In honor of the first-ever Identity Management Day, the National Cyber Security Alliance recently hosted Twitter chat titled, “Respecting Consumer Privacy.” See below for responses that were tweeted live during the chat by Quanterion Solutions.
Quanterion Solutions participated as an Identity Management Day Champion in this awareness event that was founded by the Identity Defined Security Alliance (IDSA).
The mission of Identity Management Day is to educate business leaders and IT decision makers on the importance of identity management and key components including governance, identity-centric security best practices, processes, and technology, with a special focus on the dangers of not properly securing identities and access credentials.
Question 1: Identity management isn’t just a practice for cyber vendors. For individuals, it is the discipline of protecting personal online identities. What do you see as the biggest challenge individuals face in protecting their online lives?
Answer: Individuals struggle to find time to implement methods to improve their #digitalidentity, such as #updatingdevices, changing #privacysettings, #backingupdata, creating strong passwords, and completing other #IDsecurity practices.
Question 2: The vast majority of data breaches that make headlines are the result of poor identity management. What is an example of a poor identity management practice?
Answer: Poor #identitymanagement can include a failure to thoroughly educate staff about #datasecurity, #ransomware, #phishingemails & other key #dataprotectiontopics; failure to enable #MFA; failure to enable user tracking, etc.
Question 3: 81% of hacking-related breaches use weak, stolen, or otherwise compromised credentials. What are some best practices for creating and storing strong passwords?
Answer: Use a #passwordmanager. Use a separate password for each account, service & device. #Passwords should be a string of characters of at least eight that include a combination of upper & lowercase letters & symbols. Be creative!
Question 4: Multi-factor authentication is an important tool for protecting your online identity, but it comes in many different forms. Is there a preferred form of multi-factor authentication that users should use?
Answer (1 of 2): #MFA should include at least two of these categories:
Something you know, i.e., passwords.
Something you have, i.e., smart cards, keys, or a PIN sent to a user’s device.
Something you are, i.e., a thumbprint or one’s face.
Answer (2 of 2): No form of #MFA is 100% safe. Choose a type that works for you and recognizes information only you know, have or are, such as a password combined with a smart card or a fingerprint.
Question 5: Bad actors may use #phishing attempts to steal credentials, or trick users into downloading malware. What are some red flags of a phishing attempt?
Answer: Don’t respond to messages asking you for personal data or money.
Look for misplaced characters or spelling & grammar errors. Watch URLs; avoid URLs that don’t start with https & sites not associated with the sender.
Question 6: Personal info shared online can be used by attackers to guess credentials or steal identities. How can you learn what personal information is out on the web? What are some best practices for keeping your personal information private and offline?
Answer (1 of 3): Consumers can start by typing in their name in a #searchengine to see what #personaldata is available. They can look for & try to remove #personalinfo on social media or other sites that they don’t want other users to see.
Answer (2 of 3): Consumers can view & manage their #data on their #Googleaccounts.
Go to your account.
Click “Data & personalization.”
Under “Things you create & do” click “Go to Google Dashboard.”
View & manage as needed.
Answer (3 of 3): Avoid downloading #apps that request too much #personaldata.
Update your #privacysettings on #devices, #apps, #webbrowsers, #onlineaccounts & more.
Question 7: Configuring security settings on accounts and devices is an important step in keeping your online identity safe. What are some key settings users should look for?
Answer (1 of 2): Key #privacysettings to configure on a device include enabling #autoupdates, turning off #geolocation as much as possible, restrict automatic #downloads, turning off your #mic & camera.
Answer (2 of 2): Key #privacysettings to configure in general accounts & social media include enabling multi-factor authentication (#MFA), only sharing your posts with friends & enabling alerts for new logins to your account.
Question 8: What is one security tip you would give to someone who is just starting to establish their online identity, whether it’s a child/tween, an elderly person or anyone else?
Answer (1 of 2): Remember that your data is priceless, and protect it with that in mind.
Don’t click on suspicious ads, attachments, or links because that can potentially enable a third party to access your data.
Answer (2 of 2): Ask yourself these questions before releasing your #personaldata:
- Why do they need my info?
- Where is my info going?
- How will my info be protected?
- How trustworthy is this person/org/program?
Question 9: What resources are available for individuals looking to manage their online identity?
Answer: Learn more about #IDMgmtDay: quanterion.com/id-mgmt-day
Access #identitymanagement tips for consumers: quanterion.com/id-mgmt-tips-for-consumers
Get tips to “Own Your Privacy” from a past @StaySafeOnline Twitter chat: quanterion.com/own-your-privacy-twitter-chat-responses
Question 10: Do you have any additional advice to share with the chat for #IDMgmtDay?
Answer: #Identitytheft is often only a click away. Never click a link or attachment from an unsolicited message. If your bank or healthcare provider messages you, visit its website directly rather than clicking a link in your email.