On Tuesday, AntiSec, the hacker cooperative of Anonymous and former LulzSec members, took credit for attacking Universal and Viacom, releasing personal data, such as passwords from the Universal Music Website, and confidential Viacom information.
This got me thinking — is there any real way for people to protect themselves from hacking? Corporate or government attacks are one thing; truly, these entities need to take security seriously, otherwise there’s little any one person can do about their work accounts being breached. But several hacks this year have also resulted in the leak of personal data.
At home, the conventional wisdom is to lock down your Wi-Fi networks, run security software and never, ever click on links from people you don’t know (or even links from people you know, but that look strange). But if the target is not you directly, but a trusted service provider, that’s a tougher proposition. As end users, there’s nothing we can do about the security of the companies we deal with (and even less we can do about any personal data stored at the government level). But individually, we can take certain steps to minimize potential damage in the face of certain types of attacks.
For example, when I sign up for an account, I rarely submit my main e-mail address. I use a secondary “junk” email address, one that holds no confidential information. And if I need to pay for things, I never use a bank account or debit card to fund it. In fact, I’ve got a temporary credit card number for just this purpose. (One of my credit services companies lets cardholders create a secondary number off their primary account, so users can set a lower limit and even a shorter expiration date. If the account is compromised, then the lowered limit minimizes fraud before it even occurs.) Even though credit card companies don’t usually hold customers responsible for fraudulent charges, having real numbers released into the wild can be a huge headache. And lastly, I vary passwords across different services. That way, one breach doesn’t result in a massive compromise of accounts.
These measures don’t safeguard me completely — I’m not really sure anything can, apart from living a cash-only, offline lifestyle — but at least it offers an additional layer of protection that can stand up to certain types of attacks or leaks.
Are you doing anything special to keep your data secure? How would you advise others who are concerned about keeping their private information from landing in the wrong hands?