Wednesday, October 10, 2012

Protecting Your Digital Presence

Every day we are putting more of our data and connecting our computers and devices to the "cloud" because it offers conveniences and features that are not available by other means. For example, you can have your data automatically backed up to a remote service provider, or access your home or office computer from any location with an internet connection. Although by doing this, we are also making it easier for criminals and hackers to steal our data remotely in ways that were not possible in the past.

For example a tech reporter name Mat Honan had his "digital presence" deleted by a criminal using social engineering. The attacker took over several of Mat's accounts (including Gmail, Amazon and Twitter), and even convinced Apple's iCloud customer support to reset his Apple ID password. Then proceeded to remotely wipe all his devices (e.g. iPhone, iPad, and MacBook). The attacker even used Mat's twitter account to post racist comments.

The summary only offers a very high level overview of what happened, but it does demonstrate some of the dangers of using "cloud" services and what could happen. This article is not intended to warn you against using cloud services, but to offer advice on how you can protect your "digital presence" .

To read the full account of what happened to Mat Honan you can read the following Wired article entitled "How Apple and Amazon Security Flaws Led to My Epic Hacking".
  • Be careful not to share too much personal information online that can be used against you like your mother's maiden name, your physical or mailing address, personal email address, etc. 
  • Be careful about which online accounts are link together.
    •  For example, if an attacker obtained a person's Facebook account password, they would have access to any site that used that account for authentication. 
  • Use two a factor authentication when offered by different sites, such as: eBay, PayPal, Google, Facebook, etc. Also call your financial institutions to find out what extra security measures they offer to help protect your accounts. 
  • Create a secret (e.g. unknown to others) backup email and voice account and use it for resetting your passwords across your different online profiles. 
  • Strengthen the answers for your "security questions" which are used to reset your password to your online profiles to use information that is not known about you by others or posted on the internet. 
  • Don't share your passwords with anyone; use strong and unique passwords for every site; and use a password manager to track everything. 
  • Keep an up-to-date local and cloud backup of your data, just in case one the backup fails there's an alternative. 
  • Portable devices that support a remote wiping service need to have an up-to-date backup of the data. If an attacker can access the user profile that associated with that feature they can remotely wipe that device. 
  • Make sure to set your desktop computer, laptop, tablet, and smartphone to auto-lock with a PIN or password when they're inactive. Even if they're in your home, and you're the only one using them. What happens when you have company, or if a criminal broke into your home.
More resources:

No comments: