Here are our five tips to protect your Digital Identity and to stay safe in the Cyberspace!
For those who are not familiar with the term "Identity", Identity simply means who we are. Each of us is a unique entity in this Universe. For example, you know some information about your friends which helps you to identify them as John or Alice or Jim. You know their very basic information such as their First name, Last Name or Email. Therefore, in the typical case, you don't share your confidential information such as Date of Birth, Driving Licence, IRD Number or Passport details to anyone except to trusted authorities or parties (Banks, Government Agencies). This is how we protect and treat our real identity in the real world.
Today, we have our Digital world, or most popularly known as the Cyberspace. In cyberspace, we use our Digital Identity to interact with each other and with online applications. For instance, when you access your corporate company applications or when you connect and communicate with your friends on Facebook or when you use applications such as Gmail you are using your Digital Identity. Like Real Identity, your Digital Identity consists of several characteristics or attributes, such as your First name, Last name, Username, Password, Mobile number, Date of birth, and other online, or digital activities, or histories.
In summary, your Digital Identity allows your access to smartphones, social media, and other online applications. This access occurs after going through processes called authentication and authorization. Authentication is a means of proving your identity in the digital world. Once the user is successfully authenticated or identified, the next step is authorization. Authorization of the user access to the applications will be determined by the access controls methods implemented by the Organization. Once the user is authorized, the user will get access to the applications and can interact with other digital identities.
Let’s imagine that someone else guesses your password and other identifying characteristics mentioned above and can log in to your applications and thus steal all your private information. The impact would be a shocking and severe consequence to your digital and real life. Therefore, you can understand the importance of authentication in the digital world and keeping your Digital Identity information including your password confidential and secure.
Hackers (the bad guys) use a few different techniques to trick people and to obtain personal information including your password. The most popular method the criminals currently use to fool people is something called Social Engineering. There are few forms of Social Engineering;
Phishing: – The attacker use emails, texts and phone calls (that appear to be from a reputable source) in order to obtain personal information.
Shoulder Surfing - The attacker read sensitive information just by looking over someone's shoulder.
Dumpster Diving - The attacker finds sensitive information just by going through your discarded waste.
Piggybacking or Tailgating - The attacker enters the facility/secure area just by walking in the door/lift with the victim.
Impersonation: – The attacker is pretending to be a trusted person.
The bad news is that, no one is immune from Social Engineering attacks. Therefore, sound judgment and critical thinking are the keys to protecting yourself against hacking, social engineering, and cyber-attacks. As a security practitioner, my goal in this article is to give you five tips to protect your digital identity and ultimately yourself from cyber-attacks and identity theft:
1. Do not share too much information
Sharing too much information with too many people can cause leakage to your confidential information. You must not make your sensitive details such date of birth, passport number, PIN, or IRD number visible to the public. Do not add strangers as your friends on social media such as Facebook. Review the installed applications on your devices and configure the privacy and permission settings accordingly. Limit the personal information collected by third parties.
2. Create a strong password
Click the link to see my previous article explaining how to create a strong password to protect your Digital Identity. Password must be treated as confidential information and do not write it down. Passwords must not be shared with anyone including to the support personnel such as help-desk or customer service. To prevent Shoulder Surfing, mask your password. Do not make your password visible as you type, you can configure your smart devices and can turn-off this feature. Because passwords can be compromised over time, it is wise to change your password on a regular basis. If possible, you must configure all your accounts to use multi-factor authentication. Multi-factor authentication is a combination of factors or two-step verification for more secure identification.
3. Protect your devices
Always protect your smart devices with automated password protected screen lock. Do not let the bad guys access your laptop or your smart device. Only install software from trusted sources. Review the application permission requirements before you install an app on your smart devices. Make sure you don’t have any unwanted software (aka Malware or Spyware). Also, make sure all your applications and device software are up to date. Updates, especially security updates are targeted to fix known attacks or vulnerabilities so don’t miss them. Encrypt your devices and external SD cards to mitigate someone stealing the disk drives and memory cards and reading your data. Remove all personal information from your smart devices or computers before you dispose of them.
4. Avoid using shared public computers
Try not to use a shared public computer (e.g., Internet Cafe) to access your applications including your social networking apps. If you must use a shared public computer, make sure you log off correctly. Only connect to secure wireless hotspots.
5. Prevent Phishing attacks
Use critical thinking before you click the link or before you open the email. Also be aware of Spam messages and learn to recognize them and delete them immediately. Do not open any attachments or click any links.
To prevent identity theft and cyber-attacks, you have to be vigilant, and you must use critical thinking skills. Treat your digital identity the same way you protect your real identity. Please stay safe in the Cyberspace!
Aneesh Varghese is the Director & Principal Consultant at InfoSec Consulting a firm specializing in professional information security consulting services.
#InfoSec #DigitalIdentity #Protection #Privacy #CyberSecurity #identityandaccessmanagement #PasswordManagement #PasswordPolicy #SecurityAwareness #cyberwarfare
