Create strong passwords, one per site. At one time, I used a series of passwords that mashed up names and interests from my distant past. That made them harder to guess, but even so, I've taken to using a free software program, KeePass (recommended to me by a retired, security-conscious LEO friend), to randomize and store my passwords on my local hard drive. That way, not only is it easier for me to use the recommended long letter-number-character gibberish strings; it's also easier for me to use one password per site.
Limit the people you connect with, and know who they are. Many LEOs I know have strict “friends, family and close colleagues” rules on Facebook; some don't even connect with colleagues there, preferring LinkedIn or Twitter for that purpose. In any case, knowing whom you connect with—whether in person, or having interacted with them enough online to trust them—can help you recognize the times when something seems “off” about their communication.
Open networking can help you find new job opportunities, career paths and business partners. But it has its down sides, too. Google “Robin Sage” and you'll find information not just on the U.S. Army Special Forces training exercise, but also on a cyber threat experiment that exposed a worrisome trend among military and security personnel: if a friend request came from an attractive female who worked in a similar industry, they'd connect with her, even if they didn't know her personally.
Wisely, a few of them did try to verify “Robin's” identity by calling the phone number associated with her account, or seeking her out through the MIT alumni association she professed to be part of. And neither FBI nor CIA personnel ever friended her. But many others granted her (actually, security specialist Thomas Ryan) access to parts of their lives that were pretty sensitive.
- Continue to limit the amount of personal data you put online (even if you do lock down all your accounts to private).
- Turn geolocation off for every social networking and mobile phone application you have. Disable geotagging for the digital photos you take.
- Don't respond to, or click links in, email, text messages, or instant messages that ask you to provide personal information. Your financial institutions and service providers will not do this.
- Know whom you friend, and who your friends are.
- Notice when your friends just don't seem like themselves, especially when they send you links that don't seem typical for them, or if they ask you for something out of the ordinary.
- Be wary of all requests for connections, whether via instant messaging, LinkedIn, Facebook, and other sites. Verify the person requesting is who they say they are.
It may seem like extra work. But just like training and practice can make you more observant and thus safer in the field, teaching yourself to practice information security can achieve the same result online—and offline too.
Got other tips on protecting yourself from social engineering attempts? Leave them in comments below!
- Email Fraud Overview
- Smishing Bank Scam
- Automated Man in the Middle Attack
- Profile Duped Military Intelligence IT Security Pros
About The Author: