Security Awareness and Data Protection | Are you safe?

As the new year approaches, it is the ideal time to ensure your online security and data protection efforts are up to speed.

Here a few best practices to be aware of:


NEVER Re-Use a Password

I can’t emphasize this enough.  Sites are getting hacked daily, so this is the biggest danger.  If you re-use a password, each of those hacks means you are vulnerable in multiple places, instead of just one.  Here are some of the password managers that you can use to make this task much easier:

Be warned: Password managers that store your passwords online for you can also be hacked (i.e LastPass).  I recommend using a password manager where you own the storage and can share it in a secure manner with a local key that the vendor can’t lose.
  • KeePass (Free, open source, multiple platforms)
  • LastPass
  • Dashlane
  • 1Password
  • Roboform

Also, Make sure you secure your password list with a very secure password.  These are the “Keys to the Kingdom.”

Install Mobile Security Software

You want to install a security application that scans for malware, protects from wireless attacks, and ideally warns you about other potential hazards (PUPs).  Just like with other computers, I recommend using one of the major developers that provide frequent definition updates.  Below is a list of the vendors I would recommend (in no particular order).  This is not exhaustive but if you are selecting someone not on the list, then you should be careful to make sure they are reputable.  Several protection packages in the stores are ineffective, and some actually ARE malware.hacker-1569744_960_720  Also, the free versions of most of these provide some protection but you will probably have to pay in order to get the full feature and/or definition updates.

  • McAfee
  • Kaspersky
  • Lookout
  • AVG
  • Avira
  • Norton/Symantec
  • Malware Bytes (MBAM)

Some of these are just for detecting malware, and others include features like locating lost devices, remote wipe, email scanning, etc.  Here are some links that can help you research and select one within your price range and feature requirements:

Configure a screen lock

This is the first line of defense in the event your phone is stolen or locked.  I recommend a fingerprint lock (if available), followed by a solid password – meaning 8+ characters, and using ALL of the following: upper-case, lower-case, numbers and special characters.  Remember, if the backup method isn’t secure, then neither is the main method (i.e. A fingerprint won’t protect you if the bad guy can resort to a 4-digit PIN as the backup entry method)

Check your application permissions

As you are installing applications, remember to think about the permissions they are asking for.  Does a game really need your location?  Does a screensaver need your contacts?  Does this developer you’ve never heard of that may live in his Mom’s garage in a foreign country need to know your identity details?

If you would like to see what permissions you’ve already given and modify them, here are instructions.  Some of the protection software listed above will also help you with this.

  • Android 2.x – 5.x: Menu>Settings>Applications>Manage Applications.  Then choose an app and scroll to the bottom and it shows you the list of permissions.
  • Android 6.x: Open the Settings screen and tap Apps. From the list of all your installed apps, tap the gear icon in the top-right corner of the screen and tap “App permissions.”
  • IOS (iPhones): Open the Settings app and scroll down to the list of apps at the very bottom. Tap an app and you’ll see the permissions it wants.

ID Protection

There are several services out there that will monitor your identify for theft.  Below is a list of reputable vendors that are not scams.  There is a wide range of features and detection quality and, in general, you get what you pay for.  There has also been quite a bit of press about some services using deceptive marketing practices regarding the capabilities of their services.  My recommendation is to use these services to augment or automate the normal things you should do to protect yourself.  Here are the things you should be doing to protect your identity:

  • Make sure you are using secure practices for your online accounts.  NEVER re-use a password, use secure passwords (8+ characters and complex), never use public information (birthdays, kids’ or pets’ names, etc)
  • Physically protect credit cards and other financial information.  Shred anything with account numbers, instead of using the garbage/recycling bin.  Report lost cards IMMEDIATELY.  Make sure to keep those phone numbers somewhere safe – the emergency number on the card won’t do you any good if the card is stolen.
  • Check your credit reports regularly.  New account fraud is an uncommon form of identity theft, but can also be one of the more expensive and difficult ones to recover from.  You can go to and get a copy of your credit reports once a year for free.
  • Guard health insurance information!  People often forget about things like insurance numbers, but health insurance fraud can be just as devastating.

If you decide you would like a tool to augment some of these things, you can consider the following:

  • Trusted ID
  • Life Lock
  • Identity Guard
  • ID Shield

Remember, these are not a silver-bullet and they should only be used to help with some protection tasks.  If you’re not taking steps to protect your identity, they won’t be able to save you from yourself.

Remain vigilant and ask questions!

This is vague, but is probably the most important item on the list.  Always be aware of what data you are giving, who could intercept it, and how it’s protected.  Here are some quick tips:

  • Be aware of who can use the access point you are connecting to.  For instance, if you’re in a coffee shop and the password is publicly available, then assume the public can see what you’re doing.
  • If your device is lost, disable it and change your passwords as soon as you possibly can.  Some of the protection software can help you with locating and/or disabling a lost device.
  • If someone calls you, don’t assume they are who they say they are.  If someone calls you and claims to be from a bank or other financial institution, ask for their extension and dial the main number on that institution’s website.  Spoofing caller ID is easy, so don’t use that as proof.

Share your thoughts