In the midst of the holiday season and as we get ever-closer to the new year (and 2015 tax filing), it’s important to remind ourselves how to stay safe online. Just because it’s a time of giving (and hopefully receiving) fun new electronics, toys and other goodies, it doesn’t mean that those who would steal your personal information and do you harm are taking time off. Luckily, there are some easy ways to help keep your information safe and guard yourself against potential attacks.
With all the deals going on and the potential for presents to be shiny and electronic in nature, a good number of us will probably receive a new phone, tablet, or other piece of tech in the next few weeks. But before you simply throw away or sell any of your old devices, keep in mind that most of us practically live on our devices and a lot of information naturally collects there. Pictures, GPS data, calendar events, emails, contacts… the list goes on and on. Unfortunately, though your latest cooking achievement may not be of much import to hackers, there is a real and growing market for buying used devices solely for harvesting personal information.
Whenever selling or simply detaching yourself from an electronic device, it’s incredibly important for you to perform a full factory reset. While the process varies depending on model and manufacturer, the general idea is to format the phone and erase any possibility of the retrieval of data. If it’s an old device and not worth much money, it’s much safer to simply submerge it in some water or treat it like the printer from Office Space.
Now, when it comes to setting up your shiny new device, there are a couple things to keep in mind. Use disk or device encryption whenever possible and choose a good password. This means straying from your pets and relatives’ names, birthdays, or anything else that could be easily guessed after reviewing your social profiles.
Internet Access while Traveling
During the holiday season, a good number of us will find ourselves working from home or from remote locations. While the locale may be a nice change of pace, you must consider the security of the networks to which you connect. One easy way to secure your connection to the world-at-large is through a VPN. Some companies provide this to their employees, but you can also find several commercial and free VPN services (just be sure it’s a reputable company and if you really care about data privacy check their logging policy first!). If a VPN isn’t available to you, a good alternative is to simply use your phone’s data connection. Many plans nowadays allow tethering your phone to your other devices to provide a mobile hotspot, and taking advantage of this can provide you with one of the most secure connection mechanisms available. But of course, check your rates and plan restrictions first.
On a more general note, it’s always a good idea turn off your Wi-Fi and Bluetooth when not in use. This will not only save some battery life, but it will also prevent your phone or laptop from inadvertently connecting to unknown Wi-Fi hotspots. This is particularly important with a modern smartphone: most people walk around broadcasting their current location and arbitrarily connecting to networks everywhere they go. Unfortunately, the bad guys now put out their own public Wi-Fi hotspots specifically to catch the unaware. If your device supports it, turn off the “automatically connect to networks” option, and always make your connections to a Wi-Fi hotspot a considered and deliberate action.
Last May, the IRS suffered a large-scale data breach, and in the resulting forensics analysis it was found that there were not only direct attacks on the IRS systems themselves but also social engineering attacks on individual taxpayers. This means that while you should always be on the lookout for unsolicited calls from anyone asking for personal information, you need to be especially cautious during the upcoming tax season. These calls may ask to “confirm” personal info such as social security numbers and addresses, and usually will end up asking for tax filing fees to be paid via credit or debit card.
Also be on the lookout for phishing emails posed as e-file confirmations. Just like you would under normal circumstances, don’t respond to links in these emails or call the phone numbers provided. Contact the IRS using their publicly published contact methods if you have any concerns. If you’ve ever been the victim of identity theft or if your personal info has been leaked in a data breach, you may also be at increased risk of having a false tax return filed in your name. If your information has been exposed (you can check using haveibeenpwned.com), keep an eye out for any suspicious activity in this area.
Hopefully these tips can help to make sure your holiday season goes off without a hitch… at least where your online security is concerned.
From all of us here at SailPoint: Happy Holidays!