Call me paranoid – how to stay safer online

Share this post:

Written by: Wilma Walsh, Communications Manager, IBM A/NZ

Wilma WalshHaving had the pleasure of working with some amazing security experts over several years, it is fair to say I have a heightened sense of awareness – resulting from the security risks arising from an online presence – for myself, for my ageing but online father, for my kids and my less tech savvy friends. Even with the knowledge of the potential risks it would be fair to say I have lost count of the number of organisations that would have digital information about me – whether through social media, email, online memberships and loyalty schemes.

As my friends and family call me paranoid, and I start to doubt my own sanity, I am pleased to find I am not alone in my concerns. In the latest Australian Community Attitudes to Privacy Survey, the report states that “69% of Australians are more concerned about their online privacy than they were five years ago.” Worryingly, regardless of this concern, the report goes on the say that less than half of us regularly adjust our privacy settings on social media, and only one in four ask organisations why they need personal information.

If you are still not convinced, recent estimates by the Australian Attorney-General’s Department indicate that identity crime costs Australia upwards of $2.2 billion each year, with around $600 million lost through personal fraud, such as credit card fraud, identity theft and scams. To address this frightening thought, IBM Security helps banks and other financial service providers protect consumers by making it easier to identify fraudulent accounts with its IBM Trusteer New Account Fraud detection offering, launched just this week.

Birthday messageSo now I know I am not alone or crazy, there are some personal precautions that I have started to take and encourage family and friends to do so too. I am very selective about who I provide my date of birth to, and where it is a required field, I provide the same fake one. Granted the ATO need my real DOB, but does H&M? Sure, it is nice to receive a voucher or birthday message but I am happy to get it any time. In addition, to protect my kid’s future online persona I have started to avoid using their names and instead simply use a letter.  Furthermore, it may be hard to get friends to stop tagging you in photos but as facial recognition becomes more prevalent, I no longer return the favour.

Our digital history and the information we share builds over many years.  I almost wish I could start again. But I am no expert. So, if you are just getting started or want to get more sensible advice here are a few tips from real experts.

IBM Security experts tips to keep your cyber-identity safe

Ideal Password = A Long, Nonsensical Phrase

Password lockWhile the death of the password has been long predicted, they’re currently a core method of access for most systems and must be created with care. While the “rule of thumb” for passwords in the past has focused on complexity – at least 8 characters combining letters, numbers and characters – guidance in recent months suggests longer “passphrases” – several unrelated words tied together, at least 20 characters – are actually harder to crack and easier to remember.

Store Passwords in a Digital Vault

Digital vaultReusing passwords is one of the worst thing one can do, because if one gets compromised, an attacker can access other accounts as well. But memorising a different password for each account is virtually impossible, which is why 81% to 87% of people re-use passwords in the first place.Rather than try to memorise multiple passwords or store them insecurely on your phone notepad, use a password manager – which not only acts as a vault for existing passwords, but can also generate stronger passwords for you. Rather than managing over 10 passwords on your own, you’ll just have to remember the one key to your digital vault.

 Lie on your Security Questions

Pet names are easy to guess Many account security questions ask about information that could easily be found online these days (former addresses, your mother’s maiden name, your pet etc). Consider either selecting questions that are opinion based – like your favourite colour or movie – or even using fake answers for these questions to ensure that only you would know the answer.

Double Dip on Security Checkpoints

SMS and emailMany services nowadays, particularly sensitive accounts like email and banking, allow for two-factor authentication (2FA,) which adds an extra security checkpoint when certain risk factors are present – like logging in from a new location or device. Determine which accounts are at risk/sensitive and add an extra login step to avoid a single point of failure.

The most popular example is an SMS sent to your phone at login, asking you to enter a one-time code to access the account. But second factor can be anything from an email to a phone call, an extra question before login is granted, or a hardware token generator that stands alone and produces time-based codes. Picking the right measure depends on your service provider, but you can also use your own judgement to secure your accounts.

Get Down with Biometrics

Digital fingerprintEven applying the best practices above, we’re quickly approaching a future in which the use of passwords as the sole method to establish identity isn’t enough. Biometric authentication uses physical and behavioural characteristics, such as fingerprints, as a means of protection and can use the identifiers that are uniquely you as a safeguard. At the same time, experts have devised ways to make sure this data is collected and applied in way that ensures privacy for consumers while preventing the ability for this info to be used by hackers.

Consider using the fingerprint option to unlock your mobile device, and back it up with a lock code. Some providers use voice signatures, others use facial recognition – the race to replace the password is in effect, and adopting these new methods can help test them and enhance them over time to make your digital identity more secure.


More Security stories

Using AI to address the cybersecurity skill shortage

Author – John Martin, IBM New Zealand security practice leader Humans are the weak link when it comes to cybersecurity – over 90% of security incidents are attributable to human error. This is when people do things like click on a bad link, open an attachment which is laden with malware or fail to change […]

Continue reading

Be known for breakthroughs not break-ins

What you need to know about security and the Australian Privacy Act  Author: Chris Hockings, Chief Technology Officer IBM Security How would your company react if it lost $1M off its bottom line? Heck. What about if you lost $2.51million? With the growing threat of cyber – the question is when will you face a […]

Continue reading

Uncover your cyber experts

Author: Pelin Nancarrow, Incident Response and Intelligence, IBM Security The solution to your cyber-security needs might be closer and more readily available than you think. Barely a week goes by without another industry report highlighting the shortage of cyber-security related professionals in Australia and New Zealand, as well as across the globe. And with the […]

Continue reading