Earlier this year I attended a workshop at AFCEA’s West13 conference lead by Jeff Moulton, principal research associate at the Georgia Tech Research Institute. He shared his “Seven Habits of Highly Secure People.”
Moulton pointed out that as humans, we all function in different ways with different habits. “Everyone in this audience goes about their daily functions in a different way. Cybersecurity needs to be seamless and it needs to be integrated,” he said. “The rest of my presentation is designed to show you some techniques to help you get there from here.”
Fear the Dumpster Diver
“Dumpster divers, you’ve all heard that term before, what are they looking for? They’re looking for cancelled checks, bank statements, pre-approved checks, those types of things,” he continued. “Identity thieves will hack into your computers, but believe it or not that is not the number one way of gaining information. People think it is, but it’s not.
“ID thieves will actually file a change of address form in your name and divert the mail to another account that they manage so that they can gather personal and financial data on you. These are tactics, techniques, and procedures that the FBI and criminal investigative people we work with see every day. Most of which are probably unknown to most people.”
Protect Your John Hancock
So what exactly do identity thieves want from us? According to Moulton, most identity thieves want our credit card payments from our curbside mailbox. “If you mail your credit cards and your bills in a normal conventional mailbox that’s at the end of your driveway, you’re opening yourself up to serious exposure,” he said. “Identity thieves are looking for checking account information, routing numbers, bank names, and most importantly they want to see a copy of your signature.”
Simplify Your Risk Equation
Moulton warned against having too many people with too much access in your online life. “How many people are involved? Just you? If it’s all about you that’s one thing, but if you have a spouse, children, parents, neighbors, nanny, etc. that work with you or connect with you or communicate with you online, they are a part of the risk equation.”
Reduce Your Digital Exhaust
Moulton suggested we all take a long, hard look at what he calls our “digital exhaust.” Our tweets, our Facebook posts, almost everything we do on social media sites make us more vulnerable to identity theft. “Do you know what you look like online? Does anyone know about the website spokeo.com? For $2.95 I can tell you everything about you for the most part.”
Moulton warned that a simple Facebook post or tweet could let thieves know when you’re most vulnerable to attack. “If I want a rundown on you, I’ll just go out to Facebook, and 9 out of 10 people are putting stuff out there they shouldn’t,” he said. “Don’t post your address, don’t post family pictures, and don’t put your calendar out there. It’s just incredibly easy for bad people to take that information and use it against you. Check and understand what your digital exhaust is and limit that fume.”
Power in the Password
No cybersecurity plan is effective without good password habits or what Moulton called “good social hygiene” throughout his workshop. “Size matters in passwords folks. An 8-character password is better than a 4-character password, but it’s not as good as a 16-character password,” he said. “Do not use the same password for every account. How many of you have multiple online accounts? I’d argue that probably half of you have the same password for all those multiple accounts. How secure is that?”
He also warned against keeping a list of accounts and passwords. “Going to Microsoft Outlook where you have your passwords listed in your contact folder. How many of you do that?” he asked. “Not so bright.”
Moulton suggested turning on the password feature on for all of your devices, including cell phones, iPads, iPhones, and computers.
Have a Plan Of Action
Moulton stressed how important having a plan is when identity theft does occur. “People like myself who live in Florida, we know we’re in hurricane prone areas. We have a plan to evacuate in case of a hurricane,” he said. “Corporations are required by FISMA (Federal Information Security Management Act) to actually have disaster recovery response plans.
“You should have a disaster response plan too. Just go ahead and plan for this to happen, and you will be much better off,” he added.
According to Moulton, creating a disaster recovery plan is not difficult to do. Knowing what to do and who to contact is imperative. “It’s very easy to do. Get a listing of all of your accounts, the banks, credit cards, the issuer information is all important,” he said. “Do you know what your fraud department numbers are? If you lost your visa card tomorrow, how long would it take you to figure out who to call, what to say, what the credit limit was, what’s the number on the card, what’s the expiration date, what are your current balances, and what’s even the number to the fraud department?”
Securing The Credit Card
While not a fan of online shopping, Moulton did have some tips for making it as safe as possible to keep your identity secure when you do shop online. “If you shop online, and I don’t advocate that, but if you do, only use one credit card,” he said. “Most importantly get a card with fraud protection. Use that card and only that card when shopping online.”
“If it doesn’t say “https” at the beginning of the URL, do not put your credit card data into that web site,” he continued.
For the real world, Moulton suggested writing “See photo ID” on the back of your credit cards. “That’s two-factor authentication in its simplest form. Do not sign the back of your credit card,” he said. “Identity thieves can steal something from your mailbox and know what your signature looks like but theoretically you’re using two-factor authentication. This one extra step has very little impact on you but is a very good personal habit that will help protect yourself.”
Moulton noted that despite having “See photo ID” on his own credit cards, that 9 times out of 10 the business never asked to see his ID. “That’s problematic in itself,” he said.
In closing, Moulton stressed how important just a few changes to our daily lives could be when securing our identity from theft. “By taking these steps, which will require some modest changes on your part in your daily life, you will have greater peace of mind that your identity is safer,” he said. “These are easy things that you can do, and even your kids can follow these. You just have to set them up and live by them every day. These very small, very minor adjustments to your daily habits can help protect you from identity theft – tried and true.”