Ping Identity, the leader in Identity Defined Security, today issued seven best practices for managing security and privacy in observation of Privacy Awareness Week taking place this week. The annual initiative promotes and raises awareness of privacy issues, as well as the importance of protecting personal information.
Digital business is helping organizations engage with their customers anywhere and at any time. These new personalized interactions, however, are often coming at the price of privacy. According to Ping Identity’s Mark Perry, APAC chief technology officer, the following steps can help consumers protect their identities and privacy.
1. Don’t reuse passwords. Take into consideration that your most important passwords are those for email, banking and ecommerce services like PayPal and eBay—all outlets that fraudsters will potentially target. The passwords for these more important services should be different from those used for others, and should be complex.
2. Create a secure password. Instead of defaulting to commonly used or easily guessed passwords, password generators can help create and maintain complex variations. If you don’t have access to a password generator, leverage the policies from the companies you work with to create something memorable. For example, string together three or four words, replacing vowels with numbers.
3. Use two-factor authentication. Many organizations offer the choice to use some form of multi-factor authentication (MFA) for customers via push notifications to a mobile application. When available, use these second authentication factors, such as SMS, email, push notifications to access your accounts. This small, secure action makes it more difficult for fraudsters to figure out your password.
4. Stop before you share. When registering for online services, think twice about sharing personal data that could be used for identity theft. If an online quiz asks for your birthdate, for instance, perhaps supplying January 1 with the correct year is good enough. It’s less likely to impact you later. Similarly, password reset questions like “mother’s maiden name” need not be answered with the real data unless it’s an important service like your bank or a government entity.
5. Stay safe on social. On social media platforms, think carefully before granting access to your data. If the application or service is asking for unreasonable levels of access, like your profile, phone number, email address, friends list, the microphone and SMS messages, reconsider if you really need to use it. Also, review the list of apps that have access to your social media profile, and remove this access where you no longer use a particular service.
6. Be skeptical. Treat unsolicited calls claiming to be from your phone company or internet supplier with the skepticism they deserve, and definitely don’t install any software recommended by these parties.
7. Don’t reveal passwords on the phone. Never share account passwords over the phone with customer care representatives. Furthermore, it’s wise to avoid sharing them via email or text as well, because they become vulnerable to being stolen by unscrupulous individuals. In general, using multi-factor authentication is more secure than verbal details or passwords. When leveraging MFA, service providers should offer detail on what needs to be approved in their notifications to customers, such as “a representative would like to verify your identity.” This way, hackers can’t socially engineer ways to get customers to reveal one-time passcodes.
“Consumers are increasingly concerned about how their personal data is used and shared. It’s become a critical competitive requirement that leading brands not only provide privacy and consent options, but also make these options user friendly. If the customer can’t easily find or use them, they might as well not exist,” said Perry. “Having a customer identity and access management solution in place can play a critical role in ensuring customer confidence, as well as compliance with privacy regulations across all the jurisdictions in which a business operates.”