October 30, 2017
Share this post:
Written by: Wilma Walsh, Communications Manager, IBM A/NZ
Having had the pleasure of working with some amazing security experts over several years, it is fair to say I have a heightened sense of awareness – resulting from the security risks arising from an online presence – for myself, for my ageing but online father, for my kids and my less tech savvy friends. Even with the knowledge of the potential risks it would be fair to say I have lost count of the number of organisations that would have digital information about me – whether through social media, email, online memberships and loyalty schemes.
As my friends and family call me paranoid, and I start to doubt my own sanity, I am pleased to find I am not alone in my concerns. In the latest Australian Community Attitudes to Privacy Survey, the report states that “69% of Australians are more concerned about their online privacy than they were five years ago.” Worryingly, regardless of this concern, the report goes on the say that less than half of us regularly adjust our privacy settings on social media, and only one in four ask organisations why they need personal information.
If you are still not convinced, recent estimates by the Australian Attorney-General’s Department indicate that identity crime costs Australia upwards of $2.2 billion each year, with around $600 million lost through personal fraud, such as credit card fraud, identity theft and scams. To address this frightening thought, IBM Security helps banks and other financial service providers protect consumers by making it easier to identify fraudulent accounts with its IBM Trusteer New Account Fraud detection offering, launched just this week.
So now I know I am not alone or crazy, there are some personal precautions that I have started to take and encourage family and friends to do so too. I am very selective about who I provide my date of birth to, and where it is a required field, I provide the same fake one. Granted the ATO need my real DOB, but does H&M? Sure, it is nice to receive a voucher or birthday message but I am happy to get it any time. In addition, to protect my kid’s future online persona I have started to avoid using their names and instead simply use a letter. Furthermore, it may be hard to get friends to stop tagging you in photos but as facial recognition becomes more prevalent, I no longer return the favour.
Our digital history and the information we share builds over many years. I almost wish I could start again. But I am no expert. So, if you are just getting started or want to get more sensible advice here are a few tips from real experts.
IBM Security experts tips to keep your cyber-identity safe
Ideal Password = A Long, Nonsensical Phrase
While the death of the password has been long predicted, they’re currently a core method of access for most systems and must be created with care. While the “rule of thumb” for passwords in the past has focused on complexity – at least 8 characters combining letters, numbers and characters – guidance in recent months suggests longer “passphrases” – several unrelated words tied together, at least 20 characters – are actually harder to crack and easier to remember.
Store Passwords in a Digital Vault
Reusing passwords is one of the worst thing one can do, because if one gets compromised, an attacker can access other accounts as well. But memorising a different password for each account is virtually impossible, which is why 81% to 87% of people re-use passwords in the first place.Rather than try to memorise multiple passwords or store them insecurely on your phone notepad, use a password manager – which not only acts as a vault for existing passwords, but can also generate stronger passwords for you. Rather than managing over 10 passwords on your own, you’ll just have to remember the one key to your digital vault.
Lie on your Security Questions
Many account security questions ask about information that could easily be found online these days (former addresses, your mother’s maiden name, your pet etc). Consider either selecting questions that are opinion based – like your favourite colour or movie – or even using fake answers for these questions to ensure that only you would know the answer.
Double Dip on Security Checkpoints
Many services nowadays, particularly sensitive accounts like email and banking, allow for two-factor authentication (2FA,) which adds an extra security checkpoint when certain risk factors are present – like logging in from a new location or device. Determine which accounts are at risk/sensitive and add an extra login step to avoid a single point of failure.
The most popular example is an SMS sent to your phone at login, asking you to enter a one-time code to access the account. But second factor can be anything from an email to a phone call, an extra question before login is granted, or a hardware token generator that stands alone and produces time-based codes. Picking the right measure depends on your service provider, but you can also use your own judgement to secure your accounts.
Get Down with Biometrics
Even applying the best practices above, we’re quickly approaching a future in which the use of passwords as the sole method to establish identity isn’t enough. Biometric authentication uses physical and behavioural characteristics, such as fingerprints, as a means of protection and can use the identifiers that are uniquely you as a safeguard. At the same time, experts have devised ways to make sure this data is collected and applied in way that ensures privacy for consumers while preventing the ability for this info to be used by hackers.
Consider using the fingerprint option to unlock your mobile device, and back it up with a lock code. Some providers use voice signatures, others use facial recognition – the race to replace the password is in effect, and adopting these new methods can help test them and enhance them over time to make your digital identity more secure.