The art of war has evolved dramatically with the advent of contemporary technologies. One thing about war, however, hasn’t changed. To win a war, it’s still essential to keep the true strength of your forces and the extent of your arsenal hidden from your opponent. The most important military secrets are only disclosed to the select few who can be trusted to carry out the mission.
For this reason, the US government can’t divulge complete information about its tools and tactics for the national defense to the people it is sworn to serve. So there must be at least some instances when weapons of war have been developed and deployed without the knowledge of the American populace (or the rest of the world).
But what if the opponent of the military-industrial complex, having acquired unwarranted influence, became its own people? What fantastic secrets of kinetic, psychological, biological, and energetic warfare might then be hidden well below the surface of public knowledge?
At least some aspects of the existence and operational parameters of the following 10 weapons have made their way into general awareness. Yet their development begs the question: What other tools of death and destruction might be lurking in the shadows, utterly obscured from the public eye?
10 Directed Energy Weapons
Directed Energy: The Time for Laser Weapon Systems has Come
The Greek mathematician Archimedes may have made history over 2,000 years ago as the first person to ever use a directed energy weapon. According to a mysterious legend, during the Roman invasion of Syracuse, Archimedes rapidly constructed a hexagonal mirror when the Roman admiral Marcellus moved his ships out of the range of bowshot.
Archimedes was apparently able to capture the energy of the Sun and reflect it onto the ships, setting them ablaze and causing them to sink within minutes. MIT students were able to recreate this effect in 2005 but noted that their mirror was only capable of effectively burning a stationary target.
Though scientific knowledge has advanced a great deal since the days of Archimedes, the underlying theoretical principles of directed energy weapon (DEW) technology remain the same. A DEW inflicts damage from a distance by firing an intensely concentrated beam of energy toward a target.
Different types of DEWs fire different types of energy, but the most popularized form of directed energy weapon in use today is the high energy laser (HEL). These DEWs are just like the lasers seen in science fiction movies. They fire a soundless beam of energy, invisible at certain frequencies, that can incinerate a target from hundreds of miles away.
HELs have been developed by contractors like Lockheed Martin for use in missile defense and space war, but some believe that these weapons might have been designed with much more sinister purposes in mind.
During the Thomas Fire that ravaged California in December 2017, many witnesses and researchers noted property damage that seemingly defied every preconceived notion of how a wildfire should behave. Though wildfires use foliage to spread, entire blocks of houses burned to the ground while the surrounding trees remained untouched.
Though no official explanation of this anomalous phenomenon is forthcoming, multiple witnesses across California recorded video of beams of light coming down from the sky as the blaze spread across the state. Given the fact that HELs are commonly mounted on the nose cones of planes, some have concluded that the mayhem wreaked by the Thomas Fire was boosted with directed energy weaponry.
9 Long Range Acoustic Devices
USA: Sound cannon blasts curfew defiant protesters in Ferguson
A new type of crowd control weapon came to the fore during the Ferguson, Missouri, protests of 2014. As an active demonstration of the newfound capabilities of an increasingly militarized American police state, countermeasures employed by the Ferguson Police Department to quell civil unrest included the use of LRAD sound cannons.
Capable of projecting voice commands over a distance of 5.5 miles (9 kilometers), a Long Range Acoustic Device (LRAD) inflicts grievous bodily pain upon anyone within 330 feet (100 meters) of its sound path. LRAD manufacturers are careful to call their products “devices” rather than “weapons” for public relations reasons, but anyone who has endured the effects of an LRAD is well aware of the difference between the truth and the spin.
Just ask the US diplomats stationed in Cuba who recently started losing their hearing. Soon after the detente between the United States and Cuba that transpired in 2015, diplomats deployed to the newly reopened US embassy on this Caribbean island nation started reporting a sudden and permanent loss of hearing.
US investigators concluded that the diplomats had been hit with an advanced and unnamed acoustic device that doesn’t make any audible sound but causes irreparable damage to the ears and brain of anyone in its path. This incident was considered so serious that the United States expelled two Cuban diplomats from their embassy in Washington.
However, the exact nature of this LRAD-like device and the identity of the agents responsible for its use on American officials are still unknown. If a sonic weapon was indeed used on US diplomats in Cuba, this would be an unprecedented incident in the history of international relations.
8 Low-Frequency Microwave Mind Control
Microwaves suspected in attacks on US diplomats in Cuba and China
The apparent sonic attacks on the US embassy in Cuba rekindled decades-old fears about a different kind of secret weapon. In 1965, at the height of the Cold War, the Pentagon discovered that the Soviets were blasting the US embassy in Moscow with extremely low-frequency (ELF) microwave radiation.
While far too weak to cook anything, it was determined that the so-called Soviet Signal carried the possibility of affecting the health or altering the behavior of the embassy staff. Instead of doing anything to stop it, the Pentagon decided to study the potential effects of the signal and attempt to mimic them back home.
DARPA, then a freshly-minted branch of the Department of Defense, subsequently founded an initiative called Project Pandora and began researching the effects of ELF microwave radiation on primate subjects. Though the results were inconclusive, project leader Richard Cesaro remained convinced until Pandora’s disbanding in 1969 that ELF radiation posed a serious threat to the national security of the United States.
The Pentagon never figured out what the Soviets were up to at the American embassy and opted to solve the situation by wrapping the embassy in a building’s equivalent of a tinfoil hat: An aluminum screen was erected to surround the perimeter of the complex.
Though DARPA may have closed the case on ELF radiation in 1969, studies have since indicated that low-frequency microwave and radio waves may indeed have a deleterious effect on the human body. It’s even been demonstrated that the signals emitted and received from cell phones have an effect on the functioning of the mind that frequently shows itself in the disruption of natural sleep cycles.
Today’s world is absolutely saturated by invisible signals that keep us connected and informed. But how much do we truly know about this all-pervasive radiation and how it might be affecting our health and even our thoughts?
7 Heart Attack Guns
SYND 7 9 75 CIA DIRECTOR WILLIAM COLBY BEFORE SENATE COMMITTEE
In the wake of the Watergate scandal of the early 1970s, Democratic Senator Frank Church led a committee dedicated to getting to the bottom of any actions perpetrated by the CIA that may have violated the charter of this secretive intelligence agency. It was believed that the CIA had accrued undue unilateral power under the pretext of the Cold War, and the Church Committee was assembled to expose this nefarious plot to the American people.
Though history shows us that the attempts of the Church Committee to curb the totalitarian zeal of the CIA were all but ineffective in the long run, a few interesting findings were uncovered during the course of this 1975 investigation. One such discovery was the so-called “Heart Attack Gun,” a modified pistol that was capable of delivering a nearly undetectable but absolutely lethal dose of shellfish toxin into the body of a distant target.
The darts fired by this soundless gun would theoretically leave a pinprick no larger than a mosquito bite and dissolve almost instantly into the tissues of the body after delivering a payload so poisonous that the target would be almost guaranteed to have a heart attack within moments. It’s unknown whether or not the “Heart Attack Gun” was ever used, but for all we know, it could still actively be in use today.
6 Magneto Hydrodynamic Explosive Munitions
Explosively Formed Penetrators | Combat Tech
In Arthur C. Clarke’s book Earthlight, the legendary science fiction author of the 20th century conceives of a futuristic weapon that uses electromagnetism to propel a jet of molten metal miles into space, spearing and destroying an attacking battleship. This type of armor-piercing weapon isn’t entirely unheard of. Since World War II, various arms manufacturers have supplied combatants with tools of war called self-forging penetrators (SFPs).
Making use of a chemical explosion and a metal liner, SFPs propel themselves at an armored vehicle and then change their shape to penetrate the target. However, conventional SFPs are inefficient and hard to use, giving rise to the demand for a more effective armor penetration weapon.
DARPA has developed a specialized projectile to fit this niche called the Magneto Hydrodynamic Explosive Munition (MAHEM). Using electromagnetism to form and direct a sustained jet of molten metal at an armored target, MAHEM is much more adaptable than a conventional SFP and closely resembles the fictional weapon featured in Earthlight.
Beyond these basic details, not much is known about this secretive military project. However, China’s Nanjing University of Science and Technology has apparently reverse engineered MAHEM for its own purposes.
As with many other aspects of the shadowy war for global supremacy currently being waged between the superpowers of the East and West, the full details surrounding the development and deployment of this fearsome weapon may never fully filter their way into the public awareness.
5 Biological Weaponry
Between 1949 and 1969, the United States military tested biological weapons on its own people without their knowledge or consent. One such experiment occurred in 1950 when a US Navy ship sprayed billions of tiny microbes into the atmosphere over San Francisco, causing a massive upsurge in illness and potentially killing one resident.
Another took place in the subway system under New York City in 1966 when researchers dropped light bulbs filled with bacteria onto the tracks to test how far the motion of a train would carry these potentially deadly pathogens. Still other experiments consisted of engulfing entire cities in a cloud of zinc cadmium sulfide under the pretext of providing a smoke screen to hide the population in the event of the outbreak of nuclear war.
The military tells us that all this was done to learn how to better protect us from foreign adversaries, but many wonder whether the benefits of such reckless experimentation truly outweigh the costs.
However, dangerous pathogens released into the atmosphere might be the least of the biological threats to which the American people have been exposed by their government. In 2016, DNI director James Clapper expressed his concerns that gene editing technology might become a weapon of mass destruction if it fell into the wrong hands.
The science of gene editing has proliferated throughout the modern world, seemingly with little to no thought given to the potentially disastrous ramifications of tinkering around with the genetic structure of the biosphere.
While naturally occurring pathogens are bad enough, genetic engineering has given rise to the potential existence of secretly developed biological weapons that could wipe out entire national populations practically overnight. But microbes given superpowers by mad scientists might actually pose less of a danger than other types of genetically modified organisms (GMOs) that have been let loose among an unwitting populace.
In 2013, a group of around 300 scientists formally rejected the premise that there is a scientific consensus on the safety of GMOs for human consumption. This statement led numerous restaurant and grocery chains such as Chipotle and Trader Joe’s to outright ban GMOs from their kitchens and shelves.
Yet agribusiness corporations continue to alter the genetic code of vital crops like corn and soybeans under the protection of an army of scientific publications and news outlets that repeatedly assure their audiences that GMOs pose no threat to the human body or to the biosphere.
Agribusiness giants like Monsanto are heavily subsidized by the United States government. If GMOs truly are detrimental to human health, the unending spread of these unnatural organisms could be serving as a covert continuation of the government’s deadly habit of exposing its people to biological weapons.
4 Subliminal Messaging
It’s been well established that subliminal messaging is used extensively in advertising. This type of marketing usually exploits the baser urges of the populace to influence them to buy a product or service. But what if the same principles used in subliminal advertising are also being used by the United States intelligence community for the purposes of espionage or even mind control?
A formerly secret CIA document titled “The Operational Potential of Subliminal Perception” describes in precise detail the prescribed methodology for gaming the principles of subliminal perception to persuade someone to do something that they usually wouldn’t do.
While the author of the document ultimately concludes that the operational effectiveness of subliminal perception is “extremely limited,” the CIA is widely known for its knack for operating within the strictures of extreme limits and still accomplishing its clandestine objectives with flying colors.
3 Flying Aircraft Carriers
Gremlins: Airborne Launch & Recovery of Unmanned Aerial Systems
In the late 1920s, the United States Navy began exploring the tactical potential of airborne aircraft carriers. Two zeppelin-style airships were constructed, the USS Akron and the USS Macon, both of which carried a crew of 60 men and were capable of deploying and recovering Sparrow hawk fighter planes in flight. However, both Navy flying aircraft carriers met unfortunate ends and their remains now rest at the bottom of the ocean.
Recently, however, rumors have surfaced of DARPA’s plans to reopen this chapter of American history and initiate another attempt to develop airborne aircraft carriers for military use. This time, these proposed sentinels of the skies would carry drones instead of manned warplanes. Called the “Gremlins” program, this audacious DARPA initiative would consist of modified C-130 air transports loaded with stealthy drones capable of penetrating enemy defenses undetected.
Given DARPA’s reputation for suddenly announcing the planning stages of already-completed projects as soon as their cover might be blown, it’s reasonable to wonder whether there might already be “Gremlins” flying over our heads. If the fanciful testimony of supposed secret space program insiders like Corey Goode is to be believed, there may even be Avengers-style Air Force “Helicarriers” patrolling the skies now, rendered undetectable by advanced cloaking technology.
2 Project Thor
‘Rods from God’ Weapon System Gets Another Look
Potentially overshadowing the MOAB as the most lethal non-nuclear weapon in the United States’ arsenal, Project Thor is a technology designed by Jerry Pournelle in the 1950s that would obliterate enemies with bolts from above.
Colloquially termed “rods from God,” this type of Kinetic Energy Penetrator (KEP) would theoretically consist of a pair of satellites. One serves as a targeting hub, and the other is equipped with 6-meter-long (20 ft) tungsten rods that would be dropped on a target from orbit. Capable of penetrating hundreds of feet into the Earth’s crust, these thunderbolts from Thor would produce damage equivalent to a nuclear blast without the fallout.
Though the cost of delivering such rods into orbit is seen as prohibitive, reopening the Project Thor initiative was seriously considered as recently as the George W. Bush administration. With $21 trillion supposedly appropriated without authorization by the Department of Defense and a few other agencies, it’s hard to know what potentially cost-prohibitive theoretical projects the United States government might be silently making into reality without the knowledge or consent of its people.
Behind the gates of HAARP Alaska ~ Are the conspiracies real?
Hugo Chavez brought international attention to the HAARP facility in Alaska when he accused the United States Air Force of using this high-frequency transmitter array to trigger the 2010 Haiti earthquake. Until this point, casting aspersions on this United States Air Force research station was a faux pas committed by only the looniest of tinfoil hatters.
Theories about the darker side of HAARP were supposedly put to rest when the Air Force announced that this ionospheric research complex would be closing its doors in 2014. But the speculation was kindled back into flame when HAARP was reopened in 2017 by the University of Alaska Fairbanks (UAF).
Admittedly, it probably wasn’t a good choice from a PR perspective on the part of UAF to pick the artificially induced manifestation of a weather phenomenon as their first experiment. When HAARP’s new custodians announced their plans to create a version of the aurora borealis that was invisible to the naked eye in the skies over Alaska, many took this as confirmation of this controversial research station’s weather-manipulating abilities.
Although the HAARP program has been repeatedly accused of manipulating the weather and broadcasting mind control signals, none of these claims have been clearly demonstrated to be either true or false so far.
Samuel is a freelance writer and inquirer into the unknown. By rejecting the authority of conventional belief systems while grounding his perspectives in the core of human experience, he manifests content that dissolves barriers between perception and comprehension. Follow Samuel on Twitter.
It might give you the creepy-crawlies, but you almost certainly have tiny mites living in the pores of your face right now.
They’re known as Demodex or eyelash mites, and just about every adult human alive has a population living on them.
The mostly transparent critters are too small to see with the naked eye. At about 0.3 millimeters long, it would would take about five adult face mites laid end to end to stretch across the head of a pin.
“They look like kind of like stubby little worms,” says Michelle Trautwein, an entomologist at the California Academy of Sciences in San Francisco.
Demodex face mites got their name from the Greek words for “fat” and “boring worm,” but they’re not really worms at all. They’re actually arachnids — related to ticks and, more distantly, to spiders.
Michelle Trautwein, an entomologist at the California Academy of Sciences in San Francisco, tested more than 2,000 people and found DNA evidence of face mites on every single one of them.
Trautwein studies our relationship with these microscopic stowaways by looking at their DNA. Her findings suggest that people in different parts of the world have different face mites. “They tell a story of your own ancestry and also a story of more ancient human history and migration,” she says.
But before she could tell that story, she needed to find the mites.
“We use a little spoon and scrape it across the kind of greasier parts of someone’s face, which isn’t as bad as it sounds,” Trautwein says.
Once the samples have been collected, she takes them to the lab to look at the genetics.
Trautwein has tested more than 2,000 people, including tourists from all around the world that make their way to the California Academy of Sciences. And she’s found DNA evidence of face mites on every single one of them.
“No one is thrilled at the initial notion that they have arachnids on their face,” Trautwein says. “But people are often curious — even in their revulsion.”
But how could these creatures live on so many people and still go unnoticed?
Our skin is mostly covered by a thin layer of peach-fuzz called vellus hair, with a few notable exceptions such as the palms of our hands and feet. The shaft of each one of those tiny hairs grows out of its own follicle.
Face mites — Demodex folliculorum and Demodex brevis — spend their days facedown inside your hair follicles, nestled up against the hair shaft, where you can’t see them.
They eat sebum, the greasy oil your skin makes to protect itself and keep it from drying out. The sebum is produced in sebaceous glands, which empty into the hair follicles and coat both the hair shaft and face mite.
That’s why the greasiest parts of your body, such as around the eyes, nose and mouth, likely harbor a higher concentration of mites than other areas.
The mites live for about two weeks. They spend most of their time tucked inside the pores, but while people sleep, they crawl out onto the skin’s surface to mate and then head back to lay their eggs.
Since they live inside your pores, you can’t scrub them off by washing. It’s basically impossible to get rid of all of your face mites.
So how does Trautwein find and study a particular mite? With glue.
“I actually put glue on a glass microscope slide and stick it onto a person’s forehead,” she says. “Then I slowly peel it off. I look under a microscope for mites that are stuck in the follicles that stick up from the thin layer of skin that got peeled off.”
“It can be pretty addictive and exciting,” she adds. “It’s sort of a meditative process of looking through this microforest of follicles and hairs and looking for just the right potential movement or shape.”
It seems our immune system is able to keep their numbers in check, but some people can experience problems with the mites.
“When you tell patients that they have face mites, first of all, they freak out,” says Kanade Shinkai, a dermatologist at the University of California, San Francisco.
Since face mites live inside your pores, you can’t wash them off. But for a majority of people, they’re harmless.
Shinkai occasionally treats patients who have an overload of face mites, which results in a condition called demodicosis.
“There is a very particular look to people suffering from demodicosis. We call it the Demodex frost,” she says. “It’s sort of a white sheen on the skin. And if you look really closely, you can see [it] coming out of every pore. If you scrape those pores, you can see it frothing with little Demodex face mites.”
The condition is relatively rare and is often connected to a decline in the immune system, such as receiving immunosuppressive drugs after transplant surgery, chemotherapy orimmunodeficiency diseases such as AIDS.
Demodicosis can also be triggered by local suppression of the immune system, like using itch-relieving hydrocortisone cream on the face.
It usually comes on fast. “Patients almost universally describe this explosive development of like pustules like whiteheads on their face. It’s really dramatic,” Shinkai says. “And what’s really dramatic about it is that they’re often fine the day before, and then they develop it overnight.”
For the vast majority of people, though, face mites are nothing to worry about. While some studies have found loose connections between Demodex and diseases like rosacea, the evidence hasn’t shown a strong link.
“What’s really confusing is that if you go into your office and scrape everyone’s face, you would find Demodex probably on everybody,” Shinkai says. “And people who have low burden of Demodex may have no or very severe disease and vice versa.”
Trautwein also sees face mites more as a source of interest than of fear.
“They’re not dangerous in a broad sense because we all have them and most of us seem to be cohabiting quite well with them,” Trautwein says. “We mostly share them within family units, and it seems like you are probably initially colonized soon after birth, most likely by your mother, traditionally speaking in human history.”
Looking at your mites, researchers such as Trautwein can usually tell something about your geographical ancestry — what part of the world your ancestors came from.
“Face mites are definitely the species of animal that we have the closest connection with as humans, even though most of us don’t know about them or ever see one in our lifetime,” she says. “We still have this very ancient and intimate relationship, and it seems clear that we’ve had these face mite species with us for all of our history. So they are as old as our species, as old as Homo sapiens.”
WASHINGTON — This was the enemy, served up in the latest chart from the intelligence agencies: 15 Qaeda suspects in Yemen with Western ties. The mug shots and brief biographies resembled a high school yearbook layout. Several were Americans. Two were teenagers, including a girl who looked even younger than her 17 years.
President Obama, overseeing the regular Tuesday counterterrorism meeting of two dozen security officials in the White House Situation Room, took a moment to study the faces. It was Jan. 19, 2010, the end of a first year in office punctuated by terrorist plots and culminating in a brush with catastrophe over Detroit on Christmas Day, a reminder that a successful attack could derail his presidency. Yet he faced adversaries without uniforms, often indistinguishable from the civilians around them.
“How old are these people?” he asked, according to two officials present. “If they are starting to use children,” he said of Al Qaeda, “we are moving into a whole different phase.”
It was not a theoretical question: Mr. Obama has placed himself at the helm of a top secret “nominations” process to designate terrorists for kill or capture, of which the capture part has become largely theoretical. He had vowed to align the fight against Al Qaeda with American values; the chart, introducing people whose deaths he might soon be asked to order, underscored just what a moral and legal conundrum this could be.
Mr. Obama is the liberal law professor who campaigned against the Iraq war and torture, and then insisted on approving every new name on an expanding “kill list,” poring over terrorist suspects’ biographies on what one official calls the macabre “baseball cards” of an unconventional war. When a rare opportunity for a drone strike at a top terrorist arises — but his family is with him — it is the president who has reserved to himself the final moral calculation.
“He is determined that he will make these decisions about how far and wide these operations will go,” said Thomas E. Donilon, his national security adviser. “His view is that he’s responsible for the position of the United States in the world.” He added, “He’s determined to keep the tether pretty short.”
Nothing else in Mr. Obama’s first term has baffled liberal supporters and confounded conservative critics alike as his aggressive counterterrorism record. His actions have often remained inscrutable, obscured by awkward secrecy rules, polarized political commentary and the president’s own deep reserve.
In interviews with The New York Times, three dozen of his current and former advisers described Mr. Obama’s evolution since taking on the role, without precedent in presidential history, of personally overseeing the shadow war with Al Qaeda.
They describe a paradoxical leader who shunned the legislative deal-making required to close the detention facility at Guantánamo Bay in Cuba, but approves lethal action without hand-wringing. While he was adamant about narrowing the fight and improving relations with the Muslim world, he has followed the metastasizing enemy into new and dangerous lands. When he applies his lawyering skills to counterterrorism, it is usually to enable, not constrain, his ferocious campaign against Al Qaeda — even when it comes to killing an American cleric in Yemen, a decision that Mr. Obama told colleagues was “an easy one.”
His first term has seen private warnings from top officials about a “Whac-A-Mole” approach to counterterrorism; the invention of a new category of aerial attack following complaints of careless targeting; and presidential acquiescence in a formula for counting civilian deaths that some officials think is skewed to produce low numbers.
The administration’s failure to forge a clear detention policy has created the impression among some members of Congress of a take-no-prisoners policy. And Mr. Obama’s ambassador to Pakistan, Cameron P. Munter, has complained to colleagues that the C.I.A.’s strikes drive American policy there, saying “he didn’t realize his main job was to kill people,” a colleague said.
Beside the president at every step is his counterterrorism adviser, John O. Brennan, who is variously compared by colleagues to a dogged police detective, tracking terrorists from his cavelike office in the White House basement, or a priest whose blessing has become indispensable to Mr. Obama, echoing the president’s attempt to apply the “just war” theories of Christian philosophers to a brutal modern conflict.
But the strikes that have eviscerated Al Qaeda — just since April, there have been 14 in Yemen, and 6 in Pakistan — have also tested both men’s commitment to the principles they have repeatedly said are necessary to defeat the enemy in the long term. Drones have replaced Guantánamo as the recruiting tool of choice for militants; in his 2010 guilty plea, Faisal Shahzad, who had tried to set off a car bomb in Times Square, justified targeting civilians by telling the judge, “When the drones hit, they don’t see children.”
Dennis C. Blair, director of national intelligence until he was fired in May 2010, said that discussions inside the White House of long-term strategy against Al Qaeda were sidelined by the intense focus on strikes. “The steady refrain in the White House was, ‘This is the only game in town’ — reminded me of body counts in Vietnam,” said Mr. Blair, a retired admiral who began his Navy service during that war.
Mr. Blair’s criticism, dismissed by White House officials as personal pique, nonetheless resonates inside the government.
William M. Daley, Mr. Obama’s chief of staff in 2011, said the president and his advisers understood that they could not keep adding new names to a kill list, from ever lower on the Qaeda totem pole. What remains unanswered is how much killing will be enough.
“One guy gets knocked off, and the guy’s driver, who’s No. 21, becomes 20?” Mr. Daley said, describing the internal discussion. “At what point are you just filling the bucket with numbers?”
‘Maintain My Options’
A phalanx of retired generals and admirals stood behind Mr. Obama on the second day of his presidency, providing martial cover as he signed several executive orders to make good on campaign pledges. Brutal interrogation techniques were banned, he declared. And the prison at Guantánamo Bay would be closed.
What the new president did not say was that the orders contained a few subtle loopholes. They reflected a still unfamiliar Barack Obama, a realist who, unlike some of his fervent supporters, was never carried away by his own rhetoric. Instead, he was already putting his lawyerly mind to carving out the maximum amount of maneuvering room to fight terrorism as he saw fit.
It was a pattern that would be seen repeatedly, from his response to Republican complaints that he wanted to read terrorists their rights, to his acceptance of the C.I.A.’s method for counting civilian casualties in drone strikes.
The day before the executive orders were issued, the C.I.A.’s top lawyer, John A. Rizzo, had called the White House in a panic. The order prohibited the agency from operating detention facilities, closing once and for all the secret overseas “black sites” where interrogators had brutalized terrorist suspects.
“The way this is written, you are going to take us out of the rendition business,” Mr. Rizzo told Gregory B. Craig, Mr. Obama’s White House counsel, referring to the much-criticized practice of grabbing a terrorist suspect abroad and delivering him to another country for interrogation or trial. The problem, Mr. Rizzo explained, was that the C.I.A. sometimes held such suspects for a day or two while awaiting a flight. The order appeared to outlaw that.
Mr. Craig assured him that the new president had no intention of ending rendition — only its abuse, which could lead to American complicity in torture abroad. So a new definition of “detention facility” was inserted, excluding places used to hold people “on a short-term, transitory basis.” Problem solved — and no messy public explanation damped Mr. Obama’s celebration.
“Pragmatism over ideology,” his campaign national security team had advised in a memo in March 2008. It was counsel that only reinforced the president’s instincts.
Even before he was sworn in, Mr. Obama’s advisers had warned him against taking a categorical position on what would be done with Guantánamo detainees. The deft insertion of some wiggle words in the president’s order showed that the advice was followed.
Some detainees would be transferred to prisons in other countries, or released, it said. Some would be prosecuted — if “feasible” — in criminal courts. Military commissions, which Mr. Obama had criticized, were not mentioned — and thus not ruled out.
As for those who could not be transferred or tried but were judged too dangerous for release? Their “disposition” would be handled by “lawful means, consistent with the national security and foreign policy interests of the United States and the interests of justice.”
A few sharp-eyed observers inside and outside the government understood what the public did not. Without showing his hand, Mr. Obama had preserved three major policies — rendition, military commissions and indefinite detention — that have been targets of human rights groups since the 2001 terrorist attacks.
But a year later, with Congress trying to force him to try all terrorism suspects using revamped military commissions, he deployed his legal skills differently — to preserve trials in civilian courts.
It was shortly after Dec. 25, 2009, following a close call in which a Qaeda-trained operative named Umar Farouk Abdulmutallab had boarded a Detroit-bound airliner with a bomb sewn into his underwear.
Mr. Obama was taking a drubbing from Republicans over the government’s decision to read the suspect his rights, a prerequisite for bringing criminal charges against him in civilian court.
The president “seems to think that if he gives terrorists the rights of Americans, lets them lawyer up and reads them their Miranda rights, we won’t be at war,” former Vice President Dick Cheney charged.
Sensing vulnerability on both a practical and political level, the president summoned his attorney general, Eric H. Holder Jr., to the White House.
F.B.I. agents had questioned Mr. Abdulmutallab for 50 minutes and gained valuable intelligence before giving him the warning. They had relied on a 1984 case called New York v. Quarles, in which the Supreme Court ruled that statements made by a suspect in response to urgent public safety questions — the case involved the location of a gun — could be introduced into evidence even if the suspect had not been advised of the right to remain silent.
Mr. Obama, who Mr. Holder said misses the legal profession, got into a colloquy with the attorney general. How far, he asked, could Quarles be stretched? Mr. Holder felt that in terrorism cases, the court would allow indefinite questioning on a fairly broad range of subjects.
Satisfied with the edgy new interpretation, Mr. Obama gave his blessing, Mr. Holder recalled.
“Barack Obama believes in options: ‘Maintain my options,’ “ said Jeh C. Johnson, a campaign adviser and now general counsel of the Defense Department.
‘They Must All Be Militants’
That same mind-set would be brought to bear as the president intensified what would become a withering campaign to use unmanned aircraft to kill Qaeda terrorists.
Just days after taking office, the president got word that the first strike under his administration had killed a number of innocent Pakistanis. “The president was very sharp on the thing, and said, ‘I want to know how this happened,’ “ a top White House adviser recounted.
In response to his concern, the C.I.A. downsized its munitions for more pinpoint strikes. In addition, the president tightened standards, aides say: If the agency did not have a “near certainty” that a strike would result in zero civilian deaths, Mr. Obama wanted to decide personally whether to go ahead.
The president’s directive reinforced the need for caution, counterterrorism officials said, but did not significantly change the program. In part, that is because “the protection of innocent life was always a critical consideration,” said Michael V. Hayden, the last C.I.A. director under President George W. Bush.
It is also because Mr. Obama embraced a disputed method for counting civilian casualties that did little to box him in. It in effect counts all military-age males in a strike zone as combatants, according to several administration officials, unless there is explicit intelligence posthumously proving them innocent.
Counterterrorism officials insist this approach is one of simple logic: people in an area of known terrorist activity, or found with a top Qaeda operative, are probably up to no good. “Al Qaeda is an insular, paranoid organization — innocent neighbors don’t hitchhike rides in the back of trucks headed for the border with guns and bombs,” said one official, who requested anonymity to speak about what is still a classified program.
This counting method may partly explain the official claims of extraordinarily low collateral deaths. In a speech last year Mr. Brennan, Mr. Obama’s trusted adviser, said that not a single noncombatant had been killed in a year of strikes. And in a recent interview, a senior administration official said that the number of civilians killed in drone strikes in Pakistan under Mr. Obama was in the “single digits” — and that independent counts of scores or hundreds of civilian deaths unwittingly draw on false propaganda claims by militants.
But in interviews, three former senior intelligence officials expressed disbelief that the number could be so low. The C.I.A. accounting has so troubled some administration officials outside the agency that they have brought their concerns to the White House. One called it “guilt by association” that has led to “deceptive” estimates of civilian casualties.
“It bothers me when they say there were seven guys, so they must all be militants,” the official said. “They count the corpses and they’re not really sure who they are.”
About four months into his presidency, as Republicans accused him of reckless naïveté on terrorism, Mr. Obama quickly pulled together a speech defending his policies. Standing before the Constitution at the National Archives in Washington, he mentioned Guantánamo 28 times, repeating his campaign pledge to close the prison.
But it was too late, and his defensive tone suggested that Mr. Obama knew it. Though President George W. Bush and Senator John McCain, the 2008 Republican candidate, had supported closing the Guantánamo prison, Republicans in Congress had reversed course and discovered they could use the issue to portray Mr. Obama as soft on terrorism.
Walking out of the Archives, the president turned to his national security adviser at the time, Gen. James L. Jones, and admitted that he had never devised a plan to persuade Congress to shut down the prison.
“We’re never going to make that mistake again,” Mr. Obama told the retired Marine general.
General Jones said the president and his aides had assumed that closing the prison was “a no-brainer — the United States will look good around the world.” The trouble was, he added, “nobody asked, ‘O.K., let’s assume it’s a good idea, how are you going to do this?’ “
It was not only Mr. Obama’s distaste for legislative backslapping and arm-twisting, but also part of a deeper pattern, said an administration official who has watched him closely: the president seemed to have “a sense that if he sketches a vision, it will happen — without his really having thought through the mechanism by which it will happen.”
In fact, both Secretary of State Hillary Rodham Clinton and the attorney general, Mr. Holder, had warned that the plan to close the Guantánamo prison was in peril, and they volunteered to fight for it on Capitol Hill, according to officials. But with Mr. Obama’s backing, his chief of staff, Rahm Emanuel, blocked them, saying health care reform had to go first.
When the administration floated a plan to transfer from Guantánamo to Northern Virginia two Uighurs, members of a largely Muslim ethnic minority from China who are considered no threat to the United States, Virginia Republicans led by Representative Frank R. Wolf denounced the idea. The administration backed down.
That show of weakness doomed the effort to close Guantánamo, the same administration official said. “Lyndon Johnson would have steamrolled the guy,” he said. “That’s not what happened. It’s like a boxing match where a cut opens over a guy’s eye.”
The Use of Force
It is the strangest of bureaucratic rituals: Every week or so, more than 100 members of the government’s sprawling national security apparatus gather, by secure video teleconference, to pore over terrorist suspects’ biographies and recommend to the president who should be the next to die.
This secret “nominations” process is an invention of the Obama administration, a grim debating society that vets the PowerPoint slides bearing the names, aliases and life stories of suspected members of Al Qaeda’s branch in Yemen or its allies in Somalia’s Shabab militia.
The video conferences are run by the Pentagon, which oversees strikes in those countries, and participants do not hesitate to call out a challenge, pressing for the evidence behind accusations of ties to Al Qaeda.
“What’s a Qaeda facilitator?” asked one participant, illustrating the spirit of the exchanges. “If I open a gate and you drive through it, am I a facilitator?” Given the contentious discussions, it can take five or six sessions for a name to be approved, and names go off the list if a suspect no longer appears to pose an imminent threat, the official said. A parallel, more cloistered selection process at the C.I.A. focuses largely on Pakistan, where that agency conducts strikes.
The nominations go to the White House, where by his own insistence and guided by Mr. Brennan, Mr. Obama must approve any name. He signs off on every strike in Yemen and Somalia and also on the more complex and risky strikes in Pakistan — about a third of the total.
Aides say Mr. Obama has several reasons for becoming so immersed in lethal counterterrorism operations. A student of writings on war by Augustine and Thomas Aquinas, he believes that he should take moral responsibility for such actions. And he knows that bad strikes can tarnish America’s image and derail diplomacy.
“He realizes this isn’t science, this is judgments made off of, most of the time, human intelligence,” said Mr. Daley, the former chief of staff. “The president accepts as a fact that a certain amount of screw-ups are going to happen, and to him, that calls for a more judicious process.”
But the control he exercises also appears to reflect Mr. Obama’s striking self-confidence: he believes, according to several people who have worked closely with him, that his own judgment should be brought to bear on strikes.
Asked what surprised him most about Mr. Obama, Mr. Donilon, the national security adviser, answered immediately: “He’s a president who is quite comfortable with the use of force on behalf of the United States.”
In fact, in a 2007 campaign speech in which he vowed to pull the United States out of Iraq and refocus on Al Qaeda, Mr. Obama had trumpeted his plan to go after terrorist bases in Pakistan — even if Pakistani leaders objected. His rivals at the time, including Mitt Romney, Joseph R. Biden Jr. and Mrs. Clinton, had all pounced on what they considered a greenhorn’s campaign bluster. (Mr. Romney said Mr. Obama had become “Dr. Strangelove.”)
In office, however, Mr. Obama has done exactly what he had promised, coming quickly to rely on the judgment of Mr. Brennan.
Mr. Brennan, a son of Irish immigrants, is a grizzled 25-year veteran of the C.I.A. whose work as a top agency official during the brutal interrogations of the Bush administration made him a target of fierce criticism from the left. He had been forced, under fire, to withdraw his name from consideration to lead the C.I.A. under Mr. Obama, becoming counterterrorism chief instead.
Some critics of the drone strategy still vilify Mr. Brennan, suggesting that he is the C.I.A.’s agent in the White House, steering Mr. Obama to a targeted killing strategy. But in office, Mr. Brennan has surprised many former detractors by speaking forcefully for closing Guantánamo and respecting civil liberties.
Harold H. Koh, for instance, as dean of Yale Law School was a leading liberal critic of the Bush administration’s counterterrorism policies. But since becoming the State Department’s top lawyer, Mr. Koh said, he has found in Mr. Brennan a principled ally.
“If John Brennan is the last guy in the room with the president, I’m comfortable, because Brennan is a person of genuine moral rectitude,” Mr. Koh said. “It’s as though you had a priest with extremely strong moral values who was suddenly charged with leading a war.”
The president values Mr. Brennan’s experience in assessing intelligence, from his own agency or others, and for the sobriety with which he approaches lethal operations, other aides say.
“The purpose of these actions is to mitigate threats to U.S. persons’ lives,” Mr. Brennan said in an interview. “It is the option of last recourse. So the president, and I think all of us here, don’t like the fact that people have to die. And so he wants to make sure that we go through a rigorous checklist: The infeasibility of capture, the certainty of the intelligence base, the imminence of the threat, all of these things.”
Yet the administration’s very success at killing terrorism suspects has been shadowed by a suspicion: that Mr. Obama has avoided the complications of detention by deciding, in effect, to take no prisoners alive. While scores of suspects have been killed under Mr. Obama, only one has been taken into American custody, and the president has balked at adding new prisoners to Guantánamo.
“Their policy is to take out high-value targets, versus capturing high-value targets,” said Senator Saxby Chambliss of Georgia, the top Republican on the intelligence committee. “They are not going to advertise that, but that’s what they are doing.”
Mr. Obama’s aides deny such a policy, arguing that capture is often impossible in the rugged tribal areas of Pakistan and Yemen and that many terrorist suspects are in foreign prisons because of American tips. Still, senior officials at the Justice Department and the Pentagon acknowledge that they worry about the public perception.
“We have to be vigilant to avoid a no-quarter, or take-no-prisoners policy,” said Mr. Johnson, the Pentagon’s chief lawyer.
The care that Mr. Obama and his counterterrorism chief take in choosing targets, and their reliance on a precision weapon, the drone, reflect his pledge at the outset of his presidency to reject what he called the Bush administration’s “false choice between our safety and our ideals.”
But he has found that war is a messy business, and his actions show that pursuing an enemy unbound by rules has required moral, legal and practical trade-offs that his speeches did not envision.
One early test involved Baitullah Mehsud, the leader of the Pakistani Taliban. The case was problematic on two fronts, according to interviews with both administration and Pakistani sources.
The C.I.A. worried that Mr. Mehsud, whose group then mainly targeted the Pakistan government, did not meet the Obama administration’s criteria for targeted killing: he was not an imminent threat to the United States. But Pakistani officials wanted him dead, and the American drone program rested on their tacit approval. The issue was resolved after the president and his advisers found that he represented a threat, if not to the homeland, to American personnel in Pakistan.
Then, in August 2009, the C.I.A. director, Leon E. Panetta, told Mr. Brennan that the agency had Mr. Mehsud in its sights. But taking out the Pakistani Taliban leader, Mr. Panetta warned, did not meet Mr. Obama’s standard of “near certainty” of no innocents being killed. In fact, a strike would certainly result in such deaths: he was with his wife at his in-laws’ home.
“Many times,” General Jones said, in similar circumstances, “at the 11th hour we waved off a mission simply because the target had people around them and we were able to loiter on station until they didn’t.”
But not this time. Mr. Obama, through Mr. Brennan, told the C.I.A. to take the shot, and Mr. Mehsud was killed, along with his wife and, by some reports, other family members as well, said a senior intelligence official.
The attempted bombing of an airliner a few months later, on Dec. 25, stiffened the president’s resolve, aides say. It was the culmination of a series of plots, including the killing of 13 people at Fort Hood, Tex. by an Army psychiatrist who had embraced radical Islam.
Mr. Obama is a good poker player, but he has a tell when he is angry. His questions become rapid-fire, said his attorney general, Mr. Holder. “He’ll inject the phrase, ‘I just want to make sure you understand that.’ “ And it was clear to everyone, Mr. Holder said, that he was simmering about how a 23-year-old bomber had penetrated billions of dollars worth of American security measures.
When a few officials tentatively offered a defense, noting that the attack had failed because the terrorists were forced to rely on a novice bomber and an untested formula because of stepped-up airport security, Mr. Obama cut them short.
“Well, he could have gotten it right and we’d all be sitting here with an airplane that blew up and killed over a hundred people,” he said, according to a participant. He asked them to use the close call to imagine in detail the consequences if the bomb had detonated. In characteristic fashion, he went around the room, asking each official to explain what had gone wrong and what needed to be done about it.
“After that, as president, it seemed like he felt in his gut the threat to the United States,” said Michael E. Leiter, then director of the National Counterterrorism Center. “Even John Brennan, someone who was already a hardened veteran of counterterrorism, tightened the straps on his rucksack after that.”
David Axelrod, the president’s closest political adviser, began showing up at the “Terror Tuesday” meetings, his unspeaking presence a visible reminder of what everyone understood: a successful attack would overwhelm the president’s other aspirations and achievements.
In the most dramatic possible way, the Fort Hood shootings in November and the attempted Christmas Day bombing had shown the new danger from Yemen. Mr. Obama, who had rejected the Bush-era concept of a global war on terrorism and had promised to narrow the American focus to Al Qaeda’s core, suddenly found himself directing strikes in another complicated Muslim country.
The very first strike under his watch in Yemen, on Dec. 17, 2009, offered a stark example of the difficulties of operating in what General Jones described as an “embryonic theater that we weren’t really familiar with.”
It killed not only its intended target, but also two neighboring families, and left behind a trail of cluster bombs that subsequently killed more innocents. It was hardly the kind of precise operation that Mr. Obama favored. Videos of children’s bodies and angry tribesmen holding up American missile parts flooded You Tube, fueling a ferocious backlash that Yemeni officials said bolstered Al Qaeda.
The sloppy strike shook Mr. Obama and Mr. Brennan, officials said, and once again they tried to impose some discipline.
In Pakistan, Mr. Obama had approved not only “personality” strikes aimed at named, high-value terrorists, but “signature” strikes that targeted training camps and suspicious compounds in areas controlled by militants.
But some State Department officials have complained to the White House that the criteria used by the C.I.A. for identifying a terrorist “signature” were too lax. The joke was that when the C.I.A. sees “three guys doing jumping jacks,” the agency thinks it is a terrorist training camp, said one senior official. Men loading a truck with fertilizer could be bombmakers — but they might also be farmers, skeptics argued.
Now, in the wake of the bad first strike in Yemen, Mr. Obama overruled military and intelligence commanders who were pushing to use signature strikes there as well.
“We are not going to war with Yemen,” he admonished in one meeting, according to participants.
His guidance was formalized in a memo by General Jones, who called it a “governor, if you will, on the throttle,” intended to remind everyone that “one should not assume that it’s just O.K. to do these things because we spot a bad guy somewhere in the world.”
Mr. Obama had drawn a line. But within two years, he stepped across it. Signature strikes in Pakistan were killing a large number of terrorist suspects, even when C.I.A. analysts were not certain beforehand of their presence. And in Yemen, roiled by the Arab Spring unrest, the Qaeda affiliate was seizing territory.
Today, the Defense Department can target suspects in Yemen whose names they do not know. Officials say the criteria are tighter than those for signature strikes, requiring evidence of a threat to the United States, and they have even given them a new name — TADS, for Terrorist Attack Disruption Strikes. But the details are a closely guarded secret — part of a pattern for a president who came into office promising transparency.
The Ultimate Test
On that front, perhaps no case would test Mr. Obama’s principles as starkly as that of Anwar al-Awlaki, an American-born cleric and Qaeda propagandist hiding in Yemen, who had recently risen to prominence and had taunted the president by name in some of his online screeds.
The president “was very interested in obviously trying to understand how a guy like Awlaki developed,” said General Jones. The cleric’s fiery sermons had helped inspire a dozen plots, including the shootings at Fort Hood. Then he had gone “operational,” plotting with Mr. Abdulmutallab and coaching him to ignite his explosives only after the airliner was over the United States.
That record, and Mr. Awlaki’s calls for more attacks, presented Mr. Obama with an urgent question: Could he order the targeted killing of an American citizen, in a country with which the United States was not at war, in secret and without the benefit of a trial?
The Justice Department’s Office of Legal Counsel prepared a lengthy memo justifying that extraordinary step, asserting that while the Fifth Amendment’s guarantee of due process applied, it could be satisfied by internal deliberations in the executive branch.
Mr. Obama gave his approval, and Mr. Awlaki was killed in September 2011, along with a fellow propagandist, Samir Khan, an American citizen who was not on the target list but was traveling with him.
If the president had qualms about this momentous step, aides said he did not share them. Mr. Obama focused instead on the weight of the evidence showing that the cleric had joined the enemy and was plotting more terrorist attacks.
“This is an easy one,” Mr. Daley recalled him saying, though the president warned that in future cases, the evidence might well not be so clear.
In the wake of Mr. Awlaki’s death, some administration officials, including the attorney general, argued that the Justice Department’s legal memo should be made public. In 2009, after all, Mr. Obama had released Bush administration legal opinions on interrogation over the vociferous objections of six former C.I.A. directors.
This time, contemplating his own secrets, he chose to keep the Awlaki opinion secret.
“Once it’s your pop stand, you look at things a little differently,” said Mr. Rizzo, the C.I.A.’s former general counsel.
Mr. Hayden, the former C.I.A. director and now an adviser to Mr. Obama’s Republican challenger, Mr. Romney, commended the president’s aggressive counterterrorism record, which he said had a “Nixon to China” quality. But, he said, “secrecy has its costs” and Mr. Obama should open the strike strategy up to public scrutiny.
About four months into his term, President Obama pulled together a speech defending his policies. Standing before the Constitution at the National Archives in Washington, he mentioned Guantánamo 28 times, repeating his campaign pledge to close the prison.
“This program rests on the personal legitimacy of the president, and that’s not sustainable,” Mr. Hayden said. “I have lived the life of someone taking action on the basis of secret O.L.C. memos, and it ain’t a good life. Democracies do not make war on the basis of legal memos locked in a D.O.J. safe.”
Tactics Over Strategy
In his June 2009 speech in Cairo, aimed at resetting relations with the Muslim world, Mr. Obama had spoken eloquently of his childhood years in Indonesia, hearing the call to prayer “at the break of dawn and the fall of dusk.”
“The United States is not — and never will be — at war with Islam,” he declared.
But in the months that followed, some officials felt the urgency of counterterrorism strikes was crowding out consideration of a broader strategy against radicalization. Though Mrs. Clinton strongly supported the strikes, she complained to colleagues about the drones-only approach at Situation Room meetings, in which discussion would focus exclusively on the pros, cons and timing of particular strikes.
At their weekly lunch, Mrs. Clinton told the president she thought there should be more attention paid to the root causes of radicalization, and Mr. Obama agreed. But it was September 2011 before he issued an executive order setting up a sophisticated, interagency war room at the State Department to counter the jihadi narrative on an hour-by-hour basis, posting messages and video online and providing talking points to embassies.
Mr. Obama was heartened, aides say, by a letter discovered in the raid on Osama bin Laden’s compound in Pakistan. It complained that the American president had undermined Al Qaeda’s support by repeatedly declaring that the United States was at war not with Islam, but with the terrorist network. “We must be doing a good job,” Mr. Obama told his secretary of state.
Moreover, Mr. Obama’s record has not drawn anything like the sweeping criticism from allies that his predecessor faced. John B. Bellinger III, a top national security lawyer under the Bush administration, said that was because Mr. Obama’s liberal reputation and “softer packaging” have protected him. “After the global outrage over Guantánamo, it’s remarkable that the rest of the world has looked the other way while the Obama administration has conducted hundreds of drone strikes in several different countries, including killing at least some civilians,” said Mr. Bellinger, who supports the strikes.
By withdrawing from Iraq and preparing to withdraw from Afghanistan, Mr. Obama has refocused the fight on Al Qaeda and hugely reduced the death toll both of American soldiers and Muslim civilians. But in moments of reflection, Mr. Obama may have reason to wonder about unfinished business and unintended consequences.
His focus on strikes has made it impossible to forge, for now, the new relationship with the Muslim world that he had envisioned. Both Pakistan and Yemen are arguably less stable and more hostile to the United States than when Mr. Obama became president.
Justly or not, drones have become a provocative symbol of American power, running roughshod over national sovereignty and killing innocents. With China and Russia watching, the United States has set an international precedent for sending drones over borders to kill enemies.
Mr. Blair, the former director of national intelligence, said the strike campaign was dangerously seductive. “It is the politically advantageous thing to do — low cost, no U.S. casualties, gives the appearance of toughness,” he said. “It plays well domestically, and it is unpopular only in other countries. Any damage it does to the national interest only shows up over the long term.”
But Mr. Blair’s dissent puts him in a small minority of security experts. Mr. Obama’s record has eroded the political perception that Democrats are weak on national security. No one would have imagined four years ago that his counterterrorism policies would come under far more fierce attack from the American Civil Liberties Union than from Mr. Romney.
Aides say that Mr. Obama’s choices, though, are not surprising. The president’s reliance on strikes, said Mr. Leiter, the former head of the National Counterterrorism Center, “is far from a lurid fascination with covert action and special forces. It’s much more practical. He’s the president. He faces a post-Abdulmutallab situation, where he’s being told people might attack the United States tomorrow.”
We’ve compiled 101 Data Protection Tips to help you protect your passwords, financial information, and identity online.
Edited By Alex Santiago
Keeping your passwords, financial, and other personal information safe and protected from outside intruders has long been a priority of businesses, but it’s increasingly critical for consumers and individuals to heed data protection advice and use sound practices to keep your sensitive personal information safe and secure. There’s an abundance of information out there for consumers, families, and individuals on protecting passwords, adequately protecting desktop computers, laptops, and mobile devices from hackers, malware, and other threats, and best practices for using the Internet safely. But there’s so much information that it’s easy to get confused, particularly if you’re not tech-savvy. We’ve compiled a list of 101 simple, straightforward best practices and tips for keeping your family’s personal information private and protecting your devices from threats.
SECURING YOUR DEVICES AND NETWORKS
1. Encrypt your data.
Data encryption isn’t just for technology geeks; modern tools make it possible for anyone to encrypt emails and other information. “Encryption used to be the sole province of geeks and mathematicians, but a lot has changed in recent years. In particular, various publicly available tools have taken the rocket science out of encrypting (and decrypting) email and files. GPG for Mail, for example, is an open source plug-in for the Apple Mail program that makes it easy to encrypt, decrypt, sign and verify emails using the Open PGP standard. And for protecting files, newer versions of Apple’s OS X operating system come with File Vault, a program that encrypts the hard drive of a computer. Those running Microsoft Windows have a similar program. This software will scramble your data, but won’t protect you from government authorities demanding your encryption key under the Regulation of Investigatory Powers Act (2000), which is why some aficionados recommend True Crypt, a program with some very interesting facilities, which might have been useful to David Miranda,” explains John Naughton in an article for The Guardian.
2. Backup your data.
One of the most basic, yet often overlooked, data protection tips is backing up your data. Basically, this creates a duplicate copy of your data so that if a device is lost, stolen, or compromised, you don’t also lose your important information. As the U.S. Chamber of Commerce and insurance company Nationwide points out, “According to Nationwide, 68% of small businesses don’t have a disaster recovery plan. The problem with this is the longer it takes you to restore your data, the more money you’ll lose. Gartner found that this downtime can cost companies as much as $300,000 an hour.
