BABY STEPS IN DATA PROTECTION

Recently Nicole Perlroth, who covers cybersecurity and privacy for the New York Times, sat down to be interviewed by one of her own colleagues. The interview covered some ground on how readers can protect their own data. Let me list her main recommendations. Wherever possible, I will provide my reasoning on why she may have recommended a particular step:

DOs AND DON’Ts ON PERSONAL DATA PROTECTION

Do not hand over email or Birthdates to retailers.

My take: This may sound a bit harsh. Sometimes retailers may wish to forward a copy of the purchase receipt to your email ID. At other times, they may want to start your Rewards Programme account. There is no denying the convenience. But the worry is can retailers keep your ID safe? Very often, an account or card verification process may start with you being asked to verify your email ID. If someone had harvested your email ID from a retailer, you are providing an easy first step for the criminal. A workaround would be to start a separate email ID just to service retailers, which you won’t link to anything else.

Stricter standards should apply to providing Birthdates.

My take: Sometimes a retailer may ask for your birthday to offer special discounts. The intention may be harmless. But if the retailer doesn’t keep your data safe, you will be unnecessarily exposing yourself to cyber criminals. There’s no workaround here. Simply avoid providing your birthday details to a retailer.

Don't use debit cards unless you are at a bank. Use your credit card when you can, instead of your debit card.

My take: This appears to be another harsh prescription. But she may have recommended this because there’s more protection for credit card misuse from the card issuer. In debit cards, you withdraw money directly from your bank account. It is more of your risk than that of the card issuer. Therefore, the protection offered may also be less.

Do not use self-checkout systems at merchants, because those are often the first place hackers will scan.

My take: The self-checkout system seems to be a feature in the West than in India. In self-checkouts, staff supervision is less. This may have drawn the attention of criminals to such checkout lines. This year’s breach at retailer Home Depot in the US, involving stealing of personal data of 56 million customers, began by criminals infecting the company’s cash registers with malware. So checkout lines are very vulnerable to attacks by criminals.

Use long, complex passwords. Do not use the same password across multiple accounts.

My take: Too many studies have come out about the unfortunate popularity of useless passwords. Time spent in creating strong passwords will save you a ton of trouble.

In her book Online Reputation Management for Dummies, Lori Randall Stradtman has given a simple way to create strong and safe passwords.

I recommend it. Here are the steps given by Lori:
<<
1.)  Brainstorm for a minute on a sentence or phrase that has some special meaning to you.             (However, try not to choose one that’s really popular right now.) For example:

• A favorite song lyric

• A line of poetry

• A movie quote (my favorite).

Let’s use ‘All we are is dust in the wind’ as an example.

2.)  Convert your phrase into an acronym. We’re using ‘All we are is dust in the wind,’ so the           acronym is ‘awaidinw.’ It’s just the first letter of each word.

3.)   Substitute at least one letter with a number. With ‘awaidinw,’ it may look like this:

• awa1d1nw (the letter i is replaced with the number 1)

4.)   Substitute at least one letter with an upper-case letter. Our password in progress could            look  like this:

• awa1d1nW (the last letter, w, gets capitalized)

5.)   Substitute at least one letter with a symbol. Our password in progress could look like                this:

• @wa1d1nW (the first letter, a, is replaced with @)

Congratulations! You’ve just created a password that’s 1.34 tresvigintillion more times, or               1.34  trillion trillion trillion trillion trillion trillion times stronger than your chance of winning           the lottery. Please don’t use this particular one! Now that I’ve described, created, and                     published this password, it is no longer a strong choice. Come up with your own!
>>
Got it? Now go ahead and create your own passwords using this method, but make sure you do not use the same password for many accounts.

Use two different web browsers — one for email and bank account, the other for eCommerce and general web browsing.

My take: No comments.

Switch on two-factor authentication wherever u can.

My take: This is as simple using a debit card and its pin while doing an ATM transaction. The right debit card is the first step, and the right pin is the second step. Many email service providers now allow two-step or two-factor authentication. Make use of it to keep your account secure.

For instance, to authenticate your Gmail Account, simply sign in and go to your Accounts section by clicking on the link seen under the icon in RHS top.

Once there, please click on Security and then say Enable to 2-Step Verification. Enter your mobile number and click for the 6-digit verification code from Google to your mobile phone.

Once you have entered the code, your computer is verified for the particular Google Account. Only when you log in from another unverified computer will you be asked again to authenticate using the code sent to your mobile phone. You can also add other computers to the safe list. Please add this additional layer of safety to your email accounts as an insurance.

Put masking tape over the webcam on your computer.

My take: You may be surprised to hear this recommendation from the cybersecurity expert at The New York Times, but I am voting for it. There have been too many instances of criminals hacking into webcams and leaving people in grief. Laptop manufacturers sneaked in this ‘innovation’ without taking buyers into confidence. It pays to be careful. Cover the webcam with a masking tape whenever you are not using it.

Someone can use stolen data for identity theft and tank your credit score.

My take: Credit scores are very important for individuals in developed countries. In India too, credit-rating agencies no play an important role in assessing the loan-worthiness of individuals. Keep your credit cards and online identities safe. Let no one misuse it and cause harm to your reputation as a trusted borrower.

Hackers are actively selling medical records on the black market. Someone mayyou’re your medical identity and pollute your lifetime medical records.

My take: This advice is more relevant to consumers in developed markets where medical records have been extensively digitized.

Recommended tools by Nicole Perlroth:

Wickr, a mobile app that encrypts and self-destructs messages.

Silent Circle, software which allows encrypted phone calls.

My take: These tools could be more relevant to developed markets.

e.o.m.

---