Digital 'spring cleaning'
Information is a valuable asset to online fraudsters and others: are you exposed?
In March 2020, former Prime Minister Tony Abbott posted a picture of his Qantas boarding pass for a flight back from Tokyo on Instagram. A security researcher was able to obtain his passport number and mobile phone number from the Qantas website based on this information, without any authentication. This example shows how easy it is to accidentally share more than you intend, and expose your confidential data.
Data analytics companies, including those hired by foreign governments, can amass public data and create a digital profile of you. Such a profile can be used in a malicious way to impersonate you, to launch social engineering attacks, or to perform targeted disinformation. Keeping your online presence at a minimum will help to thwart such attempts
In a recent example, a database leaked from a Shenzen-based company revealed that it had amassed public profiles of 2.4 million people, including more than 35,000 prominent Australians. It is believed that the profiles were mostly scraped using open source intelligence including social media and other public sources. It is believed that such a database is used by China's intelligence services.
Digital spring cleaning
Digital spring cleaning means reducing digital clutter and reducing the risks of impersonation and other threats. It is a once-a-year (or more regular) review of your digital footprint on the internet so that you and your family will be safe online and in real life.
Your digital checklist
- Check the privacy settings on Facebook, LinkedIn and other social media so that only trusted friends can view your personal posts.
- Review the list of friends who can view your private posts.
- Remove posts that may be excessively revealing (e.g., travel plans, family names and private information such as DOB), photos containing sensitive information such as driver's license, passport, boarding pass
- Unsubscribe from any mailing lists that may be sending advertisements or newsletters that you no longer require.
- If you are no longer using an online service delete all personal data and cancel the service.
- Check all your email addresses and current passwords on Have I been Pwned (haveibeenpwned.com).
- Change your password if found to be compromised.
PC, Applications, Browser
- Uninstall uneeded applications and browser plugins from PC as well as smart devices
- Update the Operating System (Windows, MacOS, iOS, Android, etc) with the latest upgrades and updates Delete browser cache and delete any old saved passwords. Consider using a password manager for generating and storing passwords.
- Delete old files from your devices that are no longer needed or contain sensitive information and take a backup. Securely dispose of old devices.