If Charles Dickens were alive today, he might have purchased “A Tale of Two Cities” at Target as a Christmas gift, renovated his bathroom with vintage plumbing from Home Depot, bid for Victorian memorabilia on eBay and sought investment advice from JPMorgan Chase. In keeping with the vast majority of all adults in the U.S. and Europe, he would likely carry a cell phone loaded with an address book of all his acquaintances. He might even have taken some undignified selfies and stored them on Apple’s iCloud. It could be the best of times. Or, given recent cyber security failures, it could very well be the worst of times.
It may be a flight of imagination to position Dickens in the modern cyber world, but it is deadly serious for all of us. The retail, financial, service, food and tech industries have reported a record number of data breaches this past year: $70 million from Target, $2.6 million from Michaels, $233 million from eBay, $56 million from Home Depot and $76 million from JPMorgan Chase. Compromised information ranges from payment information to account names to photos.
The magnitude of the number of data breaches suggests each one of us has the potential to be affected. How can we minimize the chances of living in a cyber parody of one of Dickens’ cold, dark and bleak novels in which our identity has been stolen and our pockets have been picked?
The answer lies in taking these three precautions: protect your digital footprint, detect when confidential information has been exposed, and take actions to minimize the damage.
Protect
Protecting your digital information is the most important action. Often referred to as “digital hygiene,” it entails identifying information you deem important and taking steps to prevent it from getting into the wrong hands. Simple, low-cost actions you can take include the following:
Make sure the software on your computer is up to date. This includes virus-scanning software.
Curb the urge to install new and exciting applications found on the Internet, especially free ones. These are a major source of spy software.
Only accept removable storage devices, such as USB memory drives, from trusted sources.
Manage sensitive information, such as passwords and other confidential information, with software designed to store data in an encrypted format.
Back up all data regularly.
Use strong passwords, where “strong” means 12-16 mixed-case characters including numbers, lowercase and uppercase letters and punctuation symbols. Make your password easy to remember by using words from a favorite song or phrase. Replacing some letters with numbers enhances the security of the password.
Avoid using public computers when any sensitive data might be displayed or entered.
Own your Web presence by ensuring you post nothing that would compromise your privacy or security. Know your privacy settings on all social media websites.
Be cautious of Wi-Fi connections at restaurants and hotels. Always connect securely through a virtual private network.
Scrutinize email before opening any attachments or selecting any embedded links.
Requests over the phone or through e-mail for user account names and passwords are almost always bogus.
Detect
Masking detection is a hallmark of the most sophisticated attempts at compromising information in cyberspace. Most of industry’s major data breaches occurred during a period of months before being detected. While industry breaches may be out of your control, you can be proactive in being alerted to abnormal behavior that might suggest malicious activity, such as:
Use credit cards from companies willing to send you a text message when the card is used. This can notify you of any unusual activity. It has the added benefit of making you aware of your spending habits.
Check your credit card, phone and bank statements regularly for irregularities. An extraneous $2 charge might go unnoticed for some time.
Notice when your computer runs slower than normal. This could be an indication of malicious software.
Review your credit history on a quarterly basis. This will alert you of any unexpected credit inquiries or changes in credit scores.
Act
Should you be affected by a cyber crime, it is important to take aggressive action.
Find out, if possible, what information has been breached.
File a fraud alert with the credit agencies.
Report a crime, if appropriate.
Alert businesses that could be affected by the breach, such as credit card, phone or financial institutions.
Seek assistance from the company whose security failed. This can range from having the company pay for regular credit reports to having it account for fraudulent transactions made on your behalf. Insist on knowing what information was disclosed, what actions the company is taking and what the company is doing to protect itself in the future.
This day and age demands we be aware of not only our physical assets, but our digital assets as well. If Dickens were here, he might point out that this is the age of cyber wisdom and this is the age of cyber foolishness. With a bit of work, we can be cyber wise.
Umphress is a professor in the Department of Computer Science and Software Engineering.