Security experts often say things like securityy is never passive", “technology alone is not enough", or "people need to be more proactive about their own security". But what does this mean from an actionable standpoint? The following tips, adapted for home users, are built on the same principles employed by IT security practitioners to guard enterprise assets.
1. Assume the worst and plan accordingly
For home users, this means assuming your credit card number or username/password will be stolen. Always check your credit card statements carefully and report any sign of abuse. To quickly detect identity theft, enroll in a credit monitoring service. Several antivirus vendors have teamed up with IDWatchDog so you can now get free credit monitoring along with your antivirus scanner.
You may also want to enroll your kids - regardless of age - in the aforementioned credit monitoring service. Not surprisingly, identity thieves often target children's social security numbers because the theft will likely go unnoticed until the child is old enough to apply for credit.
2. Know what others may know
Know what sort of information is out there about you and your family members. Use your favorite search engine and perform a search on your name. If you have a relatively common last name, it will help to encase your name in quotes so only exact matches will be returned.
If you use Facebook, assume your privacy settings will be reset at any time. Check your Facebook privacy settings often or use Bitdefender Safego to monitor Facebook privacy settings for you.
Help your kids understand the risks of TMI (too much information) posted online. To reduce the risk of rebellion, don't make it solely about them - explain you need their cooperation to help safeguard the family's assets. As one example, don’t tweet your vacation plans before you go; wait to deliver news of travel events after you’ve returned home.
3. Segregate and encrypt the sensitive
Store sensitive documents on external drives and make sure those documents - or better yet, the drive itself, are encrypted. Sensitive documents include things like tax returns, electronic credit card statements or any other correspondence that includes your social security or credit card number.
If you plan to use cloud-based storage or a service such as Evernote to store sensitive information, make sure it is encrypted before you upload it. That way, even if your username and password to the service was compromised, your sensitive documents should still be safe.
4. Always consider the domino effect
If a company you do business with online gets breached, stolen passwords from that service could be used to compromise other accounts if you happen to use the same password across multiple sites and services. This leads to a cascading series of compromise, the so-called domino effect. A successful password management plan actually lets you use fewer passwords by using them more effectively.
Segregate online accounts into password groups so you have fewer total passwords to remember. For example, if you subscribe to a gardening forum and a recipe site, chances are there’s nothing financially sensitive in your account info so there’s no harm in using the same password for both.
Sites that might allow someone to impersonate you should be considered sensitive even if no financial information is involved. Consider that if your Facebook account were compromised, attackers could abuse that account to social engineer friends and family, tricking them into installing malware – all under your good name.
Your bank account password should be unique. It’s fine to write it down somewhere if you need help remembering. The goal isn’t to keep someone from breaking and entering and gaining access to your account. The goal is to prevent someone from stealing the password to one of your other accounts and successfully being able to use it to access your online bank account.
Minimize the number of online financial accounts – use your bank’s online bill pay whenever possible rather than setting up and maintaining separate online accounts for each and every credit card or bill you owe. If you do have separate accounts for these, make sure each has a unique (and strong) password. Once again, it’s perfectly fine to write these down somewhere if you need help remembering.
Your email account password should also be unique. Since email is often used for account resets, attackers who gain control of your email account could then use it to reset passwords for other accounts you have. Always consider your email account as one of your most sensitive online assets.
To recap, assume the worst and monitor accordingly. Find out what’s already out there about you and take steps to minimize TMI online. Enlist the cooperation of your entire family. Segregate and encrypt sensitive documents. Use a password management system that will make it easier for you to keep your online accounts secure. Follow these tips and you will be following some of the same basic principles of IT security best practices.
1. Assume the worst and plan accordingly
For home users, this means assuming your credit card number or username/password will be stolen. Always check your credit card statements carefully and report any sign of abuse. To quickly detect identity theft, enroll in a credit monitoring service. Several antivirus vendors have teamed up with IDWatchDog so you can now get free credit monitoring along with your antivirus scanner.
You may also want to enroll your kids - regardless of age - in the aforementioned credit monitoring service. Not surprisingly, identity thieves often target children's social security numbers because the theft will likely go unnoticed until the child is old enough to apply for credit.
2. Know what others may know
Know what sort of information is out there about you and your family members. Use your favorite search engine and perform a search on your name. If you have a relatively common last name, it will help to encase your name in quotes so only exact matches will be returned.
If you use Facebook, assume your privacy settings will be reset at any time. Check your Facebook privacy settings often or use Bitdefender Safego to monitor Facebook privacy settings for you.
Help your kids understand the risks of TMI (too much information) posted online. To reduce the risk of rebellion, don't make it solely about them - explain you need their cooperation to help safeguard the family's assets. As one example, don’t tweet your vacation plans before you go; wait to deliver news of travel events after you’ve returned home.
3. Segregate and encrypt the sensitive
Store sensitive documents on external drives and make sure those documents - or better yet, the drive itself, are encrypted. Sensitive documents include things like tax returns, electronic credit card statements or any other correspondence that includes your social security or credit card number.
If you plan to use cloud-based storage or a service such as Evernote to store sensitive information, make sure it is encrypted before you upload it. That way, even if your username and password to the service was compromised, your sensitive documents should still be safe.
4. Always consider the domino effect
If a company you do business with online gets breached, stolen passwords from that service could be used to compromise other accounts if you happen to use the same password across multiple sites and services. This leads to a cascading series of compromise, the so-called domino effect. A successful password management plan actually lets you use fewer passwords by using them more effectively.
Segregate online accounts into password groups so you have fewer total passwords to remember. For example, if you subscribe to a gardening forum and a recipe site, chances are there’s nothing financially sensitive in your account info so there’s no harm in using the same password for both.
Sites that might allow someone to impersonate you should be considered sensitive even if no financial information is involved. Consider that if your Facebook account were compromised, attackers could abuse that account to social engineer friends and family, tricking them into installing malware – all under your good name.
Your bank account password should be unique. It’s fine to write it down somewhere if you need help remembering. The goal isn’t to keep someone from breaking and entering and gaining access to your account. The goal is to prevent someone from stealing the password to one of your other accounts and successfully being able to use it to access your online bank account.
Minimize the number of online financial accounts – use your bank’s online bill pay whenever possible rather than setting up and maintaining separate online accounts for each and every credit card or bill you owe. If you do have separate accounts for these, make sure each has a unique (and strong) password. Once again, it’s perfectly fine to write these down somewhere if you need help remembering.
Your email account password should also be unique. Since email is often used for account resets, attackers who gain control of your email account could then use it to reset passwords for other accounts you have. Always consider your email account as one of your most sensitive online assets.
To recap, assume the worst and monitor accordingly. Find out what’s already out there about you and take steps to minimize TMI online. Enlist the cooperation of your entire family. Segregate and encrypt sensitive documents. Use a password management system that will make it easier for you to keep your online accounts secure. Follow these tips and you will be following some of the same basic principles of IT security best practices.
No comments:
Post a Comment