| Central Penn Business Journal
Social-network security 101: Part 3, becoming a wise grasshopper
You alone are responsible for the security of your personal systems, social network profiles and smartphone devices.
The top 15 things you can do to improve your personal security posture:
- Maintain up-to-date antivirus/malware/spyware protection.
- Make sure your system has the latest updates and security fixes.
- Don't click on a shortened Web URL without examining where it will take you. Really? You'll click on a link not knowing where it will take you? Many services (like bit.ly) provide a means for you to see the full URL before going to the site.
- Continually verify your public social network profiles and information visibility. Decide what you are willing to share publicly about yourself. The more public information you have available, the more likely that info can be used to answer security questions to reset passwords (including your financial accounts and corporate network).
- Don't friend people you don't know on any social network. If you don't know them, why friend them? It's like leaving your front door unlocked with a sign that reads "Intruders Welcome."
- Use a dedicated computer for doing your finances online. I use a virtual PC running on my home computer from which I only connect to financial sites. Why? If you have a shared or family PC, can you ensure that everyone that uses your computer is being as security conscious as you? Oh, look, a short URL, click!
- If at all possible, try not to use mobile financial services.
- Never click on a link in an email or open an attachment unless you are expecting the email from a trusted source. Go one step further and use file hashes for email attachments to ensure file integrity.
- Use different user IDs and passwords for every financial account you have online (don't have user IDs that contain your name). A good password manager that will store and encrypt your site credentials can help.
- Use a unique email address for your financial accounts, then any financial emails sent to your "regular" email address can instantly be flagged as bogus.
- Use encryption whenever possible. Use https:// for email, social networks, anything that you can. If you use POP3 or IMAP for email, use the secure settings you can obtain from your email provider.
- Use the strongest passwords allowable. Use upper and lowercase, numerals and special characters. Create a password that uses the maximum number of characters.
- Change passwords at least every 90 days. Also change security questions, if possible.
- Investigate mobile applications before you install them. Only install from trusted sources.
- Read what changes an application will make and how it will interact with other applications and your system before you install it.
Regarding the question I asked in Part 1, "Do you have any sort of security protection on your smartphone?" Not having any security protection on your smartphone is like swimming with piranhas. Instead of taping a "Kick Me" sign on your back, make one that says "Hack Me." To read Part 2, click here.
You cannot completely protect yourself from the "bad guys," but you can sure make their job of compromising your identity or data that much harder. Remember, due diligence and constant vigilance will help to make a wise grasshopper.
Mike Wright is a corporate faculty member at Harrisburg University of Science and Technology.