Four Stages to Protecting Your Online Identity
Your online identity is becoming more important every day. It is a statement of who you are and is extremely sought after by those who may wish to steal your money, do malicious things in your name or just delete your entire online existence just because they can – see this frightening true life story by Mat Honan – How Apple and Amazon Security Flaws Led to My Epic Hacking .
In this blog we look at four stages for protecting your online identity so that you avoid becoming the victim of identity theft.
Stage 1 – Online registration
When signing up for an online service whether it be a bank, social media site or even a question and answer forum, always consider how much information about yourself you need to provide. Our blog Your Online Identity provides more information and useful guidance.
- Only provide the minimum amount of information about yourself as necessary.
- Realise the difference between Personally Identifiable Information (PII) and security information (see the Your Online Identity blog) and use it wisely.
- Use random responses to security questions. There is no need to give out factual information about yourself.
- Use different information for different sites to prevent compromise of one site leading to a compromise of the other.
- Keep all this information safe in hardcopy at home or in a good password management application. Although we do not recommend any particular product we know there are some good Password Managers available. See this review from PC Pro for an example
- Be careful with any information that is viewable to the general public. Avoid providing information such as:
- Home address
- Vehicle registration number
- Any financial information
- Memorable dates – DoB, anniversary etc. – unless you never use these as answers to security questions!
Stage 2 – Secure your locations and devices
Where you have control over the way that you connect to the Internet you must ensure that it is secure. There is little point taking precautions with your information only for it to be compromised via your own wireless network. In addition, you must take responsibility for the security of your devices be they desktops or mobile devices. They must not be accessed by anyone you do not trust. This is especially important for mobile devices which are more prone to loss and theft.
- Ensure that your home connection is secure. Set up your wireless network to use at least WPA-2 authentication. If you don’t know how, ask someone you trust to set it up for you. Ask them to show you how rather than doing it for you. Do not tell anyone your password unless you trust them to use the network connection. Alternatively, a quick search on the Internet will provide lots of detail about how wireless networks should be secured.
- Ensure that your administrator password on your wireless network device (most people know these as wireless routers) is a good one and not the same as the one needed to access the wireless network. If you don’t know what or where the administrator password is, ask somebody you trust to show you or again, search the Internet. If you are really paranoid there is sometimes an option to disable administrator access from the wireless network and only use a wired connection.
- Use a strong password on your personal device (smartphone, laptop, tablet) wherever possible. Ensure that it is set to lock after at least 10 minutes of inactivity. See our blog How to make strong memorable passwords that are difficult to crack .
- Use a good PIN to protect mobile devices that cannot use a password. Never use the same PIN to unlock your device as you have for a credit or debit card. See our blogs:
- How Predictable is Your Pin Number
- Ten Top Tips of PIN Security
- If you use a swipe pattern to login, ensure that the touchscreen is regularly cleaned so that it does not provide a visual indication of what your pattern may be.
- Keep a record of your phone IMEI (International Mobile Equipment Identity) number as you will need this to get you phone blocked quickly should it be lost or stolen. You can find out your 15 – digit IMEI number by typing *#06# into your phone keypad on most handsets. If this does not work check here for other ways to find out your IMEI number.
- Have AV / Spyware software installed on your devices, including smartphones and tablets, and keep it up to date. There are some very good free AV tools available so there is really no excuse.
Stage 3 – Accessing online sites
Where you access the Internet from and the devices you use are really important. The physical location (Internet cafes, wifi hotspots etc.) may mean the network has been compromised by malicious code i.e. spyware or there may be people watching you entering information. If you are using someone else’s device (laptop for example) then their security may not be as good as yours and the information you enter may remain on their device which can then be used again later.
- Only access from trusted locations and networks. Don’t log on to your personal sites from Internet Cafes or via any untrusted network (wireless connections in bars, on trains etc.) unless the login page is protected. You can check this by looking at URL which must start with http s ://. The ‘s’ in the https indicates that the site is protecting your username and password so that it cannot be intercepted. If ‘https’ is not being displayed do not login from an untrusted location.
- Only access from trusted devices. Preferably use your own personal device. If you have to use one other than your own be very careful what information you provide as it may remain on that device.
- Be aware of phishing attacks which try and get you to go to online sites which look like the real thing i.e. your real bank, but they are actually fake sites. The aim is to get you to enter information such as your username, password and/or PIN which they then use to access your real account.
Stage 4 – Using your device
It may feel sensible to use your actual device as a container for all your security information; after all, it is with you most of the time. However,
- Do not store any PII or security information in the clear on any device. Use a password application with a strong password (that is different from any other on the device).
- Be vigilant when entering the password or PIN into your device. Enter it as you would for an ATM machine – always think that someone may be watching and waiting. Once they know your device PIN, they will then target it for theft.
- Depending on your level of paranoia, do not allow auto-login to your sites (Facebook, Twitter, LinkedIn, Bank Account). Don’t click the ‘Remember me’ or ‘Keep me logged in’ option boxes. If your device does fall into the wrong hands it may only be a PIN that is protecting all of your accounts.
- Don’t click on links in emails unless you really know where it is going to take you. Be especially careful with short URLs as you have no idea what site they are linked to. You can check out short URLs before clicking on them by typing them into an expander such as CheckShortURL . With the ever increasing use of short URLs, it is not always possible to check every short URL however, remain vigilant and if you are suspicious of a website that you are taken to from a short URL, close the page as quickly as possible.
- Use your favourites bar to store URLs for legitimate sites that you frequently visit such as your online bank. Then, always use this link to get to the site and no other even if it appears to come from the bank.
To Sum Up
Your online identity is important and will continue to make an attractive target. By being aware of the risks and taking some simple precautions it is possible to protect your identity and use the Internet safely.
Article by Paddy Keating ,Director/Government Service Manager at Ascentor.
Other articles you might like:
For Further Information
If you have any questions about the topics we've covered, or would like to have a chat about any aspect of your own cyber security strategy, please get in touch with the team at Ascentor.
Please use the contact details below - also found on our Contact Us page.