While I pontificate about information security every day, it’s rare that I just take a step back to catch my breath and make recommendations that all of us ought to consider. These recommendations are based on hundreds of discussions that I’ve had with clients, friends, family, or the bottom of my beer glass. The intent of this post is to provide some basic no-brainer “ounce-of-prevention” thoughts that you may elect to apply to your everyday routine. Some of these suggestions are to protect your own confidential information/identity, and some are to just reduce the noise in your life.
1) Noise reduction: Tired of junk phone calls and junk mail? Register with the National Do Not Call Registry to reduce telemarketing calls. If you receive catalogs that you don’t want, take a few minutes to call them to remove yourself from their list and from any lists that they (catalog companies) share with others. For one cycle of paying your bills (i.e. with your credit card company), do it the old fashioned way and send a form letter requesting that you be removed from any marketing lists. Reduce junk mail. Remove yourself from as many national mailing lists as possible by registering for the Direct Marketing Association's Mail Preference Service. You must renew your registration after three years. More detailed information regarding these tips can be found at the non-profit Privacy Rights Clearinghouse web site.
2) Back to basics: Check your credit report at least once a year. This will let you know if anything out of the ordinary has taken place regarding credit checks, debts, etc.
3) Protect your “extendo-brains”: I often refer to my iPhone as my extend-o-brain as I store lots of info that my puny brain RAM can’t remember. Remember, it only takes a second to lose your smart phones or tablet – if a nefarious person were to find it, what damage could they cause? Consider this:
- Password-protect your device.
- Implement a means of deleting the data on your device after a certain number of failed login attempts or if you lose your device.
- Consider the information you do store on your device. Don’t store any highly confidential data on it. For example, rather than storing passwords, write down hints about the passwords.
4) Speaking of passwords, use common sense. Your accounts that have little or no “value” don’t require as strong a password as critical accounts, such as your bank account. Consider using password vault applications. At the same time, don’t create passwords so complex that you must write them down!
5) Don't use a debit card. Debit cards offer less legal protection than credit cards in the event that the card is lost or stolen. A compromised debit card can result in a bank account being wiped out by a thief. Use a credit card instead and consider asking your bank to replace your debit card with an "ATM only" (i.e. no credit card brand) card.
6) Be vigilant for online scams, phishing, and links to nefarious sites. Used to be that the common scam was the “Nigerian Prince” scam; then came scam emails with obvious misspellings, and now many emails contain links to nefarious sites. Wal-Mart is NOT giving away $1000 gift certificates. Companies are NOT giving away free iPads. The world is not so generous. Sometimes these emails come from friends whose email accounts were compromised, and sometimes they come from what appears to be a legitimate site. BE PARANOID. Do NOT blindly click on any URLS/links that are sent to you. If it is something that a friend sent, confirm with them that the URL is real. Don’t just click on a link purportedly sent by a company that sends a link about a special deal; instead, go to the company’s web site to find it or call them. If a deal looks too good to be true, it probably is! Some helpful sites that you can use as reference:
7) Protect your personal information! Don't post any personal information publicly online, including your address, email address, or mobile number. Patient fraudsters will collect one piece of personal information at a time and try to use the information they have collected to collect more information or to ultimately steal your identity. This includes publicly displaying your full date of birth as that also makes you more vulnerable to identity fraud.
8) Don’t let everyone know where you are every minute! For those of you who post your location on social media sites (Facebook, TripIt, FourSquare, etc.), be careful. Criminals can potentially know when you are out of town, thus increasing the chances that no one is at your house, which helps pave the path for burglary.
9) Keep your system up-to-date with security patches and when applicable use anti-malware software, keeping signatures up-to-date. While this won’t prevent Bad Things from happening, it can at least help reduce the risk by protecting your system from many known exploits.
Even if you adopt all of the ideas presented above, it won’t absolve you of all risks or of that menacing phone call that happens just as you’re sitting down at the dinner table. That said, hopefully you will get a little more peace of mind along with a few extra ounces of prevention. Do you have any other ideas to add to this list?