(The author is a Reuters contributor. The opinions expressed
are his own.)
By Mitch Lipka
May 5 You won't find security expert Michael
Chertoff doing silly everyday things like using public WiFi,
logging in with the same password on every site he uses,
clicking on dubious links or falling for a phishing scam.
Chertoff, former secretary of the U.S. Department of
Homeland Security and co-founder and chairman of The Chertoff
Group, a global security advisory firm based in Washington,
D.C., takes the job of protecting information, and the related
threats we all face, seriously.
From the vantage points of the various positions he's held,
the world looks a bit scarier.
"Malicious cyber activity is occurring on an unprecedented
scale with extraordinary sophistication," Chertoff says.
Indeed, even the casual observer likely is aware that users
of electronic devices place themselves and their confidential
information at risk. Hardly a month goes by between data breach
announcements - like those of AOL Inc and general crafts
retailer Michaels Stores in April - and alarming internet
attacks like the Heartbleed bug.
With an estimated 87 percent of American adults online,
according to Pew Research, that's a lot of people rolling the
dice with personal and financial information on their devices.
Some 11 million Americans were victims of identity theft
just last year, according to the U.S. Department of Justice.
While individuals can't prevent every sort of potential
incursion, Chertoff preaches the importance of "cyber hygiene"
as part of a routine to protect your turf.
"Eighty percent of cyber attacks are preventable if we all
practiced basic cyber hygiene, such as turning off your computer
at night and using complex passwords," he says.
You can either make it easy for the bad guys, or hard - and
it's not that difficult to make it hard, Chertoff says.
Come up with a different, complex password for every site
you use that has key information you wouldn't want shared. To
keep track of his own numerous passwords, Chertoff has a list,
but he's cautious about where he stashes it.
"It's in a safe place and not easy to find," he says.
He also has a strategy for sites that make you come up with
security questions for when you forget your password or log in
from a different computer. Chertoff prefers the ones that let
you make up your own questions and answers since the
possibilities are endless, as well as those that ask for an
answer that's an opinion (like who your favorite teacher was)
rather than a fact.
Using your mother's maiden name, the street you grew up on,
or the school you attended as a child are the sorts of things
that could easily be gleaned online, he says.
So, when he responds to formatted questions, they're never
the straight answer; they always have a twist. Just what the
twist is he won't say, but he suggests coming up with your own
spin to avoid tripping yourself up.
SAFETY ON THE ROAD
Public WiFi is just about everywhere we go, and it's
tempting to access when you are at a coffee shop, in a hotel
lobby or at an airport. But it's a temptation Chertoff rebuffs.
"I'm sure there are some hotel WiFi arrangements that are
more secure than others," he says. "But I'm not interested in
experimenting with myself to find out."
For the most part, Chertoff says, going onto public WiFi
opens the door wide to data theft. Anything you transmit, he
says, someone else can intercept.
"I've even seen professionals transmit sensitive material in
a lounge using free WiFi," Chertoff says. "It kind of takes me
It's the same with thumb drives, which can carry malicious
software. "I don't accept thumb drives from other people unless
I am going to use it as a key chain."
When he's traveling, Chertoff uses MiFi, a small device
available from most carriers that allows users to
password-protect access and use an encrypted connection.
SHOPPING AND SOCIALIZING
Chertoff shops online, but not just anywhere. He takes
common-sense precautions by going directly to whatever site he
wants to use rather than clicking a link that was emailed to
him. And it's important to be sure the connection is secure.
"I deal with online vendors I know to be reputable,"
Chertoff says. "I tend to repeat the same ones over and over
When it comes to social networks like Facebook, he says,
it's vital to take the step of evaluating what information
you're giving away when you're posting.
"The more data you put out about what you're doing, the more
information they have," Chertoff says.
Whether it's about when you're going on vacation or tidbits
of personal information, he says, those details can be converted
into opportunities to do anything from breaking into your home
to conning you or your friends.
In the end, we're all still vulnerable. It's just a matter
of how vulnerable.
"You can't completely eliminate the risk," Chertoff says.
"At least you're avoiding the obvious problems."
(Editing by Beth Pinsker and Bernadette Baum)