Protecting Your Identity: A Panel Discussion
Business Solutions We polled a group of industry experts to better understand what identity thieves are looking for, and how you can outpace them to keep your privacy protected.
Bill Stewart
Executive Vice President, Booz Allen Hamilton
Mediaplanet: What are some tips that our readers can use to improve their digital security?
Bill Stewart: Identity thieves and others are looking for easy ways to access your personal information for their benefit. Your information can be used to make money or to create new credit lines. There are even cases of information being used to get health care for someone else. Protecting yourself can seem hard, but common sense can help.
First, make sure you set up passwords or PINs so your devices automatically lock securely. When you pick passwords and PINs, go long and use a password manager to pick unique passwords—especially for email and bank sites. If you can, pick a passphrase like “Wherearemy4keys?” that includes letters, numbers, and special characters. Pick an eight-digit pin instead of an eight-digit pin, and remember that a PIN is just a weaker password (since it’s all numbers).
Then, stay aware. Notice any time you are asked for personal information—whether it’s a social security number or your birth date. Ask yourself if the website, company, or application really needs that information. Look for alternatives that don’t require personal information. When you are shopping or providing information online, look for the green lock symbol and “https” in the address bar, indicating that the site has strong security protections. You can also click on the lock to see more security information about the site. And keep an eye on your bank, credit card, and credit report activity for suspicious charges.
Call your bank immediately about anything you don’t understand or to report suspicious activity. Finally, know the privacy policies of the companies and sites with which you interact. While these may not always answer your questions, they can indicate just how well your personal information is being respected and protected.
MP: Cyber threats have become known as the threats of the future. How do you envision the future of cyber security will combat these threats?
BS: Cyber threats have been around for many years, and they will be around for a long time to come. Moving forward, cyber security will take a two-pronged approach to manage these risks: Predictive intelligence and advanced security systems. Predictive intelligence will use information shared among government and corporations to predict and adjust defensive strategies. This will minimize initial attacks and prevent the same attack on multiple companies.
Advanced security systems will focus on protecting the most sensitive information using encryption and other tools. These advanced solutions will help user-facing applications limit the impact of attacks. Future-thinking organizations will build solutions that anticipate, detect, prevent or minimize the effect of cyber threats. These teams will include broad company expertise to design and prepare for responses to threats before they happen.
MP: With the pervasiveness of social media, how can individuals protect their digital identity?
BS: Social media has become a gold mine for the bad guys, and different threat actors use the information in different ways. A local thief might use your vacation information to rob your house. Criminal gangs might use your information to convince friends to send money. Other attackers might use the information to write convincing emails from your boss to introduce malicious software.
For these reasons and more, you should think about what you put online. Most social media sites make money from advertising, so the more they know about you and your friends, the more valuable their ads can be. You can change privacy and security settings on each site to limit who can see what you post and how much they can see. Think about what information you want to share. Once you post it online, it can be nearly impossible to remove from the Internet.
Dan Shugrue
Director of Security Product Marketing, Akamai Technologies
Mediaplanet: What are some tips that our readers can use to improve their digital security?
Dan Shugrue: The most important piece of advice is the advice that people least like to hear: Use different passwords for different websites, and change them often. If you have trouble keeping track (and who doesn’t?) use a password manager application. There are many good ones on the market. Do your research and leverage one that allows you to use the web the way you normally use it (if you access from several devices, make sure you buy an app that allows you to access your passwords from many different devices).
MP: Cyber threats have become known as the threats of the future. How do you envision the future of cyber security will combat these threats?
DS: Web security has evolved from a “perimeter-based” to a “defense-in-depth” approach. As more applications and sites move to the cloud in order to save money, share data and generally become more agile, so will security. Organizations and individuals will have to carefully weigh the costs and benefits of doing business on and getting their security from the cloud.
MP: With the pervasiveness of social media, how can individuals protect their digital identity?
DS: For starters, we can all make conscious decisions about how much information about ourselves we are willing to share online. The bigger social media platforms are making it easier to control which groups of acquaintances, friends or family see which of our posts. If we are aware and conscious that what “goes up” in the social media age does not necessarily come down, we can be smarter about what we post in the first place.
