Is your email account secure with a 25-character, alpha-numeric complex password? If you say ‘yes', then you might need to go through the rest of the article because the right answer is, ‘no, not necessarily'.
The term ‘hacker' is normally associated with an individual living somewhere far off who uses complex tools and techniques and has immense knowledge of computer science. However, this person could just as well be a disgruntled colleague, or a total stranger you tagged as a friend on Facebook.
But does one always need complex tools to get illegal access? No, it can be done without them, especially when you're providing the access. Welcome to ‘social engineering'. Wikipedia says social engineering was once a social science term, but is more associated with computers and security today. It is defined as the act of manipulating people into performing certain actions or divulging confidential information. In this day and age, however, there is little need to manipulate a person to get personal information because all your actions are online — on the social media.
Let's look at a small illustration. Every email account has a ‘ Forgot your password?' facility designed for the rightful owners in case they forgot their password. Most of them identify you by a security question. This is something not everyone pays attention to, and naively keeps a simple one, something like, ‘ What's my dog's name?' And if your Facebook or Twitter update yesterday said, ‘ Fun time with my Fluffy' along with a picture of you and your pet, then you just gave someone an easy ticket to your personal email. Remember, access to your inbox means a little more than just a chance to read through your personal email.
Most email accounts, or even Facebook, have a chat feature that retains your chat transcripts. Your online bank account details/passwords are all at stake if you openly chatted about it with someone close, say a family member. All the hacker needs to do is sift through your chat history and dig gold out of it, quite literally.
It is easy to share information online; Facebook, Twitter and a million other sites make it easy to do so. But take a judgement call on what's worth sharing and what's not. It is not advisable to share what they call PII, or Personally Identifiable Information. Likewise, it is not advisable to place easily accessible information such as your pet's name as ‘security questions'.
Most online accounts provide a facility to track usage through mobile phones, record new activity, log usage from new machines, etc… Make the best use of them. Be proactive while adding friends on social networking sites; classify friends and total strangers. When you're sharing information on social media, be sure to choose your target audience and share it only with those who need to know. If you're highly active on the media, spend some time reading the security features of the website. In case of suspicious activity, proactively report it to the website administrators. When technology takes two steps to help humanity, it also enables malicious elements to take four.
(The author is a senior systems engineer at a leading Indian software services and consulting firm.)