Most of our life we spend on the Internet these days. We share our personal information here, there, and everywhere. Sometimes, (may be most of the times), we can’t keep on thinking on what to share and what not to share. We hear about data breaches and hacking news every day. In situations like these, where sharing personal information and data breaches have become part of daily life, it becomes more important to protect your digital identity.
In this article, we will NOT focus on Online Tracking and Protection of your Digital Privacy. But, we will focus on protecting your digital identity. This is to make sure the minimal impact in the event of a data breach at a company you do business with.
What is digital identity?
Digital Identity is what identifies us as citizens in today’s digital world. It allows the association of information to a physical person in a digital context.
Your physical identity is associated with series of characteristics ranging from name, age, gender to academic, cultural, and social levels, including tastes and/or preferences. In case of digital identity, few extra characteristics are added such as email id, social security number, credit card number, debit card number, and bank account number etc.
The digital identity (or identity 2.0) is same identifying information corresponding to your physical identity but published through the Internet and complemented by other elements such as the email or the digital signature.
Although these are private elements, they allow authorized users and/or third parties (platform owners) to access personal data that identifies you in the physical world.
With the development of the Internet, we are making more online purchases and accessing more services online. There is no doubt that it is a breakthrough. It makes our life easy. It gives us plenty of opportunities to connect with rest of the world in variety of ways. But, every coin has 2 sides. When you want “Heads”, you will have to take “Tails” as well along with it. In the same way, Internet also poses an important challenge on our digital identity’s security and privacy of our personal data online.
There are various security threats on the Internet. Let us take a look at some of them in brief.
Common security threats
Malware is any unwanted software that is installed without the user’s consent. It is used to disrupt computer operations, collect data or otherwise gain unauthorized access to private computer systems.
Phishing is attempting to maliciously get information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity.
Spamming refers to the use of electronic messaging systems (email) to send unsolicited bulk messages (spam), especially advertising.
Spyware gathers information about a person or organization without their knowledge and may send this information to another entity without consent.
Browsing the internet connects you with millions of other users and computers around the world. Some of these users choose to exploit this connectivity for malicious purposes such as stealing data or manipulating IT systems.
Identity theft is a major cause of concern since quite some time now. It occurs when someone uses personal information about you without your permission. Thieves may attempt to steal your personal details such as name, address, contact details, financial details, passport number or social security number in an attempt to impersonate you. They may use your identity to conduct illegal activity or steal from you, resulting in financial loss, legal issues and reputation damage.
With social media channels like Facebook and Twitter remaining as popular as ever, cyber criminals are able to access a wealth of personal information online.
Even people who think they are being cautious with their privacy settings could be vulnerable to a cyber-attack – particularly if they allow third-party applications to access their profiles.
Once a user’s information such as location, date of birth and family connections has been logged, this can be used to hack into their other accounts, such as banking and online storage.
Article published on Marketwatch.com gives more insight into the current state of Identity Fraud.
Protect Your Bubble, the gadget insurer, has been running a campaign in the US called ProtectYourProfile.org, which shows how easily a computer hacker can breach a consumer’s data from their own Facebook account. Users can test the security of their own profile.
If your digital identity is stolen, cyber-criminals can access your bank accounts or make online purchases in your name. Also, they can damage your reputation on social networks.
To protect your identity online, first you should be very conscious that digital identity theft is increasingly common. It could happen to you tomorrow.
How secure are you online?
A difficult question to answer or there is no straight forward way to answer this question.
No matter what happens in the world of cyber-crime, world’s average population can’t afford to lose money lying in their bank accounts.
You may afford to lose all your data like what you eat, what you like, music you listen or movies you watch. You can afford to lose everything about your interests for personalized or targeted advertising, but you can’t afford to lose money or someone stealing your identity.
No matter how careful you are while sharing your personal information online, sometimes you have no choice, but to share the most sensitive and critical personal information of your life.
