Today at work I was lucky enough to attend an InfoSec session, and the speaker was very knowledgeable. The target audience was a less tech-savvy crowed, and mainly focused on teaching the basics of how to avoid the “human” factor in getting taken advantage of on-line.
One of the things that came up, is something I’ve been thinking for quite some time. Regarding social media sites and the myriad accounts that most people have. Technology is a great thing, and the access to information we have today is simply amazing, but with all the access, all the smart phones, all the computers, and websites you have also increased your on-line footprint, and made yourself a much larger target for ID theft, Scamming, or any other possible attack.
Some of the points I’ve touched on before:
1. Don’t use public wireless networks
2. On your phone, disable wifi. Use the 3g/4g data, because most phones just connect to an open wireless without warning
3. Be careful what you put on your public facing profiles
4. Don’t simply click links in emails, open your browser and MANUALLY go to the site.
But the final point that finally sank home with me, was regarding Facebook and other sites like LinkedIn. Most people use those sites to connect with “trusted friends”, but don’t stop to think who else can access that information. With the recent hack of LinkedIn, millions of users user-names/passwords/email etc was leaked to the public simply because someone got bored and wanted some excitement (it will be plenty exciting for them in prison, but thats another story). But just think for a second, how likely is it that many of the users that were compromised, don’t log in and use the service? Now their account is compromised along with all the personal information therein and they will never know. It begs the question:
If you aren’t going to use a service, why have an account at all?
The simple answer is, “Don’t” why leave personal information out there? By default most sites will simply only “deactivate” your account, and will still retain all your data. You will need to hunt for the permanently delete, but its there, sites are required to have it, just not required to make it easy.
So today, I finally did what I’ve wrestled with for some time, and DELETED all the accounts I never use. There is no need for extra accounts, if someone wants to reach you, they likely already know how.
Just some more food for thought.