YOUR ATTACK SURFACE
Attack surface? Your online attack surface is comprised of your online access points and accounts that are susceptible to threat, vulnerability and cyberattack. Given the abundance of information about you on the internet, you will never be able to reduce your attack surface to zero. But there are steps you can take to shrink your attack surface and make your offline self much less vulnerable to online hacking and cybercrime. Here are my recommendations for condensing your attack surface, renewing your cybersecurity awareness, and protecting you and your data, online and offline.
IF YOUR CAN’T BEAT THEM, JOIN THEM
Brianna Wu, a game developer from Massachusetts, recently stated the obvious:
“I can tell you the cheapness and the availability of information you can get about anyone online would shock you.”
After years of being online, there’s unquestionably a goldmine of data on the web about you, your family, and your business. Your social media accounts, your WHOIS profile for your website, and any site where you have shared personal information about yourself, all potentially make easy pickings for the skilled hacker. One solution is to dox yourself. Put simply, this means searching for data about you just as a hacker would. And it’s easy. Just open an incognito window in Google or another browser and search for information about yourself such as your name plus address, name plus mobile number, name and birthday, and other combination. This will reveal exactly what cybercriminals can get their hands on and where you are vulnerable to hacking and identity theft. While each data source may not look like a huge privacy risk, combing information from different sources can give hackers untold opportunities to steal your data and identity.
OPT OUT AND STAY OUT
Opting out from mailing lists, subscriptions, and needless services can significantly condense your attack surface. Use a data-removal surface such as DeleteMe to find out which data brokers are selling your personal information and provide you with a set of opt out instructions from dozens of data brokers. Check the status of your subscriptions regularly to ensure that you remain opted out. Savvy data brokers are sneaky and can sometimes reinstate your personal information on platforms without your knowledge or consent.
CLEAN UP YOUR SOCIAL MEDIA ACCOUNTS
Facebook, Instagram, LinkedIn, and Twitter accounts contain a wealth of information that can easily be accessed or stolen by hackers. Protect yourself by scrubbing your social media accounts and minimize your attack surface. Limit what strangers can see from your profile. Data-minimization steps for your profile include not including your street address, phone number, or year of birth. It’s not rocket science – simply don’t post anything publicly that you don’t want to share, be seen, or get stolen.
If you have a registered domain, you would have needed to provide WHOIS with some personal details. You don’t need to make this information public and any domain registrar worth their salt should publicly display their contact information instead of yours.
2FA IS VITAL
This may be obvious but 2-factor authentication (2FA) does a lot to reduce your attack surface and secure your online accounts. While a USB security key may sound extreme, it is the safest form of 2FA, which is a special USB key that you cryptographically associate with an account and then plug into a computer, wirelessly, or telephonically, to confirm a new login. You can also use Google Authenticator and, of course, most secure sites such as Amazon, other retailers, banks, and social media platforms apply 2FA.
I’M HERE TO HELP
I hope that my words have been a bit of a wake up call regarding your online safety and security. Should you need help in shrinking your attack surface and staying safe online and offline, please contact me. With over 20 years’ experience in cybersecurity and risk mitigation, I’m here to help.