While you apply for a credit card online, you are bound to provide almost everything about yourself including your address history. Credit Card companies have no choice, but to share your personal information with Credit Bureau like Experian, Equifax etc. These are big names of financial industry, but even they can experience data breach. It already happened with Equifax, where roughly 147.9 million Americans have been hit by the hack. It remains the largest data breach of personal information.
According to a report from Javelin Strategy & Research, before the Equifax hack, about 15.4 million consumers were victims of identity theft or fraud in 2016 and that was a 16 percent increase from 2015.
So, the short answer is that it is next to impossible to be 100% safe and secure online.
An average person can’t understand all the complexities associated with online world. We can’t completely eliminate the possibility to protect your digital identity. At best, we can reduce the risks by changing our online behavior. We can reduce the chances of someone stealing our digital identity. Even if someone steals your digital identity, we can reduce the impact on our daily life, specially the financial impact.
Let us see what you can do to Protect your Digital Identity before and after data breaches.
How to Protect your Digital Identity
Within the last decade, our senses of self and identity have made a major shift. Whether we’ve noticed it or not, the items that used to define our identities have gone from hard copy items, such as birth certificates and Social Security cards, to online banking passwords, Facebook logins, and mobile wallets stored in our smartphones.
The way we safeguard and protect those hard copy documents, we also need to focus on how to safeguard and protect your digital identity.
So how can you protect your digital identity with many of us relying on a little plastic box for news, information, and entertainment? You can make sure your digital identity harder to steal by following these simple steps:
1. Maintain Multiple Digital Identities
This is the most complex part, but also the most crucial part to protect your Digital Identity.
Do you ever mix your official email id (related to your job or work) and your personal email id? No, right? You never use official email id for any personal use. Similarly, you never use your personal email id for official purpose. The idea is very simple. Isn’t it. We never want to mix our personal and official life.
Similarly, there is a need to maintain multiple Virtual Identities or Digital Identities and to make sure that we never use them interchangeably.
We recommend to create and maintain separate Digital Identities for different purposes. You might say that it is already difficult to maintain one. How can we maintain multiple? We will request you to have patience till the end of this article. We will answer all the questions.
Primary Personal Identity
Create one email id, which you will only use for bank and/or governments records only. You should never link your bank or any of the government records with social media like Facebook, Twitter, Instagram etc. You need to ensure that you NEVER share this email id with anyone except banks and governments.
For example: email@example.com
Secondary Personal Identity
Create another email id, which you will use for the personal use. This personal use will be for rest of the purposes of your non-digital life e.g. electricity bill, landline phone, mobile phone, Cable TV and Internet services etc.
For example: firstname.lastname@example.org
Third Identity: Social Purposes
Create and maintain another email id for social media. This can include Facebook, Twitter, Instagram or anything you register for online. This will include all your mobile apps you register for. Anything you use on the phone should have one single email id. So even if you are linking multiple mobile apps because of any reason, then it should be linked with the same email id.
For example: Digitalprivacywise.email@example.com
Fourth Identity: For all other purposes
We will not enforce this. It’s your decision if you want to use fourth digital identity or not. But, we will recommend to have one. You should assume that email id you can get rid of anytime and it will not impact your digital life in any way.
You can use this email id for various subscription purposes or where you feel that you don’t want to share your email id. Most of the websites ask for email id, before you can view or download their free content. You don’t want to share your email, but you can’t resist the temptation of getting hold of free stuff. That’s when you should use this email id.
These websites may not allow you to view or download unless you confirm the email id. There are options available for disposable email ids but considering that article is mainly for an average population of this world, we will not advice that here.
Do you need to maintain multiple email Ids?
No. But it depends on which email service provider you are using. For example, if you are using Microsoft Outlook, then it allows you to create multiple alias emails.
Benefits of having Alias Email Ids
- The benefit of using alias email id is that you still have only one email id, which you use to login as well. You can create multiple alias email ids within the same account and will receive all the emails in the same inbox.
- You can use your primary email id for login purpose. So even if your other email ids are stolen, no one will be able to login using alias email ids. You will not share your primary email id with anyone, so there are less chances of your primary email id being hacked.
