In the wake of the recent Facebook breach and other high-profile cyber incidents, cybersecurity experts are predicting that we may see aftershocks and secondary breaches for many years to come. How much personal data was stolen, and how it will be used by cyber criminals, is still unknown. However, we can assume that the information will be used in malicious ways. Cases like this show why it's critical to vigilantly protect your online identity by controlling the amount of personal information about you that is available online.
What is an Online Identity?
Cyber criminals can easily develop a profile about you by collecting personal information that is available in many online locations. This profile can then be used to exploit many areas of your personal or professional life, and may be used for identity theft.
Where is Your Personal Information Stored?
Before you can protect your online identity, you first need to know what information about you is available online, and where.
Remember Friendster, MySpace, WebKinz, WiiChat, NeoPets, FarmVille, and countless other sites you once used but have long since forgotten? These sites live on — along with your personal information — long after you have moved on to the latest popular site.
You've most likely been giving away information about yourself for years through social media, professional networks, and ancestry sites. Practically all of the answers to common security questions can be found on these sites, including:
- Social media sites (Facebook, Twitter, Snapchat, Instagram): Your birth date, email address, home city/state, interests/hobbies, favorite food, places frequently visited, vacations, life events (wedding, births, deaths), photos, relationships, and your conversations with friends and family.
- Professional network sites (LinkedIn, career sites): Your birth date, phone numbers, photo, email address, work history, education, skills, professional affiliations, certifications, languages spoken, and your professional associations and connections.
- School and classmate sites: Your education, school names, hometown, nicknames, friends, and connections.
- Ancestry/genealogy sites: Your birth date, family members, maiden name, hometown, birth city.
- Internet public records, maps, newspapers, and White Pages: Your address, previous addresses, phone numbers, property tax records, property value, pictures of your home, criminal records, court ruling, bankruptcy data, obituaries, weddings/marriages, and legal filings.
How to Protect Your Online Identity
Treat your personal information like cash: don’t give it away freely. Here are some ways you can control the amount of personal information about you that is available online:
- Follow password best practice recommendations and never reuse passwords. Access controls may be the last line of defense, so use unique complex passwords for each site and multi-factor authentication wherever possible. See our password strength best practices
- Keep systems and software updated with the latest versions and security patches.
- Perform a cleanup of the sites you use on a regular basis and reduce the personal information you make public. Review and implement privacy settings to minimize who can view your information. Revisit your old favorite sites to remove personal information or delete the account entirely.
- Opt out, delete private information, and remove listings from as many sites as possible.
For More Information
For more cyber safety tips and resources you can apply at work and at home, see our Cyber Awareness Resources page. If you have any questions, please contact your regular ACA Aponix consultant or email us at email@example.com.
About the Author
Raj Bakhru, CISSP, is a Partner at ACA Aponix, the cybersecurity and IT risk division of ACA Compliance Group. ACA Aponix focuses on independent, holistic technology risk assessments and advisory services for financial firms. It also performs vendor due diligence, penetration testing, phishing testing, staff training, and information security policy build-outs. Prior to ACA’s acquisition of the firm, Raj was Chief Executive Officer of Aponix Financial Technologists, which he cofounded. Before that, he led firm-wide software development and was part of the founding team at Kepos Capital, now a $2 billion global macro quantitative asset manager. Prior to Kepos, Raj served as a Vice President at Highbridge Capital, where he led the team building the firm’s proprietary order and execution management system. In addition, he previously worked on research and cross-asset-class algorithmic trading algorithms and software systems at Goldman Sachs Asset Management’s quantitative hedge funds.
Raj earned his BS from Columbia University in Computer Engineering and has received his CFA charter and his CISSP designation. In the course of his career, he has been frequently quoted in Ignites, HFMWeek, MarketWatch, The Cybersecurity Law Report, and other industry-leading publications on information security in financial services.