News

Actions

The extreme ways people protect themselves from hacks

Posted at 7:36 AM, Nov 28, 2018
and last updated 2018-11-28 10:22:30-05

When Dave Weinstein worked in a government job a few years back, he took an extreme measure to keep his data secure from hackers. He and his co-workers physically removed the hard drives from their computers and locked them up in a safe at the end of the day.

While that level of security isn’t always necessary, the possibility of having your credit card stolen or misued, suffering from identity theft or getting hacked is on the rise. And people like Weinstein are finding creative ways to protect their passwords and devices.

Facebook CEO Mark Zuckerberg famously covers up his laptop’s webcam with a sticker, a practice that is increasingly common, and most people now know not to use the same password for all their accounts. Some security experts are taking personal protection even further.

Now the vice president of threat research at Claroty, an industrial cybersecurity company, Weinstein uses at least two different identity-theft protection subscriptions, such as Experian, Equifax or Lifelock, to ensure that his information isn’t being compromised or sold online.

These services monitor financial data such as credit card information, loan applications and bank accounts to ensure that information isn’t being compromised or sold online.

Weinstein’s security practices are far from rare. Wendy Nather, director of advisory chief information security officers at Duo Security, has a clever trick to thwart would-be hacks.

“I use a different credit card to make automated [bill] payments online than I do for purchases on the street,” Nather said.

Nather keeps things separate so that if her everyday credit card is breached, she doesn’t have to change the card for each of her automated payments. It also minimizes the potential damage a hacker can do because it’s not tied to any important online accounts.

Others focus on compartmentalizing areas of their lives such as using different physical computers for work and personal use, or create separate digital accounts for working, shopping and banking.

Nather said she’s even known people who will only do certain tasks on paper and keep it locked in a safe.

Kevin Kosh, a partner at CHEN PR which represents tech companies, uses a Google voice number — not his mobile number — to receive two-factor authentication texts. Two-factor authentication requires using a one-time code to access accounts, in addition to a password.

His logic is that if you ever change your SIM card — like when you get a new phone or change carriers — there’s no connection to your sensitive information.

Nather and Weinstein are also big advocates of keeping mobile software up to date for bug fixes and security patches.

Weinstein said he’s known some people who completely eliminate email due to the high risk of phishing and malware.

Although that’s not a reasonable fix for most people, he noted one area in which people could adopt a more cautious approach is with home routers.

“Most people get them through their internet service provider and they don’t necessarily prioritize security,” Weinstein said. “Consider purchasing a home router as you would any other technology that you care about. It’s more than just giving you wireless access. Security needs to be part of the equation.”

These routers are easily hacked and can provide access to sensitive information because most people feel safe using computers on a protected network.

But Weinstein cautioned against taking every extreme security precaution, such as using personal servers for email.

“It’s the thing people do to be secure and then it ends up backfiring,” he said. “Unless you have a state-of-the-art facility and 24/7 operation center backing it, you can’t compare the level of security to something as commoditized as Gmail.”

Nather agrees, noting “if you’re sufficiently paranoid, you can never prove to yourself that you’re safe.”

She said there are some things that should be done off the bat, such as 2-factor authentication and loading passwords into a password manager. But “unless you know you’re at high-risk of being targeted, say a government official or high-placed executive, you’re probably not going to be.”