Know Your FootprintThe task of protecting your information after a breach may seem daunting. Especially because much of the information accessed is personally identifiable information (PII) and the solution is not as easy as “changing a password.” Taking steps to protect yourself is important. Reports show that 1 in 3 data breach victims also become a fraud victim within the same year. The number one antidote to fear is preparation, and for many, there is plenty of time to prepare before anything happens. Stalk Yourself: We all know how to do it and admit it: you’ve “cyber stalked” your ex, your bizarre cousin, or the crush you had in your psychology class. But we don’t often think about stalking ourselves. But doing so is key to keeping yourself safe. The digital footprint we leave behind is important to know, because what we leave behind us can be maliciously used against us. Start with Googling yourself. Search your name in quotations with the city you live in, the school you attend, e.g. “John Smith” “Roswell, New Mexico”. Take note and organize what you find with each search and then continue to add terms to your name until you have a good idea of what is publicly available about you. Shut It Down: Now that you know what is available about you, it’s time to do the footwork of erasing that data! Remove pictures or posts that reveal too much information, especially anything that may answer a security question on one of your accounts. Deactivate or hide old social media sites that are no longer in use (the 90’s called and said you can shut down that MySpace account.) Remove yourself from tagged images, posts, or other content that you do not want to be public. Don’t want your name on that family tree website? Take steps to remove it. Check and recheck your social media privacy settings. While Twitter offers a handy do-it-yourself guide, social media sites like Facebook will need to be rechecked often, as they change their settings frequently. Rinse and Repeat: Unfortunately, with the Internet, your information cleanse is not a one-and-done situation. The process will have to be repeated often to ensure that new information has not surfaced. We recommend setting a reminder for yourself somewhere, whether that be a calendar event on your phone or a sticky note on your desk, to check on what personal information has become available. Do this by whatever schedule works best for you; monthly, quarterly, or yearly. In between checks, set up Google alerts so you’ll get an email notification as soon as anything becomes publicly available about you. NOTE: While all of this does help and is recommended, all readers should be aware that there are ways for individuals to still find the information you have deleted. Due to things like Google Cache and the Internet Archive: Wayback Machine, it is possible to still view these past pages and information. By keeping an active security conscious moving forward, you can help control the amount of publicly available personal information. Minors are Not ImmuneChild protection is something that is very important to us here at Social-Engineer. A couple of years ago, our CEO Chris Hadnagy created a 501(c)(3) nonprofit that works closely with law enforcement to help find and prosecute those who are actively trying to harm children. The Innocent Lives Foundation (ILF) has assisted in hundreds of cases by providing actionable evidence to stop predators from doing harm to those who should be leading innocent, carefree lives. They work tirelessly on not only helping those who are already victims but trying to protect those who have the potential of becoming victims. As parents, we are always trying to protect our children. When they were little, we stopped them from touching the hot stove. Then as they grew older, we made sure they wore their helmet when they rode their bikes. But now, we find that we also have to protect them from things unseen. In 2017, a study showed that 80% of teens (ages 13-18) and 23% of all tweens (ages 8-12) owned their own social media accounts. These children use social media to post pictures, talk to their friends, create videos or talk to those that share interest in their favorite video game or hobby. Innocent enough…until they meet someone who isn’t who they say they are. The ILF helped one such girl, Becca*, who was a normal 11-year-old girl who loved to use social media. Becca became friends with someone online who understood her well. Her new friend was a “14-year-old girl” who Becca shared her thoughts, feelings, and even pictures with. Becca’s new friend eventually told her she wanted to meet in real life. Fortunately, Becca’s parents became aware of their daughter’s new friend—who wasn’t really 14, or even a girl—a 32-year-old male child predator. Fortunately, with the ILF’s help, the predator was caught. This story highlights a very important point: this could be any of our children. And the only way to protect those who can’t protect themselves is to be proactive. So, where do you begin? ILF has created an easy-to-follow formula to help you get started: - Frequently Communicate: Have free-flowing communication with your children about their use of the Internet and social media. When your child feels comfortable talking with you, they are more likely to share with you what they’ve been doing and who they have been talking to. As was in Becca’s case, transparent sharing could save your child’s life.
- Educate: Arming your children with the knowledge they need to make smart, educated decisions when it comes to Internet safety is one of the best things you can do. There are several sites that can give you the tools you need such as, NetSmartz.org and InternetMatters.org.
- Establish Boundaries: Detail your expectations when it comes to your children’s use of social media accounts. Create an “approved list” of apps and websites. Write a list of what kinds of photos and videos are OK to share. Outline who they can talk to online and what information they should never post (address, school, phone numbers).
- Monitor: Many parents feel the need to take privacy one step further and use programs that help them monitor their child’s use of the Internet. Once installed on the phone, monitoring software can be used to audit the phone’s location history, call and text message history, and to track apps and their uses.
Security Throughout EducationWhile there are plenty of reasons to be concerned and worried for the safety of our children and our information, there also needs to be balance. Balance is especially important for our minor children, whose focus should be on their education and having fun. We should never let the reports and statistics and social engineering attacks scare us into forcing our child to completely unplug from everything. But with guidance and our own good example, we can teach our children to make smart choices and safely use the privilege of an online life. For those in college, Dr. Ullman’s advice is to be alert and vigilant. “If someone (or an online form) is asking for your social security number (SSN) for example, ask whether it’s absolutely necessary before providing it. [Use] two-factor authentication wherever possible to protect accounts. Be skeptical and suspicious of any email that comes in asking for money or credentials. Don’t ever put PII on social media or send through e-mail. It’s also a wise idea to make sure that you are monitoring your credit by obtaining a credit report from each of the 4 credit agencies (Experian, TransUnion, Equifax, and Innovis) once a year, which is free.” The dangers may be mounting, but we hope that your school year is educational, fun, and most importantly: safe. Written By: Amanda Marchuck *Name has been changed Sources: https://enterprise.verizon.com/resources/reports/dbir/2019/educational-services/ https://www.social-engineer.com/social-engineering-training/ https://mashable.com/article/pearson-data-breach-students/ http://money.com/money/collection-post/2791976/data-breach-victim/ https://www.social-engineer.org/newsletter/social-engineer-newsletter-vol-06-issue-84/ https://twitter.com/investigatorchi https://www.social-engineer.com/dont-pay-the-price-is-your-company-prepared-for-invoice-fraud/ https://www.newsday.com/entertainment/celebrities/familytreenow-com-how-to-remove-yourself-from-the-genealogy-website-1.12955422 https://www.google.com/amp/s/amp.cnn.com/cnn/2018/06/22/health/social-media-for-kids-parent-curve/index.html https://archive.org/web/ https://www.innocentlivesfoundation.org/core/uploads/2019/03/ILF-2018-Annual-Report.pdf https://www.innocentlivesfoundation.org https://www.consumer.ftc.gov/articles/0155-free-credit-reports |