We may have a right to online privacy according to the recent European Court of Justice judgement. But don’t expect that it will be easy to become anonymous online just because of that. It is still very important to protect yourself from danger online. Especially if you are a prominent person like a company director. Here are some simple but important things you should do.
Review your security
Review whether you have existing security risks by checking your social media privacy settings. Who can see your posts?
- If you use Twitter, check whether you are exposing yourself to danger on Twitter using the free service at myprivacyaudit.com.
- And to tighten up your privacy on Facebook, YouTube, LinkedIn and Google use the free privacyfix.com service (with this service take care not to “deactivate” your Facebook account completely as this is an option).
If you need to make yourself findable online for business purposes, then run two profiles: a private personal profile and a public business profile. But do follow the guidelines below on both your public and private profiles. Check your current “findability” status regularly. Google yourself, together with data that criminals might use to steal your information. (If you are doing this on a mobile device make sure your clear your search history afterwards in case your phone gets stolen.) It is also sensible to conduct regular searches for the profile image you use on social media sites using Google image search.
Don’t tip burglars the wink
Don’t post content or a picture on Twitter and Facebook that tells people you are away from home. For instance, if you are an overseas conference then use the company Twitter account rather than your own. Post holiday photos when you get back home. (Follow this rule even if you are sure of your social media privacy settings: your friends might forward content on to third parties, or their security settings might be vulnerable allowing people to see your posts.)
Avoid using services like Foursquare or TripIt that can tell people where you are or when you are going away. If you are going to use them then set up your account with a pseudonym. And disable any geo-location functionality when using social media (e.g. under the Twitter accounts/security tab).
Protect yourself from impersonation
Don’t post any information that could be used to steal your identity. This includes:
- Your birthday (I have an “internet birthday” which I use; because it is always the same then it is easy to remember if I need it to log onto a site)
- Your place of birth
- Any middle names
- Information that banks or ecommerce sites typically use to establish identity (e.g. pet names, primary school, mother’s maiden name)
- Information relating to regular payments you make (for instance if you tell people you go to the gym it is possible that this means you have a regular payment to the gym and criminals could use this information)
Protect your social media accounts
If your social media accounts get hacked then people can use them to contact your friends and potentially extract confidential or risky information from them.
Most of the time people who hack your social media or email accounts will be spammers: embarrassing but not a disaster. But, especially if you are prominent individual, such as the director of a large company, you will be at risk of someone trying to steal your identity.
There are some basic precautions you can take. The most important is to use a strong password: at least 8 characters including lower and uppercase letters and numbers. Make sure you use different passwords for each site. It’s easy to do this with a simple trick:
- Start with the same password for each site: make up a phrase that means something to you like “I love my two boys Caspar and Tarquin” and then use the first letters to create a password: Ilm2bC&T
- Decide on a rule like using the first letter of the site in lowercase and the third letter of the site in uppercase in the second and third position within the password.
So if I chose the password Ilm2bC&T my Facebook password would be IfClm2bC&T and my Twitter password would be ItIlm2bC&T (those are not my passwords by the way!) You can get some more hints about avoiding getting your social media sites hacked in this earlier blog post.
Protect your family
Don’t tell people when you are away from home, especially if there are young or old people at home who might be vulnerable without you.
Don’t post pictures of your children; if you really must then never tag them with their name and avoid anything that might give away their birthday (such as saying that the photo is of their birthday party). And ask your friends not to as well (explain why and tell them they should be protecting their children too).
Make sure your children know not to post personal information about themselves including:
- Name and photograph: make them use avatars instead – even when they think they are talking to friends (no one knows you are a dog on the internet…)
- Address and home phone number
- Personal information like birthdays and the name of their school
- Any “home alone” status on social networks.
At least up to the age of 16, monitor what they post and who they communicate with. I believe it is your duty to care for them in this way, even if it seems like spying (after all you wouldn’t let them talk to that creepy man in the park would you).
What to do if the information is “out there”
Some risky information will probably be out there. Your Friends may have posted it. You may have posted it in the past and be unable to delete it. Your mother’s maiden name may be available on a genealogy site. And if you are a company director your birthday and home address are probably going to be available.
Or the information could leak out. You may have set your privacy settings on Facebook so only your friends can see your posts but what if their account gets hacked or they forget to log out of Facebook when using a publicly accessible computer e.g. at a library, or their mobile phone gets stolen?
If you know what is out there you can increase your safety. So do that search. Once you know the risks you can try to take action. You could for instance ask your bank to change your mother’s maiden name to a codeword. And if your birthday is available then posting an alternative birthday on Facebook may give you some protection as that is where thieves will look first.
You will never be able to protect yourself completely. But you can at least make yourself more secure than other people. After all, if you are camping in the woods and a hungry bear comes along you don’t need to run faster than the bear. You just need to run faster than the people you are with! Any suggestions to strengthen this information, then please do get in touch.