As more and more of our day to day transactions take place online, Digital Identity will touch almost every aspect of our lives. As a result, all of us have a responsibility to protect our digital identity and there has never been a more important time to pay close attention to your own personal online identity.
The COVID-19 pandemic and ensuing lockdowns around the world have meant that people are spending more time than ever online and the use of social media to stayin touch with family and friends also increases cyber security threats, including Digital Identity theft.
NEC New Zealand is one company working to bring a secure Digital Identity solution to businesses and individuals. Where our solutions differ from others in the market is in our use of world-leading biometric technology including facial recognition, fingerprint/palm recognition and iris recognition as a way to secure your Digital ID and its access.
There are several steps you can take to protect your personal information online. We have highlighted below 10 simple steps you can take to protect your digital identity:
1. Always check the fine print
When was the last time you downloaded a new app or signed up for something new using your tried and trusted email address? We all sign up for things on what feels like a weekly basis and we always get the little notification about what permissions you are granting to that particular app or service. But how many of us actually take the time to read the small print and really look at what permissions we are giving to that app or service? Social media apps are notorious for tracking your behaviour and for accessing your list of contacts when there may be no real reason do to so. Make sure you check the fine print and think about what you are allowing before signing up.
2. Use a password manager
We have talked about the importance of password management tools in the past, particularly in relation to cyber security. A password management tool is also a great way to protect your digital identity.
Passwords are one of the biggest problems when it comes to protecting your digital ID. If your primary email becomes compromised and you use the same password in many sites, an attacker has accessed the gateway to your online identity. Once you are compromised, they can reset passwords and cause serious damage to your life and potentially to your finances.
A password manager will help you to create, store and manage complex and unique passwords for every new service you need. You can also go back and update older passwords which may already have been compromised without your knowledge. Password managers can also assess the strength of all your existing passwords and identify those that are especially vulnerable and suggest alternatives.
3. Set up multiple online identities
In a recent article on Medium, author Jenney Clark recommends setting up multiple online identities in order to protect yourself online.
In the same way as you don’t sign up for work related tools with your personal email and vice versa, you should think the same way about the things you are signing up for with your primary personal email address.
For all things official (Government Records, Drivers Licence etc) use your primary email account or credential. For personal things such as utilities, mobile phones, internet services etc, use a secondary email address that is different from your primary. For social media accounts and other applications, use a third email address that is completely different.
This means that if you are compromised when using a social media site for example, that person does not automatically gain access to your important government information. By keeping your primary email address separate, and by not using it for other areas of your life, there is little to no chance of your critical primary identity being stolen.
If you have never used a password management tool before, there are lots to choose from, however Dashlane, LastPass and 1Password are all good options. Some offer enhanced services such as 2-factor authentication as paid subscription options.
4. Use passphrases, not passwords
Linked to the use of a password management tool, it is also important to create passwords that are as strong as possible. Any of the password management tools listed above will auto-generate a unique super-strong password per site, but if you want to continue creating your own passwords, there are a few basic steps to follow:
- Use a passphrase not a password. This basically means creating a random string of letters, numbers, and characters rather than words you would find in the dictionary.
- Your passphrase should be at least eight characters long including spaces but try and aim for 12-16 characters for additional security. The longer the better.
- A simple way to take a password to a passphrase is to replace the letters for numbers like this: P455phr453
- Never use personal information in your passwords such as key dates including birthdays and anniversaries or the names of your children for example. These can be easily discovered from your online profile and used to access your accounts.
- Don’t use the same passphrase for everything. If you choose not to use a password management tool, this will mean creating a unique password for every site and app you need to login to. It can be hard to remember all these unique, strong passwords, hence our recommendation to use a Password Manager.
5. Enable two factor authentication
Two-factor authentication (2FA) means that in order to either log in or confirm a transaction, you will need to use two factors to authenticate yourself, preferably a combination of: something you know (a password, PIN code or passphrase); something you have (a physical token, USB key, your mobile device); or something you are (fingerprint, face recognition, hand gesture).
Two factor authentication is becoming more commonplace these days and is offered across several services. From one-time SMS passwords to mobile authenticator apps, adding two-factor authentication to your security ‘set up’ is a great way to protect your digital identity.
Most Password Managers provide 2FA options and these can’t be recommended highly enough. It is one thing for a hacker to guess your password, it is another thing entirely for them to also have access to your mobile phone or fingerprint.