- Microsoft Outlook allows you to have 10 alias email ids besides the main one. That means you can have 11 different email ids and all emails are delivered to the same inbox.
2. Use Passphrase and not Password
You have heard about it many times. Please, please, please use the Password Managers. It is must to have different password for different accounts. Here is the list of top 3 best password managers for you.
Disclaimer: Please note that we are not affiliated with any of these products and we don’t get any monetary benefits.
Usernames and passwords are the first line of defense to access your personal information online. As such, it’s important to be as diligent as possible in creating the strongest passwords and managing these passwords. But, if you don’t want to use Password Manager, then at least follow the basic rules:
- You should not use passwords anymore, but Passphrase. Try using at least 3 random words in your passphrase.
- Each passphrase should be at least 8 characters long including spaces. If possible keep it at least 16 characters long.
- You can even use numbers to replace letters “JU5T L!K3 THI5”.
- Avoid using personal information e.g. anniversary dates or children’s names.
- Strong passphrase should be generated randomly. Avoid using information about yourself or your friends and family, such as birthdays, sports teams, pet names, etc.
- Don’t use one passphrase for everything. Yes, this means that you will need a different password for each account you have.
- According to a report, the average person has 90 online accounts, so that’s a lot of passwords to remember. You can’t achieve this without Password Manager. So, at least make sure that you use a different passphrase for email and banking/financial sites at least.
If passwords are easy to remember, then they’re easy to crack, too. If you use the same password everywhere and if it is stolen, cyber-criminals/hackers can have access to all your accounts at once.
3. When possible, use two-factor authentication
Having the strongest usernames and passwords isn’t a failsafe method. If they are compromised, a hacker can easily access your accounts. To prevent this, always enable two step verification or two-factor authentication. You should make sure that another form of identity is required to access your account.
We have explained two-step verification and two-factor authentication in detail here.
4. Other Best Practices for your online behavior
If you can follow all the three steps mentioned above, then most probable chances are that you will be able to protect your digital identity from any event of data breach.
However, there is a need to change your online behaviour to have maximum protection possible.
- Antivirus Software: Make sure you have firewall and antivirus software on all your devices, including tablets and smartphones, and update the software regularly.
- Check if your existing email id has already been compromised. Register for future Scam Alerts.
- Don’t use public wi-fi AT ALL including airports and hotels. If you must, then use VPN softwares (not free, but paid ones please).
- Exclude important personal information from your social media profiles.
- Watch out for ‘phishing’ emails. Be alert to anything suspicious in the mail, like pre-approved credit cards you’ve not applied for and other financial offers. Do you recognize the email address? Phishing emails can come from a random email or from a known contact.
- Spam email is getting more and more sophisticated. Never respond to any emails with account info or passwords. Banks will never ever ask for your information in this way. If in doubt, call the bank directly to check or, better still, delete the email. Verify email validity before clicking on a link or downloading an attachment.
- Keep a close eye on your bank statements. Really savvy people cross check their receipts with the payment history on their statements, but this isn’t absolutely necessary. Keep an eagle eye for any unfamiliar transactions.
- No matter which Internet Browser you use. Use following browser extensions without fail: AdBlock Plus, Disconnect.me, HTTPS Everywhere, and Privacy Badger. We are not affiliated with any of these tools. All these tools are anyways available free of charge.
- Use Panopticlick to test how safe your browser is.
5. Stay informed!
Major data breaches are covered in the news, so this is often a good place to keep an eye on any attacks that could have compromised your personal information.
If you think you’re a target or have already been compromised, start by changing all your passwords.
Always be wary of any messages or sites that ask for your personal information such as: Usernames, Passwords, Bank account numbers, PINs, Full credit card numbers, Your mother’s maiden name, Your birthday.
Hopefully we haven’t reached the point where a thief can empty your bank account just by flashing your smartphone at the teller, but your device still contains a wealth of information that you must protect. While it’s not the same as your driver’s license or your passport, but it is crucial to protect your digital identity, especially when your financial identity is concerned. Protect your Digital Identity just like you protect any other form of documentation.