With the increase in public awareness of cyber threats, online users have come to realize the importance of safeguarding their most valuable information, such as bank and credit card accounts, birthdates and social security numbers.
What most don’t realize, however, is that a simple business card could give them away.
That is because the three most dangerous pieces of information one could reveal is a name, email and phone number, said Thomas Ryan, co-founder and managing partner of cyber operations and threat intelligence for Provide Security, LLC, former ethical hacking instructor, and architect of the “Robin Sage Experiment.”
In his talk, “When Hackers Attack: Protecting Your Online Identity,” Ryan, a panelist at the third annual International Conference on Cyber Security, emphasized that securing one’s identity is critical in the days of ubiquitous Internet use. Identity, he said, is what makes a person unique and hence is the “most valuable and intangible possession.”
But if placed in the wrong hands, even seemingly benign details about oneself, such as a phone number or email address, could compromise identity.
“When you click yes to accept a friend on social media… that information automatically gets downloaded,” Ryan said, referring to the biographical data posted to social media sites. “You have to be careful of all the information you put out there.”
Information that is broadcast on the Internet—for instance, via social networking sites like Facebook and Twitter—is permanently stored and easily accessed. Using this basic information, skilled hackers intent on stealing identity can piece together who their victim is and unearth other details about him or her, such as location or employment.
Cell phones carry similar risks, Ryan warned. Because photos sent from cell phones are stored online before reaching their intended recipient, the devices provide another window through which hackers can enter.
In addition, tracking tools allow cyber predators to follow a subject without having to personally monitor him or her. Advanced online alert systems dispatch emails each time the subject performs an activity online.
“Do people monitor you?” Ryan asked participants. “Are you being followed? Traced? The answer is yes.”
The risk to personal identity might cause some to demur at using social media or other Internet resources. But in fact, Ryan said, one defense against hacking and identity theft is to utilize these very sites.
“Not using social media doesn’t save you,” he said. “[Hackers might say] ‘I’ll just make an account as you and everyone will come to me, because they’ll see my name, and I’ll get the information out of that.’”
By creating a Facebook or Twitter account, even without the intention of actively using it, the user establishes a genuine, online presence in his or her name. Any additional pages that appear in the individual’s name are then red flags for potential hacking schemes.
Along with taking preventative measures, such as limiting the amount of personal information one introduces to the Internet, Ryan suggested several supplemental measures that can warn users about potential hackers. Creating a social media account before impostors do is one example. In addition, tools such as Google alerts and Twilert—an alert system for Twitter—automatically email individuals when their names or another personal piece of information is publicized.