How To Stop Your Personal Wikileaks--Personal Technology Security

How To Stop Your Personal Wikileaks--Personal Technology Security

Summary: There's more to personal security than your password. Data thieves want your personal information. Don't make it easy for them to take it from you.

SHARE:
20

Wikileaks has been a huge topic in the news and general discussion worldwide--and with good reason. There's an incredibly large amount of damning information that embarrass quite a few world governments, revealing normally hidden information to the public. Information that typically remains hidden in order for governments to function.

The general public usually doesn't know and doesn't want to know what goes on behind the scenes; it's either too difficult to follow or too frightening. That's not to say that people aren't deserving of the right to know what their government is up to--at least in a democratic society.

This is not a political blog, however. I used this topic as an example of how a break in the chain of security can allow for the release of information that was not meant to be seen except by its intended recipients. On a personal scale, something like this could ruin a career, allow your identity to be stolen, destroy relationships.

Jason Perlow recently wrote about Personal Wikileaks, where he described how he had been sent a smartphone to be evaluated only to discover that the previous user was a high-level technology journalist; one that has the direct attention of major technology industry leaders. To give you an idea of what I'm referring to, my personal predictions for the tech specs of the next tablet from a fruit-named company were solidly confirmed. I'll leave those for another article.

Also Read: Don't Wikileak Yourself -- How Safe Is Your Smartphone?

This wasn't even an isolated incident. There are hundreds of instances in the tech journalism field where personal devices were used, evaluated and returned without being properly purged of personal information before being sent back, and they weren't wiped at the vendor's end, either. It's a chain of carelessness.

When discussing this situation with Jason, he said it was an epidemic. I agree, but it's not a recent one. It's a systemic issue that is somehow ingrained in our personalities. As a people, humans do not typically consider security of their information unless they consciously focus on it. Instinctively we still go back to our early evolutionary ancestors: shelter, food, safety from predators.

Well, it turns out that there are predators everywhere, and they don't typically want to eat your carcass in this day an age. They just want to consume your data.

I could provide dozens of links to articles concerning accidental data leaks. I'm sure my readers have seen them as well: celebrities losing their cellphones containing racy pictures of themselves; government agency employees losing their laptops, and we find out that the private information of millions of US citizens had been downloaded to it; political candidates having their email accounts hacked because they used simple passwords and easy to guess answers to security questions; commercial website databases getting hacked, revealing the financial information of their customers that ends up getting sold to some overseas black market group.

Let's face it, there really isn't going to be an end to these information leaks until people start treating their personal information the same way they treat their money, homes and families. Jason provided a number of examples of securing the data on your smartphone. Of course, wipe the data on phone and storage card before giving the phone to someone else.

Use remote admin capabilities with your phone in the event of losing the device so you can wipe all stored data on it. Use a screen lock PIN or password. Use a SIM lock password as well if available. Most phones will let you dial 911 (or whatever your local emergency number is) without having to unlock the phone so you can still make an emergency call even if you don't have the time to unlock it.

But this goes much further than smartphone security. Your data is everywhere: on your smartphone, your home and work computers, dozens or hundreds of websites. One of the first mistakes people make is to use the same password for everything. If a hacker got into the user database of a popular website, such as those owned by Gawker Media, and the users there have the same passwords in operation in other places (they do), then it's only a matter of time before they get their data compromised elsewhere.

Your passwords are probably one of the weakest links in your data security. Instead of having one regular password, have six. Make them all difficult to crack: at least 8 characters in length, and at least one capital letter, one number, and one special character (@, !, #, $, %, etc.). Don't use actual words for your password, or anything that relates to your life. Rotate your password usage regularly. Using the same password for more than 90 days isn't advisable.

Physical access to your personal computer and devices is another point to consider. Most of the time people carry their cellphones with them. Unless, of course, you are one of those people that gets a lot of phone calls but leaves their phone at their desk and disappears for an hour. If you are one of these people and worked near me, you may have been one of the many victims who found their battery contacts taped over, or your ringtone changed to a shotgun blast.

Practical jokes aside, it's important to control physical access to your data devices as well. Walking away from your desk at work? Lock the screen with a password. Take your phone with you. Are you in an office where visitors can walk right in without being intercepted by security or locked doors? If you've got a laptop, it's a good idea to either take it with you at the end of the day or lock it in your desk. Portable computer hardware disappears all the time. Don't leave it on your table at Starbucks while you make room for more coffee.

Another item to secure is your cloud data. You may not realize it, but you very likely have data in the cloud right now. Your email, whether Gmail, or Hotmail, or Yahoo, or some other web-based service, uses cloud storage. Accessing your email from your own computers isn't an issue, but accessing it from a strange computer is. Libraries, Internet cafes, pretty much any computer that isn't your own.

You don't know if there's a keylogger on that computer, and even if there isn't you may not be able to wipe the history and saved passwords from that system. If you are using a computer that you don't fully trust, it's not a good idea to use it to access your personal data. That goes for any website with your personal and financial data, not just your email.

I could go on and on about different little things to keep track of until your eyes started to bleed from reading all of it. It really all boils down to treating your personal information as important to you as anything else in your life.

Most people don't even consider it until they suddenly discover that their identity has been stolen, or someone charged something expensive on their credit card. It even happened to me, which is why I won't let someone read back my credit card number to me aloud when I give it to them over the phone. I won't read it aloud either; that's exactly how a former coworker ended up in jail by using my credit card to buy a $3000 plasma TV, emptying out my bank account in the process.

