(The author is a Reuters contributor. The opinions expressed are his own.)
By Mitch Lipka
May 5 (Reuters) - You won’t find security expert Michael Chertoff doing silly everyday things like using public WiFi, logging in with the same password on every site he uses, clicking on dubious links or falling for a phishing scam.
Chertoff, former secretary of the U.S. Department of Homeland Security and co-founder and chairman of The Chertoff Group, a global security advisory firm based in Washington, D.C., takes the job of protecting information, and the related threats we all face, seriously.
From the vantage points of the various positions he’s held, the world looks a bit scarier.
“Malicious cyber activity is occurring on an unprecedented scale with extraordinary sophistication,” Chertoff says.
Indeed, even the casual observer likely is aware that users of electronic devices place themselves and their confidential information at risk. Hardly a month goes by between data breach announcements - like those of AOL Inc and general crafts retailer Michaels Stores in April - and alarming internet attacks like the Heartbleed bug.
With an estimated 87 percent of American adults online, according to Pew Research, that’s a lot of people rolling the dice with personal and financial information on their devices.
Some 11 million Americans were victims of identity theft just last year, according to the U.S. Department of Justice.
While individuals can’t prevent every sort of potential incursion, Chertoff preaches the importance of “cyber hygiene” as part of a routine to protect your turf.
“Eighty percent of cyber attacks are preventable if we all practiced basic cyber hygiene, such as turning off your computer at night and using complex passwords,” he says.
You can either make it easy for the bad guys, or hard - and it’s not that difficult to make it hard, Chertoff says.
Come up with a different, complex password for every site you use that has key information you wouldn’t want shared. To keep track of his own numerous passwords, Chertoff has a list, but he’s cautious about where he stashes it.
“It’s in a safe place and not easy to find,” he says.
He also has a strategy for sites that make you come up with security questions for when you forget your password or log in from a different computer. Chertoff prefers the ones that let you make up your own questions and answers since the possibilities are endless, as well as those that ask for an answer that’s an opinion (like who your favorite teacher was) rather than a fact.
Using your mother’s maiden name, the street you grew up on, or the school you attended as a child are the sorts of things that could easily be gleaned online, he says.
So, when he responds to formatted questions, they’re never the straight answer; they always have a twist. Just what the twist is he won’t say, but he suggests coming up with your own spin to avoid tripping yourself up.
Public WiFi is just about everywhere we go, and it’s tempting to access when you are at a coffee shop, in a hotel lobby or at an airport. But it’s a temptation Chertoff rebuffs.
“I‘m sure there are some hotel WiFi arrangements that are more secure than others,” he says. “But I‘m not interested in experimenting with myself to find out.”
For the most part, Chertoff says, going onto public WiFi opens the door wide to data theft. Anything you transmit, he says, someone else can intercept.
“I’ve even seen professionals transmit sensitive material in a lounge using free WiFi,” Chertoff says. “It kind of takes me aback.”
It’s the same with thumb drives, which can carry malicious software. “I don’t accept thumb drives from other people unless I am going to use it as a key chain.”
When he’s traveling, Chertoff uses MiFi, a small device available from most carriers that allows users to password-protect access and use an encrypted connection.
Chertoff shops online, but not just anywhere. He takes common-sense precautions by going directly to whatever site he wants to use rather than clicking a link that was emailed to him. And it’s important to be sure the connection is secure.
“I deal with online vendors I know to be reputable,” Chertoff says. “I tend to repeat the same ones over and over again.”
When it comes to social networks like Facebook, he says, it’s vital to take the step of evaluating what information you’re giving away when you’re posting.
“The more data you put out about what you’re doing, the more information they have,” Chertoff says.
Whether it’s about when you’re going on vacation or tidbits of personal information, he says, those details can be converted into opportunities to do anything from breaking into your home to conning you or your friends.
In the end, we’re all still vulnerable. It’s just a matter of how vulnerable.
“You can’t completely eliminate the risk,” Chertoff says. “At least you’re avoiding the obvious problems.” (Editing by Beth Pinsker and Bernadette Baum)