Everyone knows that a lot of information about each of us is floating around various segments of the internet. The prevalence of online shopping, social media and portable computing has made us comfortable with this and in many ways that is a good thing for commerce, society and individuals. Many of us feel very confident in the controls that exist to protect data about us and in most cases that confidence is well founded.
October is Cyber Security Awareness Month and this is a great time to address this topic. Unfortunately, as a result of conditions, attacks and social engineering, components of our information slip out of the control of those that we trust. When this happens, those with motives less honorable than those of most of us will choose to take advantage of the situation.
This is when the value question comes into play.
- What would you do if you were told that your information was being held and could be disclosed to others or, in some cases, withheld from your use unless a demand is met?
- What can you do about this?
First of all, try to do all you can to limit the amount of data that you share with others. You do not always have to give everything requested to everyone requesting. Another technique that could help limit your exposure is being less than truthful when you do not have to be completely honest. Now, I am not suggesting that any of us lie, outright, but consider when and how data is used.
When you sign up for a service of some sort and you are asked for your “security questions” think about using answers that won’t allow someone to gather more information about you than is absolutely necessary. For example, many of you identify your city of birth in a public place like Facebook. With that information, that is rather available, someone could easily guess the answer to at least one of your security questions on another site. For that reason, rather than always entering your actual city of birth, consider mixing up your answers (of course, the more complex you make this, the more you need to track).
If you enter your city of birth as the North Pole, no confirmation will occur and as long as you remember that you used “North Pole” for that site, the chances of someone being able guess your answer will be greatly reduced. This is just one example and will be best used if you add your own creativity to it.
On the downside of captured data, recognize that at some point, some of your data will be taken hostage or withheld. Work on your plan to respond to that. Demand that your merchants and providers demonstrate that they meet or exceed industry standards and are protecting your data. In that vein, remember to not volunteer information unnecessarily. One example in that area is that most healthcare providers ask for your social security number when you start as a patient. I always decline to supply that and I have never lost the opportunity to use a healthcare provider that I wanted to use.
I believe that it pays to play close attention to your credit reports and related activity. The sooner that you notice anomalous activity, easier it will be for you to prevent further damage and repair what has happened.
Go have fun on the internet and let’s be safe and aware out there!
Image Credit: garethjmsaunders
About the Author: As Chief Risk Officer at Layered Tech, Jeff Reich (@LayeredTechCRO, +Jeff Reich) drives the company’s security and compliance services and guides risk mitigation efforts for clients. With more than 30 years of experience, Reich is a well-known risk management and security expert in the industry. He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distinguished Fellow.