Reducing your online vulnerability footprint 

We all enjoy our online time; shopping, reading blogs (like this one), banking, and searching the web, but at some point, you may realize just how much of your habits are being tracked / recorded. At some point you may truly understand how much information about you is for sale online. I hear the “I am little on the totem poll” or “nobody would want my information”, but the truth is that everyone can be a victim, better to be ahead of the curve to reduce the odds of being the victim. Here is where this article comes into play.

In this article we are going to discuss how to reduce your online footprint. No, I am not suggesting dropping off the net, though a great idea, more of a how reduce the amount of your information is collected and sold online. Ways to reduce the collection points, ways to reduce the information, and ways to reduce the vulnerability of getting hacked.

Let’s build a scenario

An individual or group (Bad Guy Group 1 or BGG1) has decided to target an individual, “Joe”, to be hacked. Joe uses different social media avenues. Joe voluntarily puts up a lot of information about himself on those social media sites such as Joe’s pets, Joe’s favorite sports team and Joe’s family. Unless Joe was already locking down all privacy settings, Joe has now openly exposed a lot of information to the world. With just a few simple searches BGG1 can find a large amount of data about Joe. With some available data mining collection websites, BGG1 can purchase Joe’s information for pennies, and work to cross-correlate that information to first guess at Joe’s password for online sites. Once those sites have been compromised, BGG1 can do bad things to Joe. Most people use kids names, pet names, birthdays, anniversaries, holidays as passwords. With social media, all of that information is openly exposed from Joe’s account, that he shares every time he tags a picture of his kids by name or shares a video of how cute Fuzzy the cat is.

User accounts/account names

If you are going to access an account online, you are going to need a username for that website. While it may be easy to use the same username, or email address for every website (shopping site, banking site, forums or blog entries); much like your stock market investments, the key here is diversity. Using multiple user account names or multiple email addresses will add one extra layer of security to your online presence. “HOLY CRAP, HOW AM I SUPPOSED TO MANAGE ALL OF THOSE?” Is what just went through your mind, I know, it’s OK, we’ll answer that question in just a few more sections.

Passwords

Everyone knows you need to have passwords, and every website requires a password. The bare minimum for a secure password should be at least 12 characters with full complexity, not “password” or “letmein”. Your password should not use dictionary words or terms at all, but instead should be a complex phrase “ITH3lpD3$*1@#!`” for ithelpdesk123!`. On top of more complex passwords, you should be changing your password on the websites on a regular basis (quarterly at best) to ensure that your password is ever changing to hacking attempts. Most sites only recommend that you change them once per year, if at all.

Much like the usernames, don’t use the same password for all websites, use a different password for each site. If two sites use the same username and password, and one of those sites gets compromised, the odds of your other website accounts becoming compromised grow exponentially when you use the same username and password for everything. Again, “HOLY CRAP, HOW AM I SUPPOSED TO MANAGE ALL OF THOSE?” Is what just went through your mind, I know, it’s OK, we’ll answer that question in just a few more sections. Using a password generator website will help in the creation of the random passwords if you don’t want to create your own. A few of the random password generator websites will be listed at the bottom of this article.

Shameless self-promotion section – please read the Passwords article for more information.

Two-factor authentication

Two-factor authentication is great when used correctly, but realistically you are more than likely not using it correctly. You are probably using the same email address that you are using the website login and using your primary cell phone as your second factor of authentication. If these are already compromised, you are already giving away your information. If they aren’t already compromised, then it’s a matter of time until they are. The correct way to use two-factor auth would be to have a secondary pre-paid cell phone (that has no association with your name) that accepts texts and use that as your second form of authentication. By using a more secure form of two-factor authentication, you are again ensuring your data and connectivity security.

Internet Connectivity

By what means of connection are you getting connectivity to the internet? Home wired, home wireless, neighbors WiFi, hotspot, cell phone hotspot, coffee shop connection, workplace guest wireless, workplace wired, this connection type and location should make you think about what type of websites you access, while you are on that connection. How is your home network setup, is it secure (read the Home WiFi best practices article)? Remember just because the coffee shop is offering a free network connection, doesn’t mean that it is a secure connection. The coffee shop may be snooping your traffic for collection points. Your work connection, while allowing your traffic to pass through their firewall, gives you little security from BGG1 within the organization IT department to get your data. Always best to ensure that you have a secure private connection to the internet over a secure browser.

VPN’s

Browsers

How many web browsers can you think of? How many of those browsers are truly secure? How many of you switch browsers regularly to reduce the exposure of data collection? Do you use the incognito mode in your browsers? Do you regularly check the browser security settings to ensure you know how your data is being transmitted? Every time you go to a site, your browser collects a cookie. These cookies can be collected by websites and used for specific sales adds, or data mining collection. Cookies are typically removed from your computer when YOU delete them or when the cookies expire.

