines. Numerous briefs were filed by all stripe of organization on both sides of the issue. Then the action became moot because—reportedly with the help of a third-party technology firm—the FBI wormed its way into the phone.

But on the other side of the FBI’s successful workaround with Farook’s iPhone 5C lies a legal shadowland. This pivotal question about consumer privacy still has not been addressed, because the FBI successfully breached the phone without Apple’s help.

What Now?

When it comes to encrypted devices, can there be special access afforded to the government, in only extreme cases, without weakening the privacy protections afforded by encryption to consumers?

Digital enterprise probably won (by a smidge) in the battle over access to Farook’s iPhone because Apple was not required to provide what could have amounted to a permanent backdoor to law enforcement. The FBI said this week that it would help local law enforcement agencies decrypt information on devices without saying that it would specifically make available to them the means used to crack the San Bernardino shooter’s phone. You can be sure that when Apple closes the door on the FBI’s exploit, there will be an announcement and the fight over law enforcement access to encrypted information will resume in earnest.

It is not breaking news in the information security community that the FBI has had a Tor exploit for a while now. Tor is an anonymizing network that allows people to visit websites without being traced. There are as many legitimate reasons to use it as there are illegal ones—among the latter category being the trafficking of child pornography, which was the reason the FBI developed the tracker malware used to locate and arrest people who transmit illegal images. What is not known: how many other presumed safe platforms have glass walls for law-enforcement eyes only?

I think it’s also worth wondering aloud if the FBI always knew there was a hack to get in Farook’s iPhone. Were that the case, the FBI motion in this case would have been less about finding a way into the phone and more about two-stepping around the Obama Administration’s previously stated position to continue conversations and not go to war with Silicon Valley over decryption legislation.

In February, Tim Cook explained to ABC World News Tonight that the FBI had essentially asked him to create “the software equivalent of cancer.” The tension between selling privacy and having it compromised by legal means is not an easy one to navigate, but in this war of words and ideology, we need to do a whole lot better than we have so far.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

More on Identity Theft:

Image: stevanvicigor

The post Privacy vs. Security: Where Should We Draw the Encrypted Line in the Sand? appeared first on Credit.com.