National Cyber Security Awareness Month: Managing Privacy
It’s the end! The end of National Cyber Security Awareness Month that is. With October coming to a close, I wanted to leave our readers with an important lasting impression about personal and family cybersecurity; the daunting topic of managing privacy. This concept is threefold, concerning itself with online privacy, real-world privacy, and device security; which itself reaches back into the first two just a bit.
Online privacy is often the focus when privacy is brought up these days, as the Internet is often where privacy appears to get lost.ᶦ The Internet is full of information we voluntarily put there about ourselves and our family, as well as vast stores of information that companies keep about us for their own purposes. Starting with the voluntary information means reviewing privacy settings on social media websites and really putting in effort to understand what the settings mean.ᶦᶦ This idea is not remised in headlined this year, with more than fifty million Facebook users’ information being stolen last month alone.ᶦᶦᶦ
But the information stolen was information Facebook was supposed to keep safe, part of the vast store of information they keep about us, right? It’s Facebook’s fault, isn’t it? The answer is yes and no. No, because the email addresses used for Facebook should never have been the same addresses the users put down for, say, online banking or online shopping. The users had a choice in what email they used to sign up for Facebook, and best practices dictate it should have been a dedicated social media email account. The answer is also yes because Facebook has a duty to protect the information we chose to share with them, but not to share with the public, which includes whatever email address that was given. Nonetheless, maintaining separate email accounts for different categories of online accounts is highly recommended; one email for social media accounts, one for banking, and one for shopping, all with different passwords.ᶦᵛ
Real-world privacy has just as much to do with cybersecurity as online privacy. For those who still receive paper account statements from banks, this is an important concept. Having an in-home paper shredder and using it to destroy anything with names, addresses, phone or account numbers is a great first step in implementing real world privacy.ᵛ This will include receipts that show even partial credit or debit card numbers. This next one may seem obvious, but check the mailbox every day. I can’t speak for our readers’ daily, weekly, monthly and yearly habits, but I get important stuff in the mail a few times a year. This is key around tax season every year, when employers send out W-2 and 1099 forms, all showing a person’s name, address, and Social Security Number. Schools, banks, and brokerages likewise send out their respective 1098 forms with the same sensitive information printed on them. Checking the mail daily, not just around tax time, ensures only the intended recipient gets their mail. New for 2017, the USPS even offers previews of incoming mail items for anyone dreading unrequited trips to the mailbox.ᵛᶦ
Real-world privacy also includes not giving out personal information even when asked. One of my previous articles touched on this in asking readers to treat their phone numbers and email addresses like they would their home address. Don’t give it out unless absolutely necessary, and only after weighing the possibility of the information being re-shared without or even against permission. When shopping at the mall, say no to signing up for a new credit card at the register, even if it means not getting a discount. Free samples of perfume in the mall aren’t free when personal information is given up in exchange. Adults often have no problem heeding this sort of advice, but children tend to play fast and easy with their information, especially when the result is something pretty or shiny. Talking about both online and real-world privacy with the whole family helps keep everyone on the same page.
Device security, I touched on a few times already this month. Take a look at the other articles… I’ll wait… So how can private information be kept private knowing it can live just about anywhere these days; on a laptop, a home computer, an iPad, and on smartphones? Computers and mobile devices are regularly used to gain access to sensitive and private information, even when setup for multi-factor authentication.ᵛᶦᶦ Mobile devices often bridge the gap between the virtual-world and the real-world. Keeping physical track of mobile devices is arguably the most important variable in managing privacy in 2018 and beyond. Modern access, authentication, and authorization schemes now mix who you are with something you know and something you have; such as a username, password, and a software token from a smartphone.ᵛᶦᶦᶦ
Another point I touched on in earlier articles is using innocuous or random words to name, and password protect home wi-fi networks. It’s also a good idea to rotate the password on your home devices any time company comes over and uses the wi-fi. Modern day wi-fi routers regularly offer a guest network setup that separates guests from regular home network traffic, for exactly this purpose.ix Changing passwords on a regular basis is a good idea for bank accounts and cellular phones, not just wi-fi networks.ˣ The mathematician Claude Shannon said, “The enemy knows the system,” which means the only thing standing between a malicious actor and delicate private information is a well formulated password. Auguste Kerckhoff’s doctrine similarly states that information stored in a truly secure system should remain secure even if everything about the system is known, except the password of course.ˣᶦ
Footnotes:
i https://www.bbc.com/news/technology-41483723
ii https://ischool.syr.edu/infospace/2018/05/02/how-to-protect-your-privacy-on-social-media/
iii https://www.eff.org/deeplinks/2018/09/facebook-data-breach-affects-least-50-million-users
iv https://www.thestar.com.my/tech/tech-news/2018/07/29/the-benefits-and-risks-of-having-multiple-email-accounts/
v https://www.bentley.edu/offices/information-security-data-privacy/clean-desk-initiative
vi https://www.syracuse.com/business-news/index.ssf/2017/06/us_postal_service_now_lets_you_see_your_mail_before_its_delivered.html
vii https://www.ftc.gov/news-events/blogs/techftc/2016/06/your-mobile-phone-account-could-be-hijacked-identity-thief
viii http://www.pearsonitcertification.com/articles/article.aspx?p=1718488
ix https://www.bestbuy.com/site/shop/guest-network-router
x https://faq.oit.gatech.edu/content/why-do-i-have-change-my-password
xi https://lti.umuc.edu/contentadaptor/topics/byid/aac12aff-bb83-48cc-8ce3-7788f8f60fc0