New Year’s Resolution: Avoid Top Online Security Mistake
You may be great at coming up with complex passwords, keeping your smartphone or computer’s software up to date, and avoiding phishing schemes.
But there’s another critical security mistake people often make online, according to Etay Maor, an executive security adviser at IBM Security: Oversharing on social media.
Don’t Blame the Dog
It’s not just sensitive personal data like phone numbers, credit-card numbers, and addresses that you should avoid sharing online, but also seemingly harmless information like your mother’s maiden name or your pet’s name.
Such details are often used as answers to two-step verification questions or passwords, and they can easily be found just by scanning someone’s Facebook page if that person frequently shares photos of their pets, for example.
“Today, people are writing about everything,” said Maor, who studies cybercriminal tactics on the dark web to help clients better protect themselves by understanding how hackers work. “They’re putting everything online, and then they get mad at you if you don’t read it.”
Do They Have to Know This?
In addition to being careful about what you share on social media, it’s also a good idea to do some critical thinking when it comes to the companies and organizations asking for your personal information.
Maor shared an example of when he filled out a new-patient form at a doctor’s office that asked for his Social Security number. He didn’t write it, and that decision had no effect on his visit, he said.
“So why did you ask me for that in the first place?” he said. “If you get breached and then the information is there, I’m going to have a whole other set of problems.”
Being selective about the information you share online is even more important as data breaches become increasingly common. Just recently, Capital One said it had been hit with a massive data breach that affected 100 million people in the United States and 6 million in Canada. Compromised information included names, addresses, dates of birth, phone numbers, the Social Security numbers of 140,000 credit-card customers, and the bank account numbers of 80,000 customers.
Scrutinizing why a company needs your information in the first place is especially critical when it comes to app permissions. Companies like Apple and Google are trying to make it easier to manage which apps have access to different parts of your phone.
But it’s up to the person to use those tools and keep track of what apps are actually accessing.
“We don’t look at it anymore—we just click next,” Maor said. “So we need to pay attention to these things.”