Practical identity protection you can use
Network World - Is it Christmas already? I'm beginning to receive informative e-mails about evil hackers who want to steal my identity during the dangerous (and ever lengthening) holiday season. As usual the advice ranges from lame to impossible.
I am advised to "avoid giving my credit card online" and to be "careful when banking online" and to use random, complex passwords that I never repeat and never write down. So, as long as I refrain from commerce, stay indoors and have a superhuman memory, I should be fine!
I worry about identity theft and take measures, throughout the year, to defend my identity. So here's some identify defense advice that's actually practical:
* Don't sign credit cards. I sign mine "See ID". Why give a card thief my signature too? It's easier to contest a charge if the person spoofing my signature has never seen it and can't come close to replicating it. It almost backfired once in a taxi in Tokyo. I had to sign the credit slip as Mr. "See ID" so that it matched the card – but hey!* Safeguard your passwords. Don't store passwords in documents or on paper. Use password "vault" software that implements strong encryption. An excellent, multi-platform and open source (free!) choice is KeePass. Store passwords, account numbers, credit card numbers etc. in the password vault. Use the secure clipboard (which clears itself after 10 seconds) to copy the password into your application, thus never typing it for a keylogger to catch. Use the built-in password generator to create truly unique, random and strong passwords. Install on iPhone or BlackBerry for mobility.* Remove Personally Identifiable Information (PII) from your computer. Now that you've safely stored all your sensitive tokens in the password vault above, remove any traces from your computer. The University of Texas has provided the Sensitive Number Finder (SENF) to help with this task. It's a cross-platform free java app that scans your hard drives for Social Security numbers, credit card numbers and such. I ran it for testing purposes, though as a security professional I was sure it wouldn't find anything. Oops! What's that Social Security numbers in a 5 year old tax return sitting there unencrypted?* Encrypt your hard drive. Use the built in OS encryption (on Windows or Mac), or a third-party solution such as the excellent TrueCrypt. This won't protect against Trojans or keyloggers but it will offer peace of mind if you leave your laptop in a taxi.* Freeze your credit report on all three agencies. You will have to unfreeze it before seeking new credit, but who said "convenience" should be the rule with credit? I'd rather have inconveniently secure credit. Equifax, Experian, TransUnion.* Buy a credit monitoring service. I prefer not to give more money to the credit agencies that created much of the identity theft problem in the first place. Identity Guard is a great choice for me.* Buy insurance and remediation for identity theft. Monitoring credit reports is not enough. Remediation is a pain and costly. Many services (including Identity Guard above) offer insurance against losses and assistance with repairing your credit file. A $1 million loss guarantee helps me sleep better.
Defending your identity does not mean hiding under a rock and shopping only by barter (a goat for my eight oranges). The practical solutions outlined here are not too expensive (about $150 a year). They are effective and can be implemented by anyone with just a bit of technical skill.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts