SYDNEY, 14 May 2018 — Ping Identity, the leader in Identity Defined Security, today issued seven best practices for managing security and privacy in observation of Privacy Awareness Week taking place this week. The annual initiative promotes and raises awareness of privacy issues, as well as the importance of protecting personal information.
Digital business is helping organisations engage with their customers anywhere and at any time. These new personalised interactions, however, are often coming at the price of privacy. According to Ping Identity’s Mark Perry, APAC chief technology officer, the following steps can help consumers protect their identities and privacy.
1. Don't reuse passwords. Take into consideration that your most important passwords are those for email, banking and ecommerce services like PayPal and eBay—all outlets that fraudsters will potentially target. The passwords for these more important services should be different from those used for others, and should be complex.
2. Create a secure password. Instead of defaulting to commonly used or easily guessed passwords, password generators can help create and maintain complex variations. If you don’t have access to a password generator, leverage the password policies from the companies you work with to create something memorable. For example, string together three or four words, replacing vowels with numbers.
3. Use two-factor authentication. Many organisations offer the choice to use some form of multi-factor authentication (MFA) for customers via push notifications to a mobile application. When available, use these second authentication factors, such as SMS, email, push notifications to access your accounts. This small, secure action makes it more difficult for fraudsters to figure out your password.
4. Stop before you share. When registering for online services, think twice about sharing personal data that could be used for identity theft. If an online quiz asks for your birthdate, for instance, perhaps supplying 1 January with the correct year is good enough. It’s less likely to impact you later. Similarly, password reset questions like "mother's maiden name" need not be answered with the real data unless it's an important service like your bank or a government entity.
5. Stay safe on social. On social media platforms, think carefully before granting access to your data. If the application or service is asking for unreasonable levels of access, like your profile, phone number, email address, friends list, the microphone and SMS messages, reconsider if you really need to use it. Also, review the list of apps that have access to your social media profile, and remove this access where you no longer use a particular service.
6. Be skeptical. Treat unsolicited calls claiming to be from your phone company or internet supplier with the skepticism they deserve, and definitely don’t install any software recommended by these parties.
7. Don’t reveal passwords on the phone. Never share account passwords over the phone with customer care representatives. Furthermore, it’s wise to avoid sharing them via email or text as well, because they become vulnerable to being stolen by unscrupulous individuals. In general, using multi-factor authentication is more secure than verbal details or passwords. When leveraging MFA, service providers should offer detail on what needs to be approved in their notifications to customers, such as “a representative would like to verify your identity.” This way, hackers can’t socially engineer ways to get customers to reveal one-time passcodes.
“Consumers are increasingly concerned about how their personal data is used and shared. It’s become a critical competitive requirement that leading brands not only provide privacy and consent options, but also make these options user friendly. If the customer can’t easily find or use them, they might as well not exist,” said Perry. “Having a customer identity and access management solution in place can play a critical role in ensuring customer confidence, as well as compliance with privacy regulations across all the jurisdictions in which a business operates.”
Click here to learn how Ping Identity’s solutions can help enterprise organisations balance personalisation and privacy: https://www.pingidentity.com/en/resources/client-library/executive-briefs/3164-balance-personalization-and-privacy.html
About Ping Identity | The Identity Security Company
Ping Identity envisions a digital world powered by identity. As the identity security company, we simplify how the world’s largest organisations prevent security breaches, increase employee and partner productivity and provide personalised customer experiences. Enterprises choose Ping for our identity expertise, open standards leadership, partnership with companies like Microsoft, Amazon and Google, and collaboration with customers like Boeing, Cisco, GE, Kraft Foods, Walgreens and over half of the Fortune 100. The Ping Identity Platform allows enterprises and their users to securely access cloud, mobile and on-premises applications while managing identity and profile data at scale. Architects and developers have flexible options to enhance and extend their existing applications and environments with multi-factor authentication, single sign-on, access management, directory and data governance capabilities. Visit: http://www.pingidentity.com
Ping Identity Contacts
Ping Identity Corporation
Follow Us on Twitter: @PingIdentity
Join our LinkedIn Group: https://www.linkedin.com/company/ping-identity
Subscribe to our YouTube Channel: https://www.youtube.com/user/PingIdentityTV
Like Us on Facebook: https://www.facebook.com/pingidentitypage
Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.
Cybersecurity Insights - Attack
No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?
Cybersecurity Insights - People
Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.