The internet never forgets. Once posted, it's near impossible to remove content, even if the right to be forgotten prevents it from being searched. When it's personal, that content is important. The most humiliating moment in someone's life may be immortalised forever, waiting to go viral. The information posted online can help thieves, whether it's knowing when there's an empty home due to a holiday, to information that can be used for identity theft. Then there are breaches of security, whether it's a cracked user password or a systematic insecurity like Heartbleed. Documents in cloud storage, personal information provided to companies and financial data are at risk.
Small decisions being made day to day impact personal security online, so controlling what data can be accessed, and by who can be challenging. Exerting control is often as much a matter of choosing not to do something as it is active prevention; non-participation is sometimes stronger than encryption. Avoiding poor decisions can require some knowledge. The tips provided here have two areas of focus: Preventing insecurity in home networks and controlling private data.
1. Keep track of your activities
Without knowing what services have personal data, it's not possible to remove it. Keep track of what websites and products have been used. It's standard for most services to request access to user data or to ask the user to install something. Both represent an investment of trust on the part of the user. Sometimes it's best to avoid using unnecessary services; nothing is foolproof, no matter the intent of the developer. Smaller services have less money invested in security in particular, and may be more vulnerable to leaking customer data.
2. Use Restraint
The next step in preventing content from becoming accessible is preventing that content from being created. Try to avoid social media when anything less than sober and think twice about posting publicly even when you are. This applies to emails, chat and anything else others receive. There's always the opportunity to make a mistake and send it to the wrong person or for the recipient to disclose it to others.
3. Control the Audience
When posting to social media, be sure to send it to the right people. On Facebook, this means making groups and selecting them before posting. Most social media have some form of control, even if it's only hashtags, although the goal for most sites is to increase visibility, not decrease it. Control can also mean only being associated with trusted friends on those sites, because posts can be seen by friends of a friend on some sites. There are entire sites dedicated to shaming people for emails and Facebook posts, so this can be vital.
4. Find out what services track
This includes profiles and search histories. For instance, Google's accounts track what you search. It's not public, but in the event of a breach, if that data's available, it may be become public. Other profiles may sell your data to third parties with an opt-out feature or makes contact information public by default. Be sure to check the settings on new profiles.
5. Remove unused accounts
This can be time consuming. Closing out social media accounts can be difficult, even when owned. Accounts like Steam, iCloud and others with paid content associated with it can be even more difficult to actually close. Occasionally, it involves contacting technical support rather than being automated through the site. Simply removing any personal details and removing posts associated with it can be a less stressful solution. The benefit of fully removing it is that it reduces the number of records companies keep which provides a small measure of protection if the company's security is breached, but it may not be worth the effort. Keeping a shell profile also helps prevent impersonation on social media platforms.
6. Use Trusted Devices and Networks
Don't sign into any services you use on public machines. Similarly, avoid insecure networks and networks provided by unknown sources.
7. Keep up to date
When creating a wireless network, use WPA2. It has known flaws, but fewer than the protocols prior to it. Never create an insecure wireless network. Update the OS, security software and software which allows access to the computer (screen sharing, file sharing) regularly.
8. Remove unneeded networked programs
If there are unused screen sharing or file sharing programs functions which are on the computer, remove or disable them. It's like leaving a door open.
9. Use Encryption
Encrypt valuable data. This may mean encrypting a single file or an entire drive. Use care when applying extensive security measures; forgetting a firmware password can be an expensive mistake. Encrypt backups, especially if networked. Always have an administrator password on the system.
10. Have a password strategy.
Password management programs can create unique passwords for every online service, but create a single point of failure; if a flaw is revealed in the program's design and exploited, every service associated with it is catalogued and compromised. The alternative is creating passwords personally. There are actually a lot of bad ideas when it comes to passwords. This guide has advice for creating good ones. Use two-step verification when available. Update passwords when there's evidence of a breach.
11. Email Passwords should be Unique
Email passwords should always be unique. Many online services send emails to reset passwords and many use the email itself as a login ID. That means if a compromised service has the same login and same password as the email associated with it, both the service and the method of recovery are lost in one stroke. Email security is very important because email has become a central hub.
12. Have a Security Question Strategy
Security questions can present a security flaw if the answers can be found in public records or the answers are too simple. There aren't so many car brand names they can't be guessed. The answers don't actually have to be related to the questions, so anything can be entered as long as it's remembered and can't be guessed. The intersection of those two represents security.
13. Split secure and insecure activities
Have a device or browser for secure transactions like social media, banking or email and another for general browsing. This puts distance between secure information and some threats. It can be slightly more secure than browsing in an incognito window. It's not foolproof, especially if the devices are on the same network, but it can prevent easy mistakes, like allowing a bad app access to your accounts with two misclicks.
14. Practice Vigilance
Google and other secure accounts track how often the accounts have been signed into, what IP address was used, what browser was used and when. Periodically view this information to ensure there are no breaches. If your friends mention receiving an email or seeing a post you don't remember, those accounts may have been breached or given access permissions to an unsavoury app. This article goes into more detail about other kinds of threats.
All that being said, this should be treated as maintenance. No security system is perfect and attempting to create one is more likely to lead to madness than anything else. The consequences of insecurity, careless social media and an untrimmed history online may be embarrassment or identity theft. Fear's a potent motivator, but it leads to bad decisions. Not every security measure is worth the hassle, but some, like a good password and setting up privacy on Facebook, absolutely are. Treat security and social management as a necessary chore.
Image Credit: Perspecsys Photos