Twenty years ago, if someone had told you that someday, you would have to protect your identity from being stolen, you most likely would have thought of physical things like your driver’s license, credit cards, or social security card, not medical records being exfiltrated from your physician’s computer system due to poor cyber security practices or your digital data stolen due to a phishing email scam. The world has become a tricky place to maneuver due to the complexity of the internet and the threat actors that move through it trying to acquire you! Today, your data is you, and if you or the organizations you trust are not protecting it, you might as well post it all on social media for the taking. Everyone is a target, but some targets are easier than others. Simply put: nobody is safe.
So, what can you do to protect yourself? There are many things that an individual can do to be less of a target.
- If something is too good to be true, it usually is; no one will give you something for nothing! Be cautious when clicking on ads and receiving email offers that seem too good to be true; these are considered impulse clicks and can cost you dearly. You hear on the news and in articles that individuals were coerced into giving a threat actor access to their lives. This is referred to as social engineering, which is the psychological manipulation of people into performing actions or divulging confidential information.
- The best way to protect yourself against social engineering is to think about what you are about to click on. An impulsive nature will be your worst enemy. If you give yourself time to think about what you are clicking on, in most cases, you won’t click; you will reason that what you are about to do doesn’t make sense. Remember, threat actors are trying to trigger an emotional response to get you to give them what they want. I talked about social engineering first and not a bunch of technical safeguards and jargon because you are your best defense against social engineering.
Now, let’s talk about what you can do on a technical level to protect yourself.
- Invest in an identity theft protection service; there are many out there to choose from, like AURA, LifeLock, and Identity Guard, to name a few. These services will do the heavy lifting for you, keeping an eye on your identity 24/7 and giving you recommendations and directions. Some will even help you if your identity is stolen.
- Change the way you secure your data. Secure your personal data like you would secure your house and car; I will add that if you live in the country and you leave everything unlocked, don’t do that on the internet. Use a different username and password on every site you subscribe to; that way, if there is a data breach on a site, your data is more secure because you didn’t rinse and repeat. Use multi-factor authentication (MFA)4 whenever a merchant offers this security feature; it helps keep you and your data secure on the internet.
- Purchase a reputable password vault, like NordPass, Keeper, or 1Password5. This allows you to use better passwords; some of these applications will generate strong passwords for you. Please remember to protect the password application with a unique password you remember; follow the recommendations of your password app when securing it.
Other things you can do to secure your data at home are to install a firewall or use the one that your internet provider has installed on your router. This requires some knowledge of firewalls and how to configure them. A great consumer firewall is Firewalla6; its site also provides education.
Be careful of the sites that you engage in; there are a lot that are unsafe and can be very malicious. Your virus protection should have some safe site technology built into it, like Norton Safe Search. GBQ’s Information Technology Services offers risk and advisory services to small, medium, and large companies for a variety of services. Click here for additional guidance and to discuss your security posture.