- A unique password for each on-line account or account groupings with a minimum of 8 alpha-numeric and non-standard characters that are not an explicit word or phrase. While you may have an incredible password, if it is the same across all of your accounts, a thief with immediate access to one of your other accounts has access to them all.
- Encrypt all data storage devices such that if your phone, tablet, or computer is stolen (assuming you were not logged in and active at that time), the data cannot be obtained even if the storage is removed from the device. Encrypt your SD card too, if supported, or do not move key apps and dadta onto the SD card.
- Enable remote locking of your phone so that if lost, it can be disabled.
- Do not install bank, PayPal, or investment apps on your phone, or do not auto-enter your account name and password. The chance of you losing or having your phone stolen is substantially higher than your laptop or desktop computer. And as your phone is always on-line, it is interrogated on a regular basis and therefore is more susceptible to a break-in.
- Use the Private Mode on your web browser for all financial transactions. Do not allow 3rd party cookies. Clear your browser cookies once a day, or worse case every week. Remember that in a non-private mode, when you move between websites your browsing history can be tracked by cookies, meaning companies know where you came from and where you will go next.
- Log out of every account you are not using, on your phone, laptop, and especially at a cafe.
- Use a cable tether from your phone to your laptop, not cyber cafe networks or open networks on city streets if you are at any point in time entering a username and password. Or use a Virtual Private Network (VNP) to secure the full connection, end-to-end.
- If you have the capability, create an email alias for every new on-line account, such that facebook@[your_domain_name].com and twitter@[your_domain_name].com are different from united_air@[your_domain_name].com or first_bank@[your_domain_name].com. This allows you to track who is selling your data and at the same time, keeps bots guessing as to what your login email address might be.
- Get your friends and co-workers to drop Hotmail and Yahoo! as these email systems are single-handedly responsible for the vast majority of spam. Every time an account is hacked, the bots harvest the address book and deliver its contents to massive databases sold to marketers.
- Never accept a broken or invalid security certificate. Never. A broken security certificate can be a sign of a man-in-the-middle attack or spoof in which your credentials are intercepted and stored for use by hackers.
Finally, read every End User License Agreement (EULA) before installing a new app on your phone. Use Uber? You might not if you knew how much of your life they have acquired: your full contact list, calendar, and every text message you send. Just because a company’s services are cool does not mean the company is cool with your data. You need only look at Zuckerberg’s congressional testimony to understand the effect of an open-ended EULA and associated privacy and distribution. As of May 25, the European Union implements the General Data Protection and Regulation (GDPR) policies which will change the way in which all international corporations manage client data.
Thank you Chris Murtagh for guiding me for the past two decades to maintain high quality server and personal computer security. Surely, the horrendous mistakes you have witnessed in your world of systems administration has saved me and others countless catastrophes.