Protecting your virtual assets

Remember that high school kid that used to break into everyone’s lockers to steal your stuff?

Guess what, he’s now an adult and he still steals – only this time, it’s your virtual assets he’s after: your domains, your emails, access to your bank and credit card accounts. This kid simply changed the size of the game but the rules remain the same: he’s still a thief and you’re still the potential victim.

Welcome to the wonderful world of intangible property theft.

As I am typing this, there is a chance that a keystroke-recording program is storing my text, beams it out to an online location to be dissected later by unscrupulous thieves. When I hit submit to my e-mail, it can be copying its contents to someone else. While I am checking my bank account balance on my laptop from the living room via wifi, some person might be getting a nice view of it while web surfing on my dollar.

There are several rules that you must observe, to avoid such trouble; each and every one of them will make such an unfortunate situation less probable. I’ve compiled a list of rules, and the list grows larger by the day; the more we rely on technology, the faster we become a target.

• Install an anti-virus, firewall and anti-scumware application. There are lots on the market, some are free and some have extensive features that make the purchase of the full version worthy. If you run a business, such an expense is a write-off as well.
• Never use a wireless connection for logging onto your bank account. If you must, enable secure connections with long keys and disable wifi at your router when not in use. Absolutely do not use an Internet cafe for that purpose.
• Passwords are there for a reason: to provide privacy and access only to you. Do not use the same password across different accounts and forums. If it gets compromised, your entire online social activity will get compromised also. Make passwords hard to guess: use upper, lower case, numbers and symbols. Always use the maximum length allowed. For authorization questions stored alongside passwords, such as “Where are you located?” never answer the obvious but always give a surreal, unrelated answer e.g. “popsicles”. Never store your unencrypted passwords on electronic media, such as your PC; write them down on paper instead.
• Communication is essential. There are several instant message programs, such as Yahoo, MSN, AIM, ICQ etc. They offer convenience and they are quite often compromised by off the shelf tools that can scan your computer for vulnerabilities, often taking control of it. As a rule of thumb, avoid using them altogether for business; or at least, avoid talking to strangers or people you cannot trust 100%.
• Your domain Registrar offers the default tools of locking down domains, utilizing email alerts and other such precautionary measures to avoid losing domains. Lock your domains and consider registering the most valuable ones for several years in advance. There is nothing worse than an expired domain you lost due to negligence of your own.
• Never fall for the social engineering attempts either. When you get a call from your bank or the web host or someone who claims to be of a certain authority, do not provide any information. Ask who they are and tell them you will call back. If they provide you with a phone number, make sure it’s the official number of the institution that is listed at their web site. Never reveal your social security number or your bank account number.
• Online forums that offer the ability to trade are a haven for scammers to proliferate. If they ask for money to be transfered via Western Union or eGold, avoid them like the plague. Paypal does not offer a comprehensive protection either. For large amounts of money in transactions with strangers, prefer escrow services, such as Escrow.com, Moniker’s escrow, or Sedo’s escrow – or seek payment to be made via bank wire. Always, research the background of the traders and avoid “comets” that appear out of nowhere. Remember: if a deal is too good to be true, it probably is just that!
• Always shred documents such as old bills, bank offers, legal papers, credit card documents – never toss them intact or cut up in the trash. The easiest way for thieves to gain access to your information is by picking your trash apart. For the same reason, never leave your outgoing mail in the mailbox to be picked up. Don’t be lazy, drop it off directly at the post office facilities.
• Lastly, if you attend a convention party, be careful about having too many drinks and start disclosing personal information to that beautiful person that came out of nowhere. Social engineering via sexual attraction has worked since the days of Adam, when Eve bit the apple and gave it to Adam, with a kiss. God, being the keeper of the Eden BBS was mighty angry and instantly banned them both. 🙂

Humor aside, your virtual assets control your tangible assets. You’re responsible for being careful and prudent about the ways that will keep them safe. This way, you can sleep at night, without having bad dreams about an empty account.