Recommendations to help secure yourself from scammers, hackers, and data brokers.

Modern computing has made it easier than ever for hackers, scammers, and data brokers to access, share, or steal your data. A wise move is to secure yourself as much as possible to limit the impact of existing or future breaches and limit the amount of personal data as you can.

Cloud

Corporations think savings when it comes to cloud computing. It’s always about the bottom line and not necessarily common sense. Yes, Cloud is cheaper than owning and maintaining racks of hardware and servers along with the staff to support them. Like with everything else in this day and age, having others do the work makes it more affordable, just like drop shipping furniture from China or call centers in India, but at what cost?

Are these companies really saving money? I don’t think so. Where that money is spent has simply shifted. That savings is spent on software, security, patching, and pen testing. It’s not all cybersecurity that costs money either. Take the CrowdStrike, ironically a security company, patch that cost companies millions by blue screening Windows around the world or the constant Microsoft patches that cause havoc.

Other Targets

The other area being targeting is supply chain. IT in many industries has shifted from teams of developers to teams who recommend, manage, and maintain off the shelf software. When those products have an issue, or are compromised, you bring the problem home and need the business or software provider to remedy the problem. In some cases you have already lost money and productivity by the time they react.

Still, the biggest area for security breaches and intrusion are people. Whether it’s a configuration mistake, an accidental click in a phising e-mail, or an angry employee, people are typically the easiest path to accessing data and systems.

Personal Data

Cloud computing has increased data breaches, it’s just sitting on the Internet after all, and chances are that you have likely already been compromised. If you don’t pay attention that data can be sitting on the dark web or internet for anyone to misuse and it’s nothing you caused. My Social Security Number, birth date, name, contact information, and address was made available when AT&T was breached. What’s really annoying? I had not been a customer for many years. They kept my information in a database sitting in the Cloud where it was stolen. I was listed in the breach of Equifax also.

Reality

Once your SSN and personal identifiable information is available, you must protect it for life. That’s the suck about this. Unless you get issued a new SSN, people can use that to work, access your tax information, and open banking accounts. Another dangerous number you should protect at all costs, your drivers license number. If someone has that you could find yourself in jail for something you did not do. This happened to a colleague of mine while they were on their way to the office when pulled over for a minor infraction. Someone had used their information when arrested.  

Protecting Yourself

Here is a list of things I suggest to hopefully limit bad things. It’s not that bad; although, I would suggest paying for a monitoring service like Norton Life Lock or Experian so you are alerted when things get exposed.

The Most Obvious.

• Use a password safe. I like Enpass which can check for weak, reused, and/or compromised passwords. It can also generate complex passwords. The good ones all have many of these same features. I also do not store passwords in the browser or sync passwords between devices.
• Use long complex passwords, a mix of upper/lower case letters, numbers, and special characters of at least 16+ length. Turn on two factor authentication where applicable. for any accounts you create.
• Add your own pin to your phone’s SIM card. You only need t o enter it after rebooting your device and wanting to access cellular service.
• Encrypt drives on laptops, phones, and tablets.
• Live by three rules.
  • If you did no initiate a call, e-mail, or text, ignore and/or delete it.
  • If you do not know the person or company contacting you, ignore and/or delete it.
  • If it’s a company you do business with or a person you know personally, especially asking for private data, money, or anything that sounds urgent, stop and contact that company or person directly before doing anything. Don’t trust attachments or links in messages or e-mail. With AI, you need to be even more diligent.
• Delete accounts you no longer use. If possible, call and request your personal data be removed.
• Be overly protective of your banking, investments, and credit accounts. Banks are better than most at keeping things secure, but if you ignore the most obvious for many things, don’t for banking.
• Don’t trust ads on social media. You may think they give a shit about you, but they don’t.

Social Media

• Be careful what information you share on Social Media and try to friend mostly people you know personally, and verify them if you are unsure.
• When posting photos, obscure landmarks or avoid posting images around your home. AI can identify where you are these days with a photo. Turn off GEO tagging in your camera or scrub meta data before uploading.
• Avoid posting common routines, planned vacations, and family photos on public accounts.
• Lock down your social media accounts as much as you can and make business accounts separate from personal.

The Least Obvious

• Lock your credit reports at Experian, Transunion, and Equfax. You can install Lock & Alert, Experian, and TransUnion apps on your smartphone to allow easy lock and unlock. This will stop banks from issuing accounts and loans as you must unlock the appropriate report to do those things. You do not need to freeze in some cases. If your data has been used, a freeze will likely be better, but I am not an expert on that matter. You should discuss that with the credit bureaus. More info on locks and freezes. Lock has prevented a few attempts to create accounts in my case.
• Review your available personal information in searches and check the dark web using Google’s free tools. Login to your account and do a security and privacy check up.
  • To review and request private data removal:
  https://myactivity.google.com/results-about-you
  • To do a darkweb scan (you will need to provide data for it to look for: https://myactivity.google.com/dark-web-report/dashboard
    • You can find these tools through Google, I only provide the links for convenience.
    • Change passwords or remove any accounts you see listed in the dark web report. Unfortunately once that data is out, it’s out forever, which is why I think a monitoring service is beneficial.

• Create an e-verify account. You can lock your SSN there. U.S. only.
  •  https://www.e-verify.gov
• Create a Social Security account. Verify you pay in history to make sure someone isn’t using it to work, or whatever.
  • https://www.ssa.gov
• Create a BMV account for your state. If you can lock or receive alerts on your drivers license number, do it. U.S. only.
• Create a US Post Office account. Make it harder for someone to change your address. U.S. only.
  • https://www.usps.com
• You can also set a pin on your SSN for filing taxes. U.S. only.
  • https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin

The key is to own accounts and lock as much data that affects you as possible. If you don’t, someone else might.

In Conclusion

You cannot be 100% safe and you cannot protect all of your data. The truth is that a lot of our personal information is in the hands of data brokers even if you haven’t be subject to data breaches. Much of that is collected from social media and public records. You can use a service like DeleteMe to clean up some of that, but the nature of the web makes it difficult to be totally anonymous or secure unless you have the resources to keep up on it. Doing as much as you can, mostly for free, is a good way to protect yourself.