Article written by Cynthia Hetherington, President of the Hetherington Group, Robolliance Expert
In Part 1 of Opt-out Online, entitled Recognizing and Removing Personal Identity Found Online, we talked about finding and removing sensitive personal information from a litany of databases and open source sites. In this issue, we emphasize that an ounce of prevention is worth a pound of cure. Just as robotics added to physical security and surveillance guards infrastructure, people acting on their own behalf to stay off the radar of online predators is proactive prevention against the unknown.
Preventing your information from becoming public
How can we prevent information from going online in the first place? Much of the advice is cause-and-effect and here are some examples:
• Have all of your postal mail sent to a United States Post Office Box or your office address.
• Unlist and unpublish your landline phone numbers; check with your mobile service company to find out if they sell their subscribers information and how to optout of that list.
• Mail a written request to all your credit card companies and personal banking institutions requesting your personal information be removed from third party marketing or partnerships. Be on alert for any privacy notices mailed from your credit card vendors and insurers, and read those notices-be aware of their policies and updates to those policies.
• Do not fill out and return any warranty cards; instead, save them with the original sales receipts. Provided you have both items in-hand when filing a warranty claim, the store must honor your warranty. Otherwise, you would see “due by” dates on warranty cards, which you often don't.
• Do not use your own name for magazine subscriptions.
• Obtain your credit report annually, and subscribe to a monthly credit agency reporting service (such as Experian, Transunion, or Equifax).
• Stop sharing information and Liking posts online in unnecessary scenarios such as social networks.
Protecting and Removing Information Found Online
When you come across personal information such as a postal address, family member's name, personal account information, or social media posts naming you and your family out on the Internet, available to even the most casual of online searchers-and you are bound to-it's time to start opting out of these company resources.
Below are some tips and Web site resources to help you control, even in a small way, the personal information that can often be readily available to the public on the Internet.
• Conduct an online security assessment to understand the breadth and depth of damage. On a regular basis, run your name through Google, Pipl, and other search engines to monitor where your name is being mentioned online.
• Contact your credit card companies and request removal from third-party marketing lists. The FCRA requires credit card companies send such an opt-out option every year, however, buried under legal jargon and interest rate updates in these mailings, the opt-out option are easily missed by consumers.
• Register all your phone numbers with the National Do Not Call Registry to remove yourself from popular telemarketing lists.
• Opt out of Public Records Data Vendors. Refer to the chart of information (coming in Part 3) and follow the detailed removal procedures for each vendor. Some of the vendor sites will ask for verification of your contact information which may be uncomfortable but is necessary to have your information removed.
• Stop oversharing information online in social networks and blogs-this also applies to your children; educate them on this matter.
• Secure your online space, as well as that of your family's; make sure everyone's account is set to private. When you allow anyone in, you are essentially giving them open access to your data. Think about it.
• If someone is posting inappropriate comments about you or your family on a social network service, report the abusive behavior to the social network's account security (for example, the “Report” link in Facebook and LinkedIn).
• When you do come across an upsetting personal online posting, resist the temptation to retort. Do not reply. Antagonizing a bully will only give the bully what he or she wants: attention. If you ignore the bully, he or she will most likely move along to another, more interactive, target. If you ignore the bully and the rant does not stop, will not go away, or becomes a personal threat, contact the appropriate authorities. If you are the appropriate authority, or have contacted the appropriate authorities to no avail, contact a professional service firm to assist you with the matter.
Old Fashioned Identity Theft with an Online Twist
Losing your identity to online theft is a serious-and all too common-concern. With malware and viruses so covertly blended into today's everyday modern communications tools, even a software engineer might get duped into identify theft from the most benign looking email. The prevalence of online identity theft is indeed significant, but do not overlook the traditional venues-the places where you regularly use your credit card. It is sadly almost predictable how often private, financial information will likely be compromised (hacked) from point-of-sale equipment in the commercial establishments you recently patronized.
Where Should We Be Watching?
It's ironic that we fear losing our identity to theft in the online financial services we use-our credit card and bank accounts-and yet give no thought to the personal information lying open in our social network profiles. In truth, the established online financial and commerce systems are some of the most trusted sites available, using multi-layered encryption software to protect our financial transactions. Of course, no one system is absolutely impenetrable, but why should a cyber-thief battle multi-layered encryption software to steal your credit card information when the open Internet itself offers up so much more easily attainable information?
