Wednesday, March 2, 2011

Protect yourself!



An issue of great concern to me is the manner in which the average internet user has no regard for protection of their personal details, nor any regard for general internet security. There are many malicious users of the internet and disclosing or not protecting one’s personal details willy-nilly is problematic.
Firstly, if you don’t have an antivirus, don’t be an idiot. Get one. If you want a decent, free antivirus then give AVG a try.
If it is your business (i.e. you make a profit) to be known and searchable, then by all means have a blast using your name and contact details wherever you can.
However, if this is not the case, and if you are, or plan to be, an active member of a forum, newsgroup or you regularly comment on news items or blogs, don’t use your whole, real name. Search engines crawl through data on public sites, and on popular sites crawling is a regular occurrence. Thus a comment that you make today will be an result item that appears the next time someone Googles your name. The ‘someone’ could be a potential employer, a potential ‘significant other’, and even (probably will be) your mother.
A general rule of thumb: if you don’t want your name associated with  an item that you publish or write on the Internet, then ensure that your name is nowhere near that item.

Create a pseudonym:
A great idea is to have an internet pseudonym. It is easy to use this each time you are required to enter in some kind of username, and it prevents you from having to think up a new name / username every time you sign up or register on the internet. This way, the awful, prejudiced and inflammatory comments you make on News24 won’t be the subject of your next job interview. Or the reason for your next court appearance.

Bot-protect your email address:
If you find yourself absolutely not being able to live without posting your email address in every textbox that you see, there is a way to ensure that spam bots don’t start filling your inbox with mail. Write your email address in a way that it isn’t easy for a non-human to read. For example: yourName [at] yourEmailProvider [dot] com. Also, do not post your contact details in public places. This includes forum threads, Facebook walls and your Twitter stream. PM (Private Message) facilities exist for a reason. Use them.

Social networks:
It’s bad enough when people  you know are stalking you. So don’t accept friend requests from people that you don’t actually know. Unless you don’t mind them knowing all your contact details, where you like to hang out, with whom you like to hang out and all your favourite movies, music and books.

Have a secondary email address:
Another good internet practise is to have a secondary web-based email address. Use that address to subscribe to daily newsletters, comics and for using on the myriad websites that require registration. All web-based email providers have great spam protection, and provide for comprehensive mail filtering whereby you can create your own rules as to what happens to an email when it arrives in your inbox. You can then set criteria as to what should be forwarded on to your primary email address. In this manner you can receive mail from dubious sources (by dubious I mean companies will sell your personal information to the first bidder) without compromising your primary email address.

Passwords:
It is imperative that one separates critical from non-critical passwords. There is even a little wiggle room for those passwords that sit on the dividing line. I personally have four password levels for different types of sites:
  1. Banking, share trading and other passwords that if compromised could result in financial loss
  2. Email passwords, where if compromised I could lose my email address at a minimum. This is as important as my ‘financial’ passwords since if access is gained to my email account, other passwords can easily be reset and retrieved since almost all sites allow password reset information to be sent to primary email addresses
  3. Facebook, Twitter and other social networking sites where if the password is compromised, my personal details become available as well as those of my network
  4. General password for sites that require registration, but if compromised won’t really affect my financial standing nor my personal details
The point that I should emphasise is that EACH OF THESE PASSWORDS ARE DIFFERENT. A detail that doesn’t usually factor into one’s password creating decision is that if every password for every site is the same, then if one site is compromised, you have effectively compromised your entire internet identity. This isn’t the stuff of conspiracy theory either. Below is a very plausible scenario:
  • You click on a link in an email that was sent  to you by a friend, email subject “Check out this cool video of me”.
  • You are directed to a website that tells you that you need to ‘sign in to Facebook’ to view the video
  • You enter your details in the box that looks just like Facebook’s login. Nothing happens; no video and you assume that the link doesn’t work
  • A malicious site now has your Facebook login details
  • The owner of the site can now go to Facebook and check your primary email address via your credentials that he has obtained
  • He can now go to your email provider and login there since your password for email is the same as that for Facebook
  • He goes through your emails to see who you bank with
  • username and a reset of your password
  • He obtains this, and can now access your bank accounts (One time passwords will not help you if he then requests that they get emailed instead of SMS'd)
The above process is even easier if you are using your real name and the same password registering on forums as you are for your bank accounts, as not all forums will protect your private data, nor do all the site owners have only good intentions.

There are many more precautions and checks that are necessary when it comes to protecting yourself on the internet. I will likely be covering some in future posts.




No comments:

Post a Comment