Keeping personal information secure
By Gijs Roeffen
As more and more aspects of our lives go online, how can we make sure that our personal information remains secure, and that our conversations remain private? Here are five simple steps you can take to improve your online safety.
1. Create new, unique passwords for your online accounts
It may seem basic, but creating strong, unique passwords for all of your critical accounts is the best way to keep your personal and financial information safe. Reusing the same password across your online accounts means that if one account is compromised, all of your accounts are compromised. The majority of accounts are identified by your email address, which means that if hackers have that data, they already have half of your login information. There are also tools available to perform “password-spraying” against popular sites to see if your stolen username and password combination works, and if it does, your accounts are wide open.
Many browsers, such as Google Chrome and Mozilla Firefox, now come with built-in password managers which generate complex password suggestions for you, so it’s worth taking their recommendation and steering away from generic, repeated passwords. It’s also worth checking to see if your online accounts offer multi-factor authentication to verify your identity.
2. Protect your SMS messages
Attacks on SMS are often very targeted, since intercepting SMS codes requires specialist knowledge and hardware. While it is possible to intercept SMS messages over the air, it requires multiple factors to be aligned to be successful.
Using a two-factor authentication is an effective means of defence against account takeover, so be sure to check your SMS is protected. Alternatively, look into using an encrypted messaging service. Encryption jumbles the content of a message into random data until it is received on the other end, meaning that if a hacker intercepts the message, they won’t be able to view it in full. Apple’s iMessage service uses encryption, as does WhatsApp, which works across both Android and iPhone devices.
3. Keep your security questions (and answers) under wraps
Designed as a last-resort account recovery feature, security questions have proved to be deeply inadequate contingency mechanisms for passwords. It may be that if you forget your password, you will likely remember the name of your first school or the city you were born in, but by relying on factual data that was never meant to be kept secret in the first place, a quick web or social media search can lead criminals right to the answer.
Unfortunately, threats don’t just come from the outside, they can come from the inside, too. All too often the safety of personal accounts are compromised by people we know, whether a disgruntled former colleague or ex-partner, putting your online security at risk. If there is no other security option, make sure you’re using very personal questions which only you know the answers to, or make up the answers!
4. Ditch PIN codes and opt for biometric security
The truth is that when it comes to passwords and PIN codes, people are lazy. Not only do people use the same password across their online accounts, they will also use the same PIN for both their bank card and their phone, or they will use a generic PIN number. In fact, Tarah Wheeler, a cybersecurity executive who serves as the senior director of Data trust, Threat, and Vulnerability Management at Splunk, recently shared the most common PINs used by smartphone users to secure their devices. She got the list from an InfoSec expert via the SANS Institute. The most common PIN number? 1234.
Passcodes and PIN numbers can easily be obtained from looking over someone’s shoulder, or even photographed or filmed from another mobile device. Biometrics, such as finger prints, iris and facial recognition, can’t be captured in either of these ways and so, in general use-cases, are safer then passwords and PINs.
5. Secure your smart speakers
Users of smart speakers will be well aware of the joy and conveniences of playing what to want to hear, when you want to hear it, all through voice command. It’s likely, however, that you have also heard a few rumblings about the security of these devices. Firstly, ensure you purchase speakers from a reputable vendor with a culture of security auditing, such as Google or Amazon. While these devices do offer online storage for data, they do provide an option to delete it, if you wish to.
Ensure you create a new account when setting up your device, so as it does not have access to your calendar or address book, and disable any services or skills that you do not use. Protecting your account with two-factor authentication and ensuring you only connect to the internet via secure Wi-Fi networks will also help minimise risk of interception.