Some browsers provide an extra layer of security by obscuring your IP information, but only when used. Browser convenience is also another risk. The ability for your browser to remember your name, username, address, birthday, phone number, credit card information, bank account information, social security number as a convenience to you, should be very concerning and should be one of your first ways to reduce your online vulnerability (turn these “features” off).  Browser security should be checked on a regular basis.

Browser configurations

Each browser has specific configurations that can be set up to reduce cookies and tracking, or to eliminate old cookies. While these settings won’t eliminate, they will dramatically reduce the amount of your internet traffic will be recorded or reported to other websites. It is worth the time and energy to ensure the most secure configurations are in place in each of the browsers that you use. Unfortunately, each browser has a different method to manage those settings, so reviewing the settings for your specific set of browsers may be cumbersome.

Email lists

You get email every day from different sites, but how many of those emails do you just delete outright? If you are going to delete the email, you may as well just unsubscribe from the list. This action will remove your email address from the website distribution list (not your account), in turn reducing your online footprint in the event that your email gets compromised. Every site that you sign up with, sends an email. Some even send your login credentials in a single email. How many of you kept those emails? If your email gets hacked, you have all these emails from different sites, you use the same password for each site, guess what….All your data could easily be compromised.

Personal Data collection websites

Almost everything you do online is tracked, in one way or another, and all of that data gets sold to a number of collection websites. This data, in turn, gets sold again to buyers that want to have information about you. This could be anything from household information to shopping habits. Have you ever googled yourself? Not in a while now I know, but you should about every 6 months to see just how much information is online about you. Now access http://www.spokeo.com and enter your name, scroll through the list and find your information, click on it. This will show you a fraction of what information is available about you online and for sale. This is the amount of information that can be purchased for pennies and used for a wide array of purposes. That site listed above is only one of such sites, there are at least a dozen that have similar data about you. For me, these types of sites have too much info. Thankfully it can be removed for short periods of time (you have to remove yourself a few times a year from each) with a few simple steps, thus reducing the amount of your online data footprint.

Cell phone

While a great invention, with the high use of smartphones today, this is almost the easiest route of giving away your online information. Everything you do on your cell phone is tracked, from social media to commuting, to gaming, to banking. Your cell phone connects to a large group of network providers throughout the day (from the cell phone towers you drive by on your way to work, to the coffee shop that you saved the WiFi password, to your home network, to the bar that offered WiFi). Each of these locations collected some data about your phone without you knowing. Each of the apps you install has EULA agreements, and in those agreements that you agree to (without reading the fine print) you are giving away data, or allowing your phone to manipulate the data for the app provider. Reading what you are agreeing to, knowing where it connects, knowing what each app is doing when you aren’t using it are all critical pieces in securing your cell phone from giving your data away to the lowest bidder. Ensure that you verify security and privacy setting after every update is installed is critical. This includes the phone security as well as the applications installed.

How many of you used the same 4 digit code for your credit card PIN, and your cell phone unlock code. A person watching you enter your cell phone security unlock code, could potentially have your credit card PIN.

Credit cards

Most everyone has credit cards, and many websites will save your credit card information for future purposes. This is great when you are in a hurry to buy something and don’t have your wallet handy, but horrible in the event that the website gets compromised, as all of the information (Full names, addresses, usernames, passwords, phone number and credit card information) is usually taken. An alternative would be to use pre-paid credit cards when and where you can as they have a set balance (whatever you load onto the card) or do not have the website retain your credit card information altogether. While the data may still be compromised, the vulnerability to your financial state is greatly reduced. Not really reducing your online footprint, but definitely reducing your online financial risk.

Bank account information

Like many websites that save your credit card information, some sites also save your bank account information. In some cases, this is even more of a vulnerability than your credit cards being saved. While it may be easier on you for the site to save your bank account information, if the site is compromised, again, so is your information, and with the other items listed above, your bank accounts could be easily emptied.

Hopefully, you will use this generic information to rethink your online habits/practices. Use this as a start of your online footprint reduction. Don’t get me wrong, internet use when done correctly can be far more efficient, just be smart about how you are doing it.

Notes

Software 

Keypass, is a piece of software for username and password management. Can be found here – http://keepass.info/

Lastpass, is another software for password management. Can be found here – https://lastpass.com/

Password security check – 

http://www.passwordmeter.com/

Password generators – 

http://passwordsgenerator.net/

https://www.random.org/passwords/

Websites to remove your personal information –

https://www.abine.com/optouts.php

http://www.spokeo.com

http://donottrack.us/

http://www.skipease.com/

https://www.intelius.com/privacy.php

http://www.zabasearch.com/privacy.php

https://www.ussearch.com/

https://www.instantcheckmate.com/optout

If you enjoyed this article, please Like, share and comment.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s