6. Avoid public WiFi
Public WiFi is notorious for cyber crime and presents a serious cyber security threat to anyone who uses a public WiFi hotspot. Airports and hotels should be avoided but even cafes and restaurants can pose a threat to the security of your device and your Digital ID. If it is absolutely necessary for you to use a public WiFi connection, use a VPN (Virtual Proxy Network) and ideally, use a paid version of one of the leading VPNs such as Express VPN or NordVPN. These will help to protect your identity and the leading VPNs come packed with additional security features which you should consider using in your day to day life online, not simply on public WiFi connections.
Without a VPN, never, conduct important business online, never access financial records or institutions or important government facilities online. Without a VPN, when you are operating in an open, public wifi environment, you should assume your traffic and keystrokes are being monitored. It is extremely easy for anyone to do so.
7. Be careful who you trust, especially in your DMs
Unlike your email inbox which more than likely has a fairly sophisticated spam filter, the direct message function on most social media platforms is not protected and therefore has become a very popular avenue for phishing attacks.
We are seeing a rise in this type of attack and this is down to trust levels associated with DMs. It’s almost become second nature to click on links in DMs on platforms like Instagram, Twitter, and LinkedIn and this is how cyber criminals are starting a new wave of attacks. The simple truth is that a lot of people don’t think about a potential phishing scam in their DMs whereas they expect it in their emails.
Threat Post reported in June last year that scammers had launched a sophisticated phishing attack on Instagram, sending out a DM that offered ‘Verified Status’ if you clicked on the link. This type of approach preys on people’s vanity and led to the theft of the personal information of thousands of Instagram users.
8. Be careful what personal data you put and where
These days, online services know that the more data they collect about you, the more potential there is to make money from it. Whether that’s information they hold in their own database which is used for remarketing opportunities or data that can be sold to ‘partners and vendors’, everyone is after a piece of you when you are browsing online.
It’s important that you consider the amount of data you have to provide when browsing/shopping online. For example, we would not recommend allowing e-commerce sites to store your credit or debit card details. You should also be careful about the amount of information you are requested to provide when signing up for free trials and online services. Check the fine print and see what they intend to do with that data. If it is free, you should never have to provide a credit card to access it.
Of course, there are very valid reasons for online sites to collect your data. It’s more a matter of trust. Be wary of those sites that attempt to collect more personal information than they really need in order for you to complete your transaction and try to stick to online brands that you know and trust.
9. Always take an extra second before you click or post
We’ve all been there; Someone we know, or even a brand we know and trust, shares a new poll on their social media channels – ‘Are you more productive when you work at home or in the workplace?’ It’s a simple yes/no question but just take the extra second before you click and think about the information you are potentially supplying when you click an answer.
These polls are set up to collect demographic data such as age, sex, location etc but not all polls are created equal. Is it really worth a potential personal data breach to answer a poll that’s not really going to have a positive impact on your life?
Just as important as considering you social media platforms is looking closely at the email address of the sender of emails in your inbox. One of the most common phishing scams comes from cyber criminals impersonating services that you sign up for (such as Netflix or Amazon). They will try and lure you in by emailing that there is an issue with your payment or your account. Be sure to check the ‘From’ field and ensure it’s actually from the company and not a scammer trying to gain access to your personal information.
Always take that extra second before clicking a link or posting something on social media and think about the potential repercussions.
10. Consider upgrading to paid versions
No matter what online service you are considering signing up to, always make sure you look at the fine print when committing to a free version. Unless it is clearly stated, most free versions of paid services and tools will collect personal information for marketing purposes. If it is free, you’re the product.
Technology companies will often use this data in order to provide a better user experience. However there are many tools and service providers that will simply use your data for marketing purposes and your personal details can then be shared and sold far and wide.
When you sign up, determine whether free access to a tool, service or app is a valid trade-off for your data. If you want to protect your data, check out the paid plans for these services as they will often give you much greater control over your privacy settings and allow you to control what can be shared.
Protecting your identity online has never been more important. With more and more of our day to day lives conducted online, protecting your personal information from cyber criminals is an important part of managing your time online.
By following these ten steps, you have a much better chance of keeping your identity safe online.
If you want to talk to someone about Digital ID, call one of the team today and we would be more than happy to talk about your Digital ID and how to protect it.