Subscribe

Share

Perspective

12 Steps to a Safer Online Experience

Although you can’t protect yourself against every cybersecurity threat, knowledge is power.

By Amitava Ghosh, Oracle Insight

January 2018

In today’s environment of distributed cloud-centric experiences, we are no longer in total control of our personal data. It seems that every few weeks, there is news of another massive cyberattack in which the data of millions of users is stolen.

In addition to data theft, a number of other trends are affecting the way companies and individuals conduct themselves online. Here are just a few examples:

  • Instances of virtual impersonation are becoming more common and more sophisticated. This year, more than 1 million users downloaded a copycat version of a very popular messaging app before it was discovered and removed from the Google Play Store.
  • As digital experiences get more entrenched in our lives, the impact of an internet Armageddon becomes scarier to think about. Recently, Hurricane Irma and Hurricane Sandy caused major outages in different parts of the US for long durations. How would your life be impacted if you couldn’t access the internet for a few days?
  • Financial transactions and investments are increasingly becoming entirely digital with no recourse to equivalent analog opportunities. According to Statista, in 2021, near-field communications and other contactless technologies are projected to generate close to US$190 billion in transaction value. The leading cryptocurrency had a peak return of 18 times against the US dollar this year.
  • Governments, regulatory bodies, and communication service providers across the world are increasing surveillance on citizens to prevent suspected money laundering, technologically advanced terrorist attacks, and cyberfraud.
  • As the use of OAuth (an open standard for authorization) increases, the consequences of security breaches are increasing as well. Third-party entities (and possibly their employees) can access personal data linked to the main OAuth account. If your main OAuth account is hacked, the data compromised across dependent sites can be huge in volume and severe in nature.
Amitava Ghosh

Amitava Ghosh, Oracle Insight

Although you can’t protect yourself against every threat on the internet, knowledge is power. It’s possible to learn from these events and trends and do better. Here are 12 best practices all internet users should be aware of in order to minimize security risks and the impact of breaches.

1. Compartmentalize your work, social, and purchasing lives on the internet. Ideally, everyone would have three separate devices—one for work, one to connect with friends online, and one for buying and browsing over the internet. For most people, this is not feasible. The next-best thing is to use distinct browsers, sessions, and email addresses, so that a breach would cause minimal impact on the rest of your life.

2. Identify your most sensitive personal data and defend it vigorously. Some examples include using multifactor authentication for important accounts and not saving email passwords or credit card details in your browser’s cache or on mobile devices. It’s less convenient, but greater security often involves a few extra steps.

3. Focus on the message and potential consequences, not on the messenger. If a long-lost friend suddenly emails you about a deal that sounds too good to be true, it’s likely that someone sinister is interested in your data and money. Just clicking the link they sent can open you up to potential loss of personal data. The simple approach is to verify all links before clicking them—if you don’t recognize the URL, don’t click.

4. Do not try to verify whether your account has been hacked. If the news of a corporate data breach reaches you, and some other website or app is offering to verify whether your account is still safe, sidestep the bait. Instead, reset your password on the site itself and enable stronger, multifactor authentication.

5. Review app permissions at a granular level and grant them minimally. One way to minimize the risks associated with OAuth is to grant app permissions on a need-to-work basis. For example, the caller ID app you’re using should not have rights to know your location or to capture the device screen at random times. This is applicable for every update cycle. Spending a couple of hours every quarter on reviewing app permissions in each device is worth the effort.

6. Be aware of and use authentication best practices. Enable multifactor and biometric authentications whenever possible. Do not reuse the same password across sites. Do not store the passwords for auto-fill in any of your devices or browsers. Personally, I am not a big fan of password managers, so I try to attach a version of the site name before or after the core password string. Here are some examples of what you can do:

gmail_$WMyMailPwd$
$MyMoneyCode$_Citibank

For certain extreme cases, where logins are infrequent but the stakes are very high (such as a securities account with high holdings but rare transactions), I deliberately do not try to remember the passwords. Instead I reset them for every use and embed a date-of-use string (for example, 01152018) somewhere within the password.

7. Limit the use of digital wallets and transfer money to them on an as-needed basis. Use a few digital wallets that are accepted at a wide number of merchants, such as PayPal or Apple Pay. As often as possible, load wallets with the necessary amount just before a transaction.

8. Invest in cryptocurrencies only what you can afford to completely lose. While the returns are eye-popping, the regulatory, technological, and economic risks are yet to be appreciated fully and can be very dynamic.

9. Remember the physical-life analogies for determining acceptable digital behavior. When in doubt, consider whether it is acceptable to do the same thing in the “real” world. Would you allow an unfamiliar photographer to take a photo of you at that particular private moment? Would you share your entire address book with an unknown marketer at your first meeting?

When in doubt, consider whether it is acceptable to do the same thing in the ‘real’ world.”

10. Periodically review apps on devices and IDs on websites visited. Delete apps, bookmarks, and cookies that are not useful and seem dubious. If you haven’t used an app or web service in three months, it is unlikely that you still need it. Streamlining guards against surreptitious changes in those apps or pages and against any malware that they might secretly download.

11. Stay loyal to fewer aggregator apps and web services. This will ensure that data and financial loss are minimal in the event of a breach. Some people use multiple aggregator apps to do the same thing—for example, Expedia, Hotels.com, and Kayak to book travel. Try not to use more than two or three aggregator apps for the same thing. More well-known apps are likely to be used by more people, more scrutinized for weaknesses, and consequently more fortified against vulnerabilities.

12. Keep the analog alternatives available. Always have some cash on hand. Know the areas you frequent well enough to navigate them without a GPS system. Remember the phone numbers of close family and friends. Besides preparing you for worst-case cyberscenarios, it might keep you rooted in the real world.

The internet, with its ever-expanding capabilities, reach, and bandwidth, is opening us up to new experiences and a better quality of life. With a few security-minded steps, we can better safeguard against its risks.

Action Item

The Benefits of IoT and Blockchain for the Supply Chain

Special Report: Security

Photography by Hans-Peter Gauster on Unsplash