Just a small amount of effort and a shift in awareness can make all the difference. Thieves, even data thieves, are more likely to go after easy targets. If you don't provide them with an easy target, they're likely to go elsewhere. Keep your anti-virus and anti-malware software up to date, keep an eye on your devices, and play it safe.

Topics: Security, Hardware, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

20 comments
Log in or register to join the discussion
  • RE: How To Stop Your Personal Wikileaks--Personal Technology Security

    Since hackers know we're supposed to use capital letters and special characters, exactly how does using them in passwords make the passwords better?
    Vesicant
    • RE: How To Stop Your Personal Wikileaks--Personal Technology Security

      it aint "HACKERS" that know this. it is the scripts they use to crack passwords.
      regardless its all a MOOT point when all the supposed TECH savvy aka idiots of the world are posting personal info all over facebook etc....
      bspurloc
    • RE: How To Stop Your Personal Wikileaks--Personal Technology Security

      @Vesicant
      Computers still find the mix harder to decipher because they have to sort sequentially. A human could recognize a pattern
      more more rapidly but can only deal with so much at a time.
      newdawn20042001@...
  • RE: How To Stop Your Personal Wikileaks--Personal Technology Security

    @Vesicant Hackers may know you're supposed to use them, but they hope you don't. There are 26 letters in the English alphabet. Using capitals effectively doubles that number, which in turn greatly increases the amount of time it would take to brute force crack it.
    Scott Raymond
    • RE: How To Stop Your Personal Wikileaks--Personal Technology Security

      "hackers" dont know anything. the cracking programs do. They dont care how many capital letters are used, it is part of the scheme to get the password. only an idiot would write a program that is case insensitive.
      bspurloc
      • RE: How To Stop Your Personal Wikileaks--Personal Technology Security

        @bspurloc
        newdawn20042001@...
      • RE: How To Stop Your Personal Wikileaks--Personal Technology Security

        @bspurloc Programs are a set of instructions that don't 'know' anything - anymore than a calculator does. But I do use capitals, numbers and a special character, also I use a different password for my business apps than my social ones.
        newdawn20042001@...
      • Only an idiot...

        @bspurloc .... would think that "hackers" all all they should worry about or that everyone who steals personal data uses a program to crack a password.
        *Gman*
      • RE: How To Stop Your Personal Wikileaks--Personal Technology Security

        @bspurloc Programs and computers don't know anything - they just contain what humans tell them to. So the hackers write the programs and scripts that perform their illicit tasks. It still goes back to the human element.
        Scott Raymond
  • RE: How To Stop Your Personal Wikileaks--Personal Technology Security

    As does using special characters and not using common words subject to a dictionary attack. And lock down your wifi with WPA turn off wireless router config etc. Don't use the same password for important and trivial things...
    carl@...
  • RE: How To Stop Your Personal Wikileaks--Personal Technology Security

    I find Microsoft's password creator/checker works really well to at least give a person an idea of what a strong password really is:
    http://www.microsoft.com/protect/fraud/passwords/create.aspx
    I had never thought about preventing people from repeating a credit card aloud. Will certainly incorporate that suggestion into my security procedures from now on. Great article!!!!!
    patskelley@...
  • RE: How To Stop Your Personal Wikileaks--Personal Technology Security

    I think it would be interesting to set up a dummy account with dummy info and a dummy password - leak that out and see if some dummy hacker bites and tries to withdraw the dummy money - But instead, the money is withdrawn from the hacker's account and put into a fund to repay newbies who have learned an expensive lesson.
    newdawn20042001@...
  • RE: How To Stop Your Personal Wikileaks--Personal Technology Security

    I suggest that one save Account and Password info on a flash disk, keep it uninstalled and in a safe place when not in use.
    newdawn20042001@...
  • RE: How To Stop Your Personal Wikileaks--Personal Technology Security

    DO NOT use the word wikileaks as a buzzword to describe something bad. Freedom of information is NEVER BAD. Your use of the word like this is even more ridiculous and sensationalistic than zdnet usually is.
    thombone
  • Nirvana

    Since I use B-Folders I have no such concerns. I keep all my secret notes, CC etc. and sync between multiple computers and a couple of phones without using any cloud services. My data is in my command, check it yourself: http://jointlogic.com/b-folders/2/
    olafohman
  • RE: How To Stop Your Personal Wikileaks--Personal Technology Security

    Still, most people who want to gain access will bypass any of your security measures, and just use social engineering. It's often times the easiest way to gain access to ANYONE's data, premises, personal finances, and just about anything else, if the person is gullible enough to believe whoever is attempting the attack.
    Roc Riz
    • RE: How To Stop Your Personal Wikileaks--Personal Technology Security

      @Roc Riz You are absolutely correct. I guess I left out an obvious one: Don't give people your password no matter how convincing they are. Don't give strangers access.
      Scott Raymond
  • RE: How To Stop Your Personal Wikileaks--Personal Technology Security

    No worries.
    james347
  • Well

    The answer to this would be not to store sensitive information where it is easily accessible.

    <A HREF="http://www.zdnet.com/blog/open-source/who-google-has-in-mind-for-its-chrome-os-users/7961">Oh, right....</A> Google wants us too!
    The one and only, Cylon Centurion
    • RE: How To Stop Your Personal Wikileaks--Personal Technology Security

      @Cylon Centurion 0005 I've spoken about security concerning data in the cloud in a previous article. The best way to deal with it would be to not store critical private data in the cloud without encrypting it first.
      Scott Raymond