Today, an identity thief need only turn to the personal profiles posted in social network sites, like Facebook, Instagram, and LinkedIn, to capture key information about a targeted individual. A full name (even maiden name), date of birth, and current home location gleaned from an open social network account are sufficient data points for a thief to start creating a fraudulent profile. In fact, LinkedIn, the working professional's social network workhorse, holds a veritable goldmine of personal information for identity thieves. Consider this: LinkedIn requires its users to post schools attended and jobs held with corresponding dates. Now, layer on the personal details gleaned from LinkedIn-linked colleagues and friends in the network and you can rather easily crib together a good list of controlled answers for most challenge questions-those security questions used to prompt for a forgotten password.
It's not impossible to lose access to your personal Web-based email account simply because an identity thief was able to hijack the account by answering the security challenge question. After gleaning the information from open source search engines, or from unprotected social network profiles, the security challenge question can be mere child's play for a savvy identity thief.
Online Prevention and Caution
So, how can you go about securing your online information from identity theft? Below are some tips to follow and Web site resources to use to help shield you from online identity theft.
• Monitor your name by setting up Google Alerts and Biznar Alerts on your own name. If anything is said about you-either in a social network or elsewhere online-these services will send you a notification via email.
• Tweak your memorable word (in a memorable way, of course) that answers your challenge question. For example, if your first dog's name was Java, use the word coffee as a challenge answer and memorize that tweaked word. Or pick one obtuse word, such as rollerblade, to answer every challenge question and, again, memorize that obtuse word.
• If someone you haven't communicated with in decades tries to contact you in a social network, ask them your own challenge question: “Hey, do you remember Jorge Beale getting stuck at the top of ropes in gym class?” The question can be honest or you can make one up. Pay more attention to the answer-does it seem authentic?
• Be discreet online. Do not publish your life story on social networks. Your full name and the general vicinity of your residence are sufficient. The simple steps of combining information from LinkedIn with information gathered from online directory databases, such as Intelius (www.intelius.com), will allow an identity thief to quickly locate your home address-if not other identifying information-for ill gain.
• Request your personal information be removed from online directories.
• Most importantly, work with your family to learn to minimize the points of exposure of where you are found on the Internet. No mentions of Mom's deployment, Dad's late night shift, the family vacation, soccer practice, or any other time or location sensitive information that will easily pinpoint when and where you will-or will not-be.
Social Media: The Enemy in Your Home?
Reconnecting with old friends, networking with colleagues and clients, even finding long-lost loves, are now all real possibilities with information from social networks-networks accessed all day, every day on a global scale. No extraordinary effort and, more importantly, no extraordinary talent or intelligence are necessary. With plug-and-play social network applications you simply fill in the blanks to answer a few questions, and you are now participating in, and part of, a global network.
In the past, when Web sites were developed and maintained by a select few, those unique participants were the only authors of what happened online. Today, anyone and their grandmother can start sharing their thoughts and photos online through easily-accessible social networks. And they do.
But with ease-of-use often comes lack of control. While people are reuniting, connecting, and sharing in online social networks, the dark side is also online-fermenting a space in which gangs are tweeting amongst one another, terrorists are propagandizing and recruiting, and criminals are trolling for target homes to pilfer as owners announce in their social networks, “We're on vacation this week!”
That which was once a medium for the few is now an open market for any and all users-good, bad, indifferent, and sometimes downright ugly.
Everyday Joes and Janes-millions of them-once content to surf the Web and email their friends as their primary Internet activities are now using social tools like Instagram and Twitter to keep everyone apprised of their minute-to-minute lives, often in the most intimate detail.
Online technology has also reached the young and innocent among us who are easily and readily adapting to the technology. For the young, there is no division between their real lives and their online lives. Their physical-world lives are also their online lives-with no filter. Young users will say and do pretty much anything online. On the other hand, adults and seniors are also participating in online social networks, but, unlike the younger set, these more mature folk, who grew up in an era of discretion and modesty, are not as open in their online social network postings. In general, younger people will join social networks freely; adults will exercise some modicum of caution before sharing their lives online, despite the occasional errant CEO sending out a random damaging Tweet, or unpopular image via Vine.
People joined (or friended or linked) on social networks have the opportunity for quite a bit of contact with one another-and those people actually care about what is said. These shifts can initially be unsettling for the first-time user. In the physical world, good or bad news would be shared over the telephone or spoken in person to a few close friends. You wouldn't walk into the mall and announce that you just finished a load of laundry or that you were staying home with a sick child that day. Doing so would seem awkward and inappropriate. And, yet, in online social networks such as Facebook, it often seems like the social norm to mention these details-in fact, doing so almost seems to be a social obligation.
