Should I hide my personal information online?

by

I recently had a question asked of me, and I’ll try to sum it up here:

“If I’m going public and posting content on YouTube and other Social Media sites, how worried should I be about this increasing my vulnerability to hackers and getting compromised?  Should I be locking my personal Social Media Pages away from public view in lieu of my Public pages/presence?”

Now there are a number of things here I’m going to try and answer, but I think the quick response is you’re no more vulnerable today than you were yesterday if you haven’t changed anything on your accounts, home computer/network, devices, social media pages/accounts, etc. 

That being said, that’s also no guarantee that your not already vulnerable and ripe for the pickings!

Let’s get one thing straight, especially if you’re moving further into the public spotlight, you MUST protect yourself, your information, your devices, your privacy and your Internet of Things (IoT).  You SHOULD be doing these things anyway, the fact that you’re becoming more public and visible shouldn’t be the motivation for enhancing your security, it should be the motivation that your CONFIRMING that you’re safe and secure!  

Attacks, Hacks, Compromises, Phishing, Social Engineering and more are all around you and it’s not like these things are going to start showing up with a label simply because your more in the public eye now.

So, now that I’ve gotten that off my chest, here’s some things you should have in place or be doing, and if not, you really should consider!

Things you must make sure you have in place or must do:


 

Get your machine (PC, MAC or other Operating System) completely up to date and KEEP IT THERE.  Install updates, always.  Don’t wait, the developers didn’t write, test and deploy them for you to ignore them.  They saw a significant enough problem or risk to take the time to patch or counter it, so install updates.

BACK UP YOUR DATA!


I can’t stress this one enough!  And I’m not talking about one backup.  At a BARE MINIMUM you want to have at least TWO Different copies of your data on two different kinds of devices, and to truly be safe, use a Cloud backup service WITH A DIFFERENT PASSWORD THAT YOU DON’T USE ANYWHERE ELSE!


Now I can hear you all now, The Grumpy Sysadmin is just being over dramatic, paranoid, or worse…  I can honestly speak from professional experience, hacks do happen, and when they do (it’s not a matter of if, it’s a matter of when for most of us) you want to make sure you can recover from them!  Your talking to a person who personally recovered an entire Fortune 100 company division from a Crypto-Virus attack with ZERO Data loss within 72 hours (over a weekend), and I moved from Connecticut to South Carolina in the middle of it as well!  Good planning and proper protections is what allowed me to accomplish that by myself.

How many businesses in recent years have you heard have been locked out of their systems for months, lost all of their data, can’t recover customer information, gone out of business completely or bankrupt because of a hack they couldn’t recover from?  And I’m not talking about small businesses, I’m talking about municipalities, hospitals, major corporations and more!  It happens people!  Sticking your head in the sand, ignoring it, or blindly saying “That can’t happen” isn’t a recovery strategy!

BACK UP YOUR STUFF!

– Install, maintain and use proper, reliable and highly rated security software!


I know, software and these services are expensive.  I know a lot of not most of you, don’t want to have to “pay the man” or service to maintain your anti-virus definitions, malware protections, or other security aspects of your digital lives, but let me ask you this…  What is more expensive to you?  A couple of hundred bucks (if that) a year or untold thousands or tens of thousands spent trying to recover your identity should it get stolen, or who knows how much if your bank accounts get compromised and emptied?

Security software is simply a fact of life, like car and health insurance.  Think of these applications as the health insurance for your digital life.  You may never need them, may never really use them, but IF YOU DO, and they save you from a hack, crypto attack, or worse, you would be SOOOO happy you have them!

When I was working for a computer service provider, when we would warn a company over and over again to update their protections or backup systems, if they kept refusing and then something went wrong, there wasn’t enough money they could spend to get their systems or data back!  Usually at that point it was too late and they learned the hard way, updated their systems and protected them going forward, only then to realize the overall cost would have been significantly lower had they simply protected their systems and data properly in the first place!

Use Multi-Factor (or Two Factor) Authentication!


There are three factors (I won’t go too much into this, I have video’s on the GSA YouTube Channel on this)
– What you Know
– What you Have
– What you Are

The simplest thing are the first two in that list.  All modern Social Media, Banking, Financial and most other sites today employ MFA (Multi-Factor).  This is usually the normal User name and Password as well as a code generated by an app on your phone or an SMS message sent to your phone or tablet.  There are other factors and methods, but these are the most common.  The point here is that in order to get into an account, a hacker will need to compromise not only your user name and password, but they’ll also need to get the code off your phone or from the authenticator app on your phone.  This makes trying to hack an account protected this way significantly more difficult (notice I didn’t say impossible).  

You should be using MFA Everywhere it’s available!  There is no excuse not too, and no, because it takes me two clicks longer to login is not an excuse.

Use a different, complex and often changed password on every Internet site (private/personal and public/social media)

Remember above how I said there are two factors?  Just because you’re enhancing your security by utilizing MFA doesn’t mean you should make one of those factors meaningless or easy for someone to compromise. 


The biggest key to a good password is length and complexity.  Oh, and not using the same password everywhere.  Most people balk and this because that means they may have dozens of different complex and confusing passwords they will need to remember, but the simplest way to solve that is to have one very long and complex “master” password that only you know and utilizing a “Password Manager” to store all of your other passwords in.  That way you have the simplicity of only needing to remember one difficult password while maintaining different and very complex passwords for all of your other Internet sites and resources.  

There are many different password managers out there, there are even ones that are completely free, so there really is no reason why you can’t do this!  Get one of these password managers (I also have a review of the top password managers on the GSA YT Channel) and get more secure today!

Now, to get to the other questions.

Should you be locking or hiding your personal pages away from public view?

Starting off this isn’t really necessary as you need to build a following first, but it certainly can’t hurt anything to do as such.  Having your information public on your personal sites is not really any different on day two than on day zero and it’s not going to increase your vulnerability, but depending on how your following grows, how popular your content and public presence becomes, there may come a time when you certainly want to make sure that information is at least a little more difficult to find in the public eye. The ting to remember is “the Internet is Forever”.  It’s very difficult if not impossible to 100% scrub data from the Internet because of all the different caching sites, copies that are kept by who knows who, and more. Just be aware that if you post it on the Internet, it’s going to be there in some form FOREVER.  Services or individuals who claim that they can get rid of all traces of data are just false.  There’s no way of knowing every possible resource that’s ever scanned, cached or copied every bit of data, so there is no way to make sure with absolute certainty that it’s 100% truly and forever gone.

Looking for a Job? Um, the Internet is Forever

The best things you can do are exercise common sense, don’t post anything that you wouldn’t want found in the future, do your best effort to protect yourself, and give yourself a parachute or way out/recovery plan (backups) for when the worst does happen!