How to protect yourself in the new digital world
Businesses collect huge amounts of data from their customers every day. Often times the data is collected without a direct business need. And most of these businesses don't have the knowledge, skill, or desire to protect it. But there are some people out there who do have a use for this data - hackers!
On the so called "dark web" stolen data is packaged and re-packaged, bought and sold, and finally used by hackers to target individuals with phishing scams or theft.
But you don't have to be a passive victim. You can protect yourself.
The best way to prevent your data from being stolen by hackers, is to not share it in the first place. Here are some practical strategies to avoid giving away your information unless absolutely necessary:
Hackers don't sit and think about what your password might be. They share huge lists of stolen emails, usernames, and passwords that have already been cracked. The account that you used 10 years ago on that website you have long forgotten about - that password is in a list being shared every day between hackers.
Even if your current account credentials are not in a list right now, they can use the known passwords associated with your email addresses or usernames to better help them crack your new account passwords.
haveibeenpwned is a free service that checks if your email or phone number has appeared in a data breach. It even has an automated notification service that can send you an email whenever you've been "pwned" by a new breach.
Hundreds of millions of accounts are exposed via data breaches every month.
Do you remember your passwords? If yes, then you're doing it wrong. Humans are very bad at creating good, unique passwords. Use a password manager to create and store all of your account passwords.
For all of your important accounts, you should enable 2FA. The most critical accounts to secure are your email and financial accounts. Do not use SMS-based 2FA unless it's the only option - banks are the worst about this. Do not enable SMS-based account recovery options.
Again, do not use SMS for 2FA! Your phone number can be hijacked via social engineering.
E.g. "Hello, my name is XXX and I lost my phone. Can you please port my phone number to this new SIM?"
So you're using a password manager and 2FA - that's great! But do you have backups so that if your computer or phone are stolen, you can still access your accounts?
When you enable 2FA on a new account, you are given what are usually called "backup codes". Save these backup codes in your password manager. You can use one of these backup codes to access your account, in case you lose your phone.
If you're using a password manager that saves a file on your computer, you can safely copy this file to your personal cloud file storage - e.g. Google Drive, iCloud, etc.
Email is not secure. Assume that your email can be read or modified maliciously.
Very few messaging apps have end-to-end encryption. And if they claim to have it, they most likely have a back-door which allows the company or government access to meta data and message contents.
Can we please stop using WhatsApp?
Use an adblock extension. I strongly recommend uBlock Origin. It is a trusted adblock extension that doesn't spy on you. The internet is a horrible place without adblock.
Do not install browser extensions - uBlock Origin is excepted. Malicious adtech companies and hackers buy popular, free extensions and then change their behaviors silently so that they can spy on their users' browsing habits and even steal their account credentials for banks and other services.
Do not use "anti-virus" software - e.g. McAfee, AVG, Avast, etc. These programs deeply manipulate your operating system's normal functions. And several times the anti-virus programs themselves have been exploited by hackers to infect computers.
There are many things you can do to improve your privacy and security situation in the new digital world. But everything takes time and energy. So here's a list to help you prioritize.
Scan the QR code for a link to this presentation