Unless you’ve been living in a cave over the past few years, you can’t have missed the ever increasing number of articles in the news about website and information security.
Sure, the media doesn’t use such fancy phrases – they stick to talk of hackers and compromises, breaches and attacks. All these news items, however, come from the same root. The way we are sharing our personal information online is changing dramatically and it is putting us all at risk.
Before we all decide that perhaps a nomadic life free from the burden of technology is the only way forward, let’s take a look at what we mean by personal information and how we are sharing it (whether we know we are doing it or not).
We are all familiar with the traditional description of personal information. Back in the day, a person’s name, date of birth and mother’s maiden name were pretty much enough to get most things done. Organisations didn’t store much information about you as it all had to be processed manually and stored somewhere – and that all cost money.
Now we are connected and sharing by default.
Your collection of personal information is a complex picture of hundreds of identifiers and we give it out freely to hundreds of websites each year. This information includes the traditional ones plus all of the extra information about your online identity. Typical modern identifiers include email addresses and usernames, technical device identifiers such as phone numbers, IMEI (mobile phone device identifiers) and IP Addresses (identifiers for computers connected to networks). Data processing is now cheaply automated and data storage no longer requires storing boxes of paper in basement archives. The average smart phone has enough disk space to store the personal information for thousands of people.
So what is happening to all of this personal information?
Personal information is requested by applications and websites for a range of reasons. Sometimes they genuinely need it – it would be impossible to run an online store and not require the customer's address and telephone number.
Sometimes it’s perfectly innocent – providing a few extra pieces of information will improve your experience and make you feel more in control and welcome.
It’s not all unicorns and rainbows however: some of this information is sold to marketing and research organisations. Though some of it is never used at all and just sits idly on servers killing time.
While this is all well and good when systems and web sites are safe and secure, when they are subject to attack, your personal information is put at risk. The more information stored about you, the greater the impact if it is stolen.
For example, imagine if your Facebook information was stolen - while the list of your 'liked' pages may not be interesting, that web site stores hundreds of pieces of your personal information. Your entire online social identity could be compromised and there is little you can do once its gone.
Stolen personal information is a valuable commodity. Everything from credit card information to full online profiles can all be bought and sold in some of the darker parts of the internet. This is not somewhere you would want your information to end up.
So what can you do to protect yourself?
The important thing to remember when taking back control of your online security is that you always have a choice. You can look at every site that requests information or handles your affairs and decide if you should use it and how much information to give them.
In practical terms this means just 3 key steps:
1. Do a little investigating – assess your own safety
Explore the website a bit, take it slow. Find their blog or updates. Look for pages that talk about security. Do you have a choice about how secure your account is? Can you choose to use stronger passwords or to share less information? You want to be dealing with web sites that understand that your security is important and explain to you how to use their service safely.
Total time required – 5 minutes. Easy.
2. Use strong passwords and use a different password for every website.
Sounds hard right? It is.
So cheat. Learn how to use a password manager such as Last Pass to store all your passwords for you. Not only can you let these tools generate you long complex passwords for every site you have an account with but you can share this information between your devices. All you need to do is make sure you choose a long passphrase* for your password manager account.
*A passphrase is a long sentence or phrase that is used instead of a password. It might be your favourite quote or a lyric for example.
3. Take control of your data – play hard to get
Be conscious about what personal information you share. Remember that you always have a choice what to put in a field on a web form. Unless it’s a required field (typically marked with an asterisk), then don’t provide it. If it’s a required field but it seems like too much information in the context – use a dummy value. Remember that all web sites are not equal. You don’t need to be as accurate with your information when signing up to an online game as you would when buying stuff or banking online. ▼