The Equifax factor

The Ritcey Report

October 5, 2017

Your personal information is under threat.

Equifax Inc. is a consumer credit reporting agency. Equifax collects and aggregates information on over 800 million individual consumers and more than 88 million businesses worldwide. The company announced recently that a massive Cyber attack in the summer may have compromised the personal data – held on their database – covering 143 million Americans and an undisclosed number of Canadian residents.

This incident, increasingly familiar to many of us who pay attention to these things, highlights a disturbing issue. No form of electronic communication handled by commercial companies can now be assumed to be secure. What can you do?

Leaving a trail

The honest answer is that there’s no comprehensive solution: if you are going to use telephones (mobile or landline) and the Internet then you are going to leave a trail.

Only the most naïve among us could possibly imagine that we’re not being watched. This is not paranoia; it’s common sense. What we’ve learned from the Edward Snowden leaks is that the scale and capability of the NSA surveillance are much greater than anyone imagined.

Most people had assumed that many non-encrypted communications were vulnerable and some speculated that some encrypted communications (e.g. Skype) had a hidden backdoor for the NSA.

But nobody realized that, all the encryption technologies routinely used to protect online transactions (https, SSL, VPN and 4G encryption), plus anything going through Google, Microsoft, Facebook and Yahoo, have been compromised. Still, there are some steps you can take to make your communications less insecure and your trail harder to follow. Here are 10 ideas you might consider:

1. Email

Rethink your email setup. Assume that all ‘free’ email and webmail services are suspect. Check that your organization has not quietly outsourced its email and IT systems to Google or Microsoft.

2. Encryption

Encryption used to be the sole province of geeks and mathematicians, but a lot has changed in recent years. In particular, various publicly available tools have taken the rocket science out of encrypting (and decrypting) email and files. This is a vast subject but if you Google ‘encrypting email’ you’ll find some insights and options.

3. Web browsing

Since browsing is probably what Internet users do most, it’s worth taking browser security and privacy seriously. If you’re unhappy that your clickstream (the log of the sites you visit) is in effect public property as far as the security services are concerned, you might consider using freely available tools such as Tor Browser to obscure it.

4. Cloud services

The message of the Snowden revelations is that you should avoid all cloud services that are based in the US, the UK, France and other jurisdictions known to be tolerant of NSA-style snooping. Your working assumption should be that anything stored on such systems is potentially accessible by others. And if you must entrust data to them, make sure it’s encrypted.

5. File storage and archiving

An option that an increasing numbers of people are exploring is running their own personal cloud service using products such as PogoPlug that provide Dropbox-type facilities, but on internet connected drives that you own and control. And if you carry around confidential data on a USB stick, make sure it’s encrypted.

6. Social networking

Reconsider Facebook. If you must use it, don’t put your date of birth on your profile. Why give identity thieves an even break? And remember that, no matter what your privacy settings, you don’t have control over information about you that is posted by your ‘friends’.

7. Location data

Avoid using services that require location information.

8. Wireless services

Similarly, beware of using open WiFi in public places.

9. Personal security

Forget password, think passphrase i.e. a meaningless sentence that you will remember. Do some transformations on it (first and third letters of every word maybe) so that you can generate a stronger password from it every time. Or use a password-management app like LastPass.

10. Search engines

The big search engines, without exception, track your search history and build profiles on you to serve you personalized results based on your search history. If you want to escape from this ‘filter bubble’ you need to switch to a search engine that does not track your inquiries. The most obvious one is the bizarrely named DuckDuckGo.

Conclusion

Sadly, Cyber security is a bit like climate change and global warming. We want to protect ourselves from surveillance but so much of what we’ve already done to compromise our privacy – and our environment – is irreversible.

Dave Ritcey, The Ritcey Team, Scotia Wealth Management