By Bruce McIndoe, President and Founder of WorldAware
With great frequency
these days, we hear about a major data breach of a popular online merchant or
corporate behemoth such as Marriott, Macy’s, Delta, or Best Buy, and cringe. We
wonder if we will get the dreaded “Sorry for the break-in, but we are offering
you free credit monitoring for a year” email. Then, we wait to see if the
credit card we used will be compromised and, after much hassle, we go through
the process to cancel and get a new card.
We could avoid all of
this by not purchasing things online, but that is both hard and impractical as
more and more “brick and mortar” stores like Sears, Kmart, Toys ‘R’ Us, GAP and
J.C. Penney shut down.
We could just carry
on, as we always have, and wait for the next data breach that leaks our
personal information and deal with the fallout.
What else can we do?
We can be proactive rather than reactive. Don’t give these sites your real
personal information. Create and use a digital persona, and you will never have
to worry about your personal information again.
How You Lose Your
Personal Information
To register and obtain
a product or service through a web site, you are required to give the website
your personal information such as your email, phone number, address, and credit
card information. When the site gets hacked, this is the personal information
that gets stolen. Criminals use this personal information and other information
about you on the internet to recreate your real-world persona and pretend they
are you! With this persona, they can play havoc with your life and cause you to
spend untold hours dealing with the aftermath.
You can proactively
fight back by creating a digital persona that mirrors your real-world persona.
A digital persona is like having a covert identity when you go online. You
NEVER give a site all your real-world persona information. You use your digital
persona and common sense to thwart the hackers and criminals. Here is how it
works.
Creating a Digital
Persona
To create a digital
persona, you need to create a mirror of your real-world persona. The table
below summarizes what you need to do for all your critical real-world personal
information.
Creating a Digital
Personal Email Address
Creating a new email
address is a very straightforward process for any service that provides a free
email service such as Google’s Gmail, Yahoo! Mail or Microsoft Outlook.com.
First, remember to create your digital persona phone number to support
two-factor authentication and password recovery.
If you just need a
temporary or perishable email address for one-time use like downloading a white
paper or a website, use a service such as 10MinuteMail.com. These services
provide you a temporary inbox that will self-destruct after 10 minutes. You can
extend the use of the mailbox in 10-minute increments if you need to.
Tip: Don’t
auto-forward messages from this account to your real-world account unless you
want to deal with a lot of spam. Periodically, delete all the old messages.
They should all be spam or old transaction messages. If you want to keep a
message, manually forward it to your real-world email.
Creating a Digital
Personal Phone Number
There are several
online phone services that enable you to create a virtual phone number and link
it to your real-world phone or phones. The one that we have used with great
success is Google Voice. You can try other free virtual phone number or voice
over IP (VOIP) services such as iNum and CallCentric. Skype and others can
provide this capability as well, but for a fee. You will want to make
sure that the virtual phone number will support both traditional phone calls
(POTS) and mobile texting. The mobile text is important for sites that want to
text you a one-time access code in addition to your password.
Tip: If the service
supports it, try to pick a phone number that you can easily remember. Use an
obscure area code with lots of options for the last 7 digits. You really only
need inbound call support. If you want to make calls on this number, you will
typically have to pay a fee.
Creating a Digital
Personal Credit Card Number
Many credit card
providers, such as Citi, Bank of America and Capital One, provide you the
ability to create a one-time use credit card number or virtual credit card
number that can only be used for that transaction. This is great, but the
process of using them can be cumbersome. Most browsers provide add-ons to be able
to create these virtual credit card numbers easily when you are going through
checkout on a site. There are online services, like Privacy.com, that can make
the process easier and provide more features and options around the use of
virtual credit cards to support recurring subscriptions (you specify the
vendor, maximum amount, expiration) and can set up multiple funding sources. To
use this service, you need to link the virtual credit card, which is more like
a debit card, to a checking account. If you are not comfortable with using
virtual credit cards, you can just open a credit card account specifically for
online and other situations, like restaurants, where the number is potentially
exposed. If it gets compromised, you just get a new card and pick up from
there.
There are also digital
wallet services such as PayPal, Apple Pay, Google Pay, and Chase Pay that are
supported widely and can be used to protect your real-world credit card(s).
However, you do ultimately have to enter a username/password to use these
services which can be stolen.