In an environment of such relatively uninhibited, open communication, it isn't long before overzealous opinions, little bits of rage, drunken rants, and other embarrassing entries get posted. The user could be upset, deranged, or overjoyed, and his or her natural reaction is to share the emotion-and often that sharing takes place on their social network. Friends don't let friends drive drunk, right? Consider taking not only the keys away from that person, but also the keyboards.
Sharing your thoughts and activities online in and of itself is not a problem. The problem comes when users forget that everyone in their social network is reading their online post. So when you post something in frustration about your boss, coworker, spouse, or friend, remember that the boss, co-worker, spouse, or friend-and all their networked friends (and all of their networked friends)-may also be reading your posts.
Want examples? Go to the Web site Social Mention, which monitors over 80 social media networks, including Twitter and Facebook, and search on the following phrases (use the quote marks): “hate my boss,” “cheated on my husband,” or any other such confessional phrase to search public social media postings. View the results. Are you now having second thoughts about using social media with abandon?
What Not to Do in Social Media
Do not write in a fury
If you are angry, inebriated, or simply have a big secret that you are itching to share, that is the time to step away from the keyboard. What you think is hysterical or outlandish now might only serve to embarrass you, the poster, later.
Do not ignore the privacy controls or updates
Every application and online service offers customization for your profile and privacy. Use it. For example, on Facebook, limit your account access by setting who can view your posts to Friends, Friends of Friends, or Only Me. Do not enter contact information, such as your phone number and residential address. Restrict access to your photos, birth date, religious views, and family information, among other things. Give only certain people, or groups of people, access to those items, or block specific people from seeing them.
The Terms of Service for apps and social media services changes constantly. Keep up with any notices that changes have been made to the security and third-party access permissions.
Do not post your child's name in a photo caption
Do not use your child's name in photo tags or captions. If someone else does, delete the name's tag by clicking on the Remove Tag option. If your child isn't on social media and someone includes his or her name in a caption, ask that person to remove the name. Do not share online the details of your child's life. Your child's sports practice, such as soccer, is likely on a regular schedule, which can be easily tracked by a predator reading Facebook profiles.
Do not mention when you'll be away from home
When you tell your Friends through social media that you are not going to be home, you are inviting criminals who are trolling Facebook profiles-especially unsecured profiles-to your then-unoccupied house. Keep in mind it takes only a few minutes to rob your home, or harm your family. Even a mention of a quick run to the store is unwise.
Do not use a weak password
A secure password should have a minimum of eight characters. Use a knucklebreaker password: one that requires upper and lower case letters, in combination with numerals and symbols. Avoid simple names or words that can be found in a dictionary as a password. Even with numerals tacked on the end of the word, these are not secure passwords.
Do not put your birthday in your profile
Your birth date is an ideal target for identity thieves, who could then use the date to obtain more information about you, potentially gaining access to your bank or credit card accounts. Do not put any personal identity information about yourself in your social media profile accounts.
Do not let search engines find you
To help prevent strangers from accessing your Facebook page, go to the Search section of Facebook's privacy controls and select “Only Friends” for Facebook search results. Be sure the box for public search results is not checked.
Do not permit your children to be on Facebook
Keep your children off of Facebook; really, they won't care. Most young people are now using social media other than Facebook (such as-as of this writing-Ask.fm, Instagram, Twitter, Snapchat, Burnbook, and Yikyak). Kids create a Facebook account to please their parents; but at the same time parents need to keep up with their kid's social media activities. Get in the habit of having your child part with his or her smart phone each night so the phone can spend the evening recharging its battery-an excellent opportunity for the parents to monitor their child's social media profiles.
Do not friend your employer
Sure, it seems like a great idea to Friend your boss-that is, until you decide to rant about how much you hate working overtime or you post photos of your day at the beach (um, the same day you called into work sick).
To wrap up...
With all of the caveats, it seems ideal to delete all social media accounts, unplug all the appliances, and move to a desolate part of the world where you can live off the digital grid. However, being completely offline is much more suspicious than being online and oversharing every blessed detail of your life.
When it comes to your social media presence, create a minimalist presence with a fresh email address and no valuable content. The profile image should be vague-a skyline, a piece of artwork, a picture of a favorite food, a dog, or a superhero. Do not project images with identifying marks, badges, designations, and absolutely no photos of your children. With such a profile, you might be perceived as dull online, but offline you will enjoy a larger sense of security with the ability to control your online world and the antics those who wish to harm or disrepute you would do.