Several months ago I was at my Rotary meeting and one of my fellow Rotarians asked me about the iCloud scandal and what really happened. I explained that iphones automatically uploaded photos (unless you turned off that option) and those online photos were “hacked” and released to the public. When I told him this he said he was glad his phone didn’t do that – and I asked him “are you sure?” We checked his phone and lo and behold his photos were being uploaded to the cloud. Imagine his surprise and distress.
This then inspired me to put together a presentation for the club on data security and identity protection in general. The presentation was a hit and I’ve now given this speech 5 times, with an update just this week.
It made sense to turn what I have learned and observed into a series of blog posts regarding identity theft, data in the cloud, current security threats and what the government is putting in place to combat cyber security both within the government network and in the public space.
This first post in the series will focus on online and identity security and what you can do to help protect yourself while doing business and transactions online.
First and foremost, make sure you change your passwords often, at least once a year. This became readily apparent recently. LinkedIn accounts that were created prior to 2012 were stolen, including the passwords. If the LinkedIn members had not changed their passwords, the bad guys now had access to their name and passwords, which in many cases worked for other applications as well. Hundreds of people’s accounts were compromised simply because they had not changed their password.
Next, make your passwords complex. Include capital letters, special characters and numbers. And make the passwords long. You may already be forced to do this if you are on any Microsoft online service. Microsoft is no longer allowing simple, non complex passwords. By the way, do you know what the number one password phrase is? Password. Yes, really. That’s pretty amazing to me especially when people complain about being hacked.
When you do go online and set up links for your banks and credit cards, do not let the browser save your passwords when it asks. Yes, this is a royal pain because you have to remember the passwords. Trust me, I understand. We have dozens of passwords we have to keep track of ourselves. However, I’d rather keep my identity safe and it’s worth the extra effort.
If you are in a public location, and are using a computer and browser, clear out the browser history when you leave the computer. It is a good idea to learn how to do this with your own browser as well. There are settings for each browser type that allow you to clear the browsing history and cookies when you shut down the browser. We always recommend this option with our clients.
Another way that hackers get identity information is through fake emails. You can be absolutely sure that no bank or credit card company is going to send you an email saying “click on this link” to update your logon details. They just don’t do that. In fact, many credit card companies have web pages where they ask you to submit emails that are suspected to be fraudulent. The web pages may refer to them as phishing. Banks and credit card companies are getting much more aggressive in searching out the bad guys. Do your part to help them.
Finally, monitor your credit report often – you are allowed to do this for free once per year. Look for credit requests that you know you have not made. This happens more often than people suspect and can help quickly identify a possible identity theft.
The next article in the series will be on CNAP – Cyber Security National Action Plan – the government’s 2016 effort to combat security threats.