Tip: It is easier to
pick one virtual credit card or digital wallet service and stick with it —
possibly two if you are doing more sophisticated payment options with one.
Creating a Digital
Persona Mailing Address
Traditionally, people
have used a post office box service to have a fixed mailing address. However, a
post office box requires you or someone to go and open the box to get the mail
physically. In addition, many sites require a physical mailing address to a home
or office and will not accept a post office box. Many options are available for
creating a digital persona mailing address.
Want a Laguna Beach,
CA or Wall Street address? Services like virtualpostmail.com and
PhysicalAddress.com allow you to pick an address location and various service
options for a monthly fee ranging from $7 to $15 per month. Typically, a basic
service will receive mail and packages and scan the outside of the item. You
will get a notification and look at the scans online. For each item, you will
tell the service to destroy the item, scan the contents or forward the item to
another address.
There are services
like Viabox that charge no monthly fee. You only pay for shipping to get your
package. However, do your research on these services; the reviews of these
services are typically either excellent or “never use them.”
Tip: In the US and
other countries, you must formally authorize a 3rd party to open your mail. In
the US, you need to fill out a USPS Form 1583 and have it notarized.
Protecting your
Real-World Name
It is generally
against the law to use a false name with the intent to defraud someone. Defraud
means to induce someone to surrender something of value relying on a
misrepresentation. For many sites like FaceBook, using a false name violates
its Terms of Service (ToS). However, if you are just trying to protect your
identity, the use of a pseudonym generally is acceptable unless it violates the
site ToS. Check the site and verify their terms.
Never provide fake
name information where financial transactions are involved, such as selling
goods on eBay or Amazon, opening a bank account or applying for a credit card
or loan. This constitutes fraud, and the digital persona is intended to help
you avoid being defrauded rather than becoming a criminal yourself.
Tip: As with all
things on the internet, “there is an app for that.” If you are going to use a
fake name, then use a service like Fake Name Generator (fakenamegenerator.com).
You can specify your sex, country and your name set (heritage); the service
will then generate a complete profile - name, address, height, weight, and
much, much more.
Purge Your On-Line
Real-World Personas
Once you have your new
digital persona, you can systematically update your existing online profiles to
your virtual personal information. This is also a good time to cancel and
delete any services that you no longer use. There is no sense having your
personal information sitting out there for someone to buy or trade when the
company is sold or goes out of business. You should start with any sites that
store your credit card information and replace it with your digital persona
virtual credit card. This is also a good opportunity to update your password
for the site. Think about using a password manager such as LastPass or Keeper
as you go through this process. Using a tool like this can make life much
easier than trying to remember your usernames/passwords for multiple sites or,
worse, using the same passwords for all or most sites and/or writing them down.
Tip: Pick and use the
same “clean” browser for all your online accounts and transactions. There is no
sense having your access history, site cookies and possibly stored
usernames/passwords in multiple browsers. Don’t use this browser to surf the
web or access sites with which you are not familiar. You do not want malware or
other hacks of your protected browser that may compromise data stored or
entered. When using a password manager, always use multi-factor authentication
and increase the length and complexity requirements of passwords to reduce the
chance of a successful brute force attack.
Once Your Digital
Persona is Live – Relax but Be Vigilant
It goes without saying
that anytime you interact with a new website registration or make online
purchases, you will only want to use your new digital persona. Once you are
comfortable using a digital persona, you can create multiple digital personas
for different activities such as gaming sites, video & music services, and
online purchasing. By making an effort
to remove your real-world persona information from the web, you can sit back
and relax when the next cyber-attack happens.
Meet the WorldAware
Team at BTS
Listen to Bruce
McIndoe share additional personal protective measures for your travellers at one
of two informational sessions: February 26 at 11am and February 27 at 11am. Learn more about
WorldAware and set up your personalized session with our team of experts: See Schedule and register for FREE www.businesstravelshow.com
About WorldAware
WorldAware, Inc.
provides intelligence-driven, integrated risk management solutions that enable
multinational organizations to operate globally with confidence. WorldAware’s
end-to-end, tailored solutions integrate world-class threat intelligence,
innovative technology, and response services to help organizations avoid
threats, mitigate risk and protect their people, assets, and reputation.
Founded in 1999, WorldAware is a privately held company headquartered in
Annapolis, US with offices in London, Cape Town, and Singapore. For more
information, visit WorldAware.com.