On Monday, March 6, Tamara Adizes Jacobs, and her colleagues at the University of Toronto’s Information Security and Awareness Education Team, hosted a seminar with the aim of spreading information about electronic information security and how to protect yourself online.
While conducting public service announcements across all three U of T campuses, the Information Security and Awareness Education Team conducted a survey, resulting in consistent numbers across all three campuses. They found that 65 percent of individuals have never been hacked, 25 percent of individuals have been hacked, and 10 percent of individuals are not sure if they have been hacked.
From “my ex broke into my social media,” to “I have been watched through my webcam,” to “university systems are being hacked and held ransom to get their data back,” it appears anyone is vulnerable in the current digital world. The hope of the Information Security and Awareness Education Team is that everyone will learn how to protect themselves and manage their digital footprint.
A digital footprint is every contact made through the internet. It’s everywhere and larger than you think. Fitness bands track everywhere you go. Social media accounts, streaming music, using online banking sites, and so on record your information and activities.
“Everything connected to the internet leaves a footprint behind. This is your digital footprint,” says Adizes Jacobs.
It is important to learn how to manage your digital footprint. Information is being collected through various accounts, websites, and apps. This can be a serious problem if your information is leaked maliciously.
Companies may not protect your passwords. If you use the same password for multiple sites, this can have serious consequences. If someone gains control of your Instagram account, they are not likely to stop there, but to also try your password on all other accounts, including your banking account. It can affect your life in unexpected ways.
“Your Fitbit data can tell someone when you run and what route you take […]. This can let them know when your house is empty,” comments Adizes Jacobs.
An important aspect of managing your digital footprint and protecting yourself is being aware of what’s out there. When was the last time you searched yourself? You want to make sure that you own all links which are using your picture and information. Companies with unethical practices can take your picture and use it to advertise on dating sites. Subscribing to Google alerts for your name can also help you be aware of what is out there with your name on it, and allow you to manage it. People can make assumptions about you, and that last thing you want is to be blindsided by an unknown malicious posting, especially in a professional situation, such as a job interview.
The seminar further suggested attendees to compartmentalize online personas, in order to keep personal, professional, and fantasy personas separate. Your personal persona is the online “you,” from your banking accounts to your Facebook likes. Your professional persona is your online career, mainly sites such as LinkedIn. Your fantasy persona includes any online gaming, posts, or other activities done under a pseudonym. Despite this pseudonym, be aware that these accounts can be linked to you. One of the most common methods of linking an account to an individual is by resetting the password. When resetting a password, it is common for an alternate email to be displayed, claiming that the reset practice was sent to the email. This email may not be as anonymous as your pseudonym.
“Security is only as strong as our weakest link,” says Adizes Jacobs. “The most common password for the last three or four years […] has been ‘password.’”
There are two pillars of passwords. Your passwords need to be either short and complex, or long and strong, all while making sure not to use common patterns. The most commonly used word in a password is “love,” the second is the name of a pet. Using a sentence, typically referred to as a pass phrase, is one method of ensuring a strong password that is easy to remember.
“Never use the same password for everything. Try to at least switch it up a little bit,” advises Adizes Jacobs. “You will be compromised where security is most lax, but the password will then be tried everywhere.”
Adizes Jacobs also recommends everyone secure their brand. If your personal name or an online name that you’ve chosen for yourself is important for you, it is a good idea to secure the name space on other services. You don’t necessarily have to use it, but you can, for example, secure your twitter handle and make it private. This prevents people from impersonating you.
Another way to restrict access to your digital information is to modify your privacy and permission settings. When setting up accounts on social media sites, most services default to open or very public settings, but modifying these settings, based on your typical usage and comfort level, is an easy way to protect yourself.
When downloading an app, they typically request permission from your phone to gain access to things they do not need to run the app. These permission settings may be giving the app access to more information than you want.
These settings are incorporated into the deleting vs deactivating dilemma. When you delete an app or an account, your information is not always gone. You have to examine the terms of service on how to properly delete your profile form a service. Not doing so can cause a problem for some people.
“If some malicious app wants to, they can actually listen to your conversations,” says Adizes Jacobs. “Beware of these permissions, especially location.”