You might want to ensure that you are limiting who can see your posts to your friends. And only accept friend requests from people you’ve actually met. Another point to remember is that your birthdate is worth money in the underweb or web underground. It is fun to get lots of birthday wishes on social sites, but if you broadcast your birthday for all to see, someone can easily use that information to hack into a personal account—often as a first step towards perpetrating medical insurance fraud.
Davis Hake
Director, Cybersecurity Strategy, Palo Alto Networks
Mediaplanet: What are some tips that our readers can use to improve their digital security?
Davis Hake: The best action individuals can take to protect their online accounts—email, social media, banking, shopping—is to enable two-factor authentication. Typically, after you enter your password you will receive a text message with a unique code that is then required to access your account. This way, even if your username and password are compromised, your account cannot be accessed.
Beyond this, however, people should attempt to limit the amount of sensitive personal information that they store online, as it will only ever be as secure as the organization holding it.
MP: Cyber threats have become known as the threats of the future. How do you envision the future of cyber security will combat these threats?
DH: It is cheaper than ever to launch more attacks of greater sophistication, and consequently more expensive and difficult than ever to detect and respond to them; it is machines versus humans. We therefore need a shift in philosophy to focus on prevention if we are to address this imbalance. There will be a shift towards integrated cyber security platforms that automatically identify new threats and protect your data wherever it lives across your entire ecosystem.
MP: With the pervasiveness of social media, how can individuals protect their digital identity?
DH: Social media has become an incredible way of keeping in touch with loved ones across the globe; however, attackers also use these outlets for reconnaissance on targets. For example, attackers can use information about your family members, job and hobbies to craft detailed spearphisihing e- mails allowing them to hijack your computer and threatening the security of your personal data or your company.
Stuart McClure
CEO, President, Founder, Cylance
Mediaplanet: What are some tips that our readers can use to improve their digital security?
Stuart McClure: Like so many aspects of our personal safety, the first rule of protection is being aware of the potential threats and maintaining high levels of both vigilance and common sense whenever you're online. Collectively, both individuals and businesses often times make it easy for cyberattacks to succeed.
Start off by assuming that you are a target because, in truth, we all are. Take caution on how much personal information you put on Facebook, LinkedIn and other social media sites. Hackers troll those places for information. Be wary of that email with a plausible but still unusual request, even if it’s from a person or a business you know. Think twice before clicking on attachments or links they may contain. Take a careful look at a website URL before you start providing personal or payment information.
Actually do the things you may have heard many times but not gotten around to yet: use strong passwords, keep your machine updated, run preventive security software. Think about what you can do to prevent an attack from succeeding; it's a lot easier than responding to one after it's happened.
MP: Cyber threats have become known as the threats of the future. How do you envision the future of cyber security will combat these threats?
SM: The future is now. Significant cyber threats abound all around us in both our personal lives and in businesses of all sizes. I think it's fair to say that over the past two decades that the sophistication of attacks has grown faster than the technologies used to defend against them, but thankfully that tide is now turning. New, next generation approaches using highly advanced artificial intelligence, algorithmic science and machine learning are now starting to be widely deployed in businesses worldwide, and are proving to be significantly more effective in stopping attacks before they have a chance to execute.
In the 2015 movie "The Imitation Game," the computer industry pioneer Alan Turing said, "It will take a machine to beat a machine," as he built one of the world's first computers to break the Nazi Enigma code during World War II. I believe this insight applies to the future of cyber security as well. The application of ever more technologically advanced computer technologies to cyber security will prevent attacks and form the foundation of future defenses.
MP: With the pervasiveness of social media, how can individuals protect their digital identity?
SM: Start by recognizing that it's not just your digital identity, but your entire identity, and that the information you promote through social media networks is accessible to everyone, everywhere. Social media sites can be rich repositories of information about you for your friends and family as well as those who may have nefarious intent.
Recognize the potential risks of publicly disclosing personal details in such a public forum. Be careful about who you befriend online; they may not be who you think they are.