Hacked accounts in the news, endless robocalls, online ads that eerily seem to read your mind. Do I hear Alexa and Siri gossiping about your secrets? It almost feels like paranoia is a totally appropriate reaction.
In 2018 alone, data breaches exposed four-point-five billion records to hackers. Three months into 2019 and another two-point-seven billion are already illegally available for sale. But hackers aren’t the only problem…
We’ve all read about the 50 million Facebook accounts involved in the Cambridge Analytica scandal. And another 30 million were exposed in October of 2018. Oh, and in September another 7 million had private photos revealed. Of course, Google knows every search you’ve made (yes, even in incognito mode) and tons of other stuff about you. And in 2014, hackers released a lot of not-so-clothed pictures stolen from celebrities’ Apple iCloud accounts.
Oh, and don’t forget that your internet service provider has a list of every website you’ve ever visited at home – and they sell that info to marketers. Some retail stores now track how often you visit and which aisles you spend the most time in. Three-hundred bucks to the right shady individual can buy me your exact location at any time. And nobody wants their credit info leaking. But it already has. Multiple times.
Feeling a bit “1984” over there, Winston Smith? Okay, let’s take a breath. Don’t start folding your tinfoil hat just yet.
There is one ironclad rule on our side: Nobody can abuse information about you that they don’t have. Which is why we need to take security and privacy more seriously. Because it’s on us. And so I present you with what could be titled: Internet Security and Privacy: The-More-Than-You-Care-To-Know Edition.
I’d like to single out Michael Bazzell for his fine work that I drew a fair portion of this info from. He spent years at the FBI’s cyber crime division and was a consultant on the first season of Mr. Robot. His incredibly thorough books are, The Complete Privacy & Security Desk Reference and Hiding from the Internet: Eliminating Personal Online Information.
We will cover everything from fundamentals like good passwords all the way to the paranoid level of aliases and burner phones.
So what’s the first step?
Know your “Threat Model”
Security and privacy are different. Security is somebody breaking into your online accounts. Privacy is someone having personal details about you.
And then there’s the “security/privacy” vs. “convenience” trade-off. It’s pretty much axiomatic that more secure means less convenient.
The answer is to think about your “threat model.” Ask yourself (non-rhetorically): “What am I afraid of? And how much am I willing to do to prevent it?” Are you more concerned about security or privacy?
Know what you want to defend against and you’ll know what measures will be vital.
1. Get Frozen
No, not the Disney movie. You need to get a credit freeze. It’s the best defense against identity theft. The best time to get one is yesterday. Or sooner.
Many of you are saying: “Yawn. I did that a long time ago with all three credit agencies.” To which I would reply, “Actually, there are 6 credit agencies.”
So fill out the forms for Equifax, Experian, Transunion, Innovis, NCTUE and Chex. There’s an excellent overview of the whole deal here.
And if you have young children get a credit freeze for them too. Kids are a big target because their credit is not only “clean” but also their reports are unlikely to get checked for, oh, about a decade or so. It would be awful for little Jimmy to be $300,000 in debt by age nine. More info on credit freezes for kids
2. Full Disk Encryption, Firewall, And Backups
This trio is critical for your computer. Full disk encryption keeps your data safer and a firewall protects you from some online attacks.
Backing up means if anything happens to your computer you won’t lose your data. You have to do this regularly, but it’s easy to automate. Think of it like homeowner’s insurance for your digital life.
The most important part of smartphone privacy is limiting app permissions like location data, contacts, etc. And don’t download sketchy apps.
Important point: This is something that comes up again and again and we tend to put it off. But it’s vital. In fact, many experts say it’s the single most important thing you can do to increase security…
3. Updates Are Annoying. Do Them Anyway.
Don’t put those updates off. Most of them are security-related. Apply updates ASAP. It often feels like it’s doing nothing but you’re forgetting that when it comes to security, “nothing” is a wonderful thing and “something” is very bad.
Routinely update all your devices. Desktop, laptop, smartphone, firmware on routers, etc. Enable automatic updates on any device that offers it.
After any update, check your settings. When new features are added they often default to the least secure options. And sometimes updates even turn on options you turned off.
Additionally, there’s a way to increase security and make updates less cumbersome at the same time…
4. Apps Are Not Pokemon. Stop Collecting Them.
If you don’t use something regularly, delete it. Smartphone apps, computer software, browser extensions, etc. This reduces “attack surface.” The more software you have, the more points of failure you have. More things that can have vulnerabilities. More potential rogue software doing things it shouldn’t do.
That said, this does not appy to your antivirus and malware protection — especially if you’re using Windows.
5. Your Passwords Bring Shame Upon Your Family
The most common passwords are embarrassing: “The top two slots have been left unchanged for the fifth year in a row. They are, maddeningly,‘123456’ and ‘password.‘
Learn how to create great passwords. Check it out! “How to create Passphrases”
Guard your primary email account with your life! If I can get into that, I can go to most every site you frequent and request a password reset. Hacking one account gets me all of them. And I’m not speculating here. This is exactly what happened to Wired reporter Mat Honan.
Wherever possible, use two-factor authentication (“2FA”) But it is best to use an app-based system instead. If SMS is your only choice, it’s definitely better than nothing. A helpful list of all major sites offering 2FA is here.
And finally, what if you want ultimate security (but not necessarily privacy) for that precious primary email account? Try Google Advanced Protection. Then nobody can get into your account without a password and a physical USB key. And it works. Google instituted it for all employees. How many phishing-based hacks have they had since then? Zero.
Barker, Eric. “11 Secrets That Will Make You More Secure on the Internet” Barking up the Wrong Tree – Blog March 2019