3. The cloud provides a viable backup option.
While you should use sound security practices when you’re making use of the cloud, it can provide an ideal solution for backing up your data. Since data is not stored on a local device, it’s easily accessible even when your hardware becomes compromised. “Cloud storage, where data is kept offsite by a provider, is a guarantee of adequate disaster recovery,” according to this post on TechRadar.
4. Anti-malware protection is a must.
Malware is a serious issue plaguing many a computer user, and it’s known for cropping up in inconspicuous places, unbeknownst to users. Anti-malware protection is essential for laying a foundation of security for your devices. “Malware (short for malicious software) is software designed to infiltrate or damage a computer without your consent. Malware includes computer viruses, worms, trojan horses, spyware, scareware and more. It can be present on websites and emails, or hidden in downloadable files, photos, videos, freeware or shareware. (However, it should be noted that most websites, shareware or freeware applications do not come with malware.) The best way to avoid getting infected is to run a good anti-virus protection program, do periodic scans for spyware, avoid clicking on suspicious email links or websites. But scammers are sneaky: sometimes malware is cleverly disguised as an email from a friend, or a useful website. Even the most cautious of web-surfers will likely pick up an infection at some point.,” explains Clark Howard.
5. Make your old computers’ hard drives unreadable.
Much information can be gleaned through old computing devices, but you can protect your personal data by making hard drives unreadable before disposing of them. “Make old computers’ hard-drives unreadable. After you back up your data and transfer the files elsewhere, you should sanitize by disk shredding, magnetically cleaning the disk, or using software to wipe the disk clean. Destroy old computer disks and backup tapes,” according to the Florida Office of the Attorney General.
6. Install operating system updates.
Operating system updates are a gigantic pain for users; it’s the honest truth. But they’re a necessary evil, as these updates contain critical security patches that will protect your computer from recently discovered threats. Failing to install these updates means your computer is at risk. “No matter which operating system you use, it’s important that you update it regularly. Windows operating systems are typically updated at least monthly, typically on so-called ‘Patch Tuesday.’ Other operating systems may not be updated quite as frequently or on a regular schedule. It’s best to set your operating system to update automatically. The method for doing so will vary depending upon your particular operating system,” says PrivacyRights.org.
7. Automate your software updates.
In order to ensure that you’re downloading the latest security updates from operating systems and other software, enable automatic updates. “Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option,” suggests StaySafeOnline.org.
8. Secure your wireless network at your home or business.
A valuable tip for both small business owners and individuals or families, it’s always recommended to secure your wireless network with a password. This prevents unauthorized individuals within proximity to hijack your wireless network. Even if they’re merely attempting to get free Wi-Fi access, you don’t want to inadvertently share private information with other people who are using your network without permission. “If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router,” says FCC.gov in an article offering data protection tips for small businesses.
9. Turn off your computer.
When you’re finished using your computer or laptop, power it off. Leaving computing devices on, and most often, connected to the Internet, opens the door for rogue attacks. “Leaving your computer connected to the Internet when it’s not in use gives scammers 24/7 access to install malware and commit cyber crimes. To be safe, turn off your computer when it’s not in use,” suggests CSID, a division of Experian.
10. Use a firewall.
“Firewalls assist in blocking dangerous programs, viruses or spyware before they infiltrate your system. Various software companies offer firewall protection, but hardware-based firewalls, like those frequently built into network routers, provide a better level of security,” says Geek Squad.
11. Practice the Principle of Least Privilege (PoLP).
Indiana University Information Technology recommends following the Principle of Least Privilege (PoLP): “Do not log into a computer with administrator rights unless you must do so to perform specific tasks. Running your computer as an administrator (or as a Power User in Windows) leaves your computer vulnerable to security risks and exploits. Simply visiting an unfamiliar Internet site with these high-privilege accounts can cause extreme damage to your computer, such as reformatting your hard drive, deleting all your files, and creating a new user account with administrative access. When you do need to perform tasks as an administrator, always follow secure procedures.”
12. Use “passphrases” rather than “passwords.”
What’s the difference? “…we recommend you use passphrases–a series of random words or a sentence. The more characters your passphrase has, the stronger it is. The advantage is these are much easier to remember and type, but still hard for cyber attackers to hack.” explains SANS.
13. Encrypt data on your USB drives and SIM cards.
Encrypting your data on your removable storage devices can make it more difficult (albeit not impossible) for criminals to interpret your personal data should your device become lost or stolen. USB drives and SIM cards are excellent examples of removable storage devices that can simply be plugged into another device, enabling the user to access all the data stored on it. Unless, of course, it’s encrypted. “Your USB drive could easily be stolen and put into another computer, where they can steal all of your files and even install malware or viruses onto your flash drive that will infect any computer it is plugged in to. Encrypt your SIM card in case your phone is ever stolen, or take it out if you are selling your old cell phone,” according to Mike Juba in an article on Business2Community.
14. Don’t store passwords with your laptop or mobile device.
A Post-It note stuck to the outside of your laptop or tablet is “akin to leaving your keys in your car,” says The Ohio State University’s Office of the Chief Information Officer. Likewise, you shouldn’t leave your laptop in your car. It’s a magnet for identity thieves.
15. Disable file and media sharing if you don’t need it.
If you have a home wireless network with multiple devices connected, you might find it convenient to share files between machines. However, there’s no reason to make files publicly available if it’s not necessary. “Make sure that you share some of your folders only on the home network. If you don’t really need your files to be visible to other machines, disable file and media sharing completely,” says Kaspersky.
16. Create encrypted volumes for portable, private data files.
HowToGeek offers a series of articles with tips, tricks, and tools for encrypting files or sets of files using various programs and tools. This article covers a method for creating an encrypted volume to easily transport private, sensitive data for access on multiple computers.
17. Overwrite deleted files.
Deleting your information on a computing device rarely means it’s truly deleted permanently. Often, this data still exists on disk and can be recovered by someone who knows what they’re doing (such as, say, a savvy criminal determined to find your personal information). The only way to really ensure that your old data is gone forever is to overwrite it. Luckily, there are tools to streamline this process. PCWorld covers a tool and process for overwriting old data on Windows operating systems.
18. Don’t forget to delete old files from cloud backups.
If you’re diligent about backing up your data and use a secure cloud storage service to do so, you’re headed in the right direction. That said, cloud backups, and any data backups really, create an added step when it comes to deleting old information. Don’t forget to delete files from your backup services in addition to those you remove (or overwrite) on your local devices. “If you back up your files to the cloud, remember that even though you delete them on your computer or mobile device, they’re still stored in your cloud account. To completely delete the file, you’ll also need to remove it from your backup cloud account,” says re/code.
DATA PROTECTION TIPS FOR MOBILE DEVICES
19. Consciously check and configure app privacy settings.
Most apps offer privacy settings for users, enabling you to determine how much and what types of information are shared or stored. Always choose the least amount of data-sharing possible. Casey Chin from Wired explains, “You probably spend a lot of your day inside apps: catching up on the news, playing music and movies, keeping in touch with friends, racing cartoon characters around a track, and so on. Every once in a while though, it’s worth running an audit on these apps to make sure they’re not overreaching and going beyond their remit—collecting more data about you and controlling more of your devices than you’d like.”
20. Enable remote location and device-wiping.
“If your gadget is lost or stolen, tracking apps can tell you exactly where your phone is. These apps also let you wipe sensitive information remotely. If your phone does end up landing in the wrong hands, you can at least make sure they don’t get your information,” says Kim Komando.
21. Take care of privacy settings immediately upon setup.
When configuring a new device or operating system, configuring privacy settings should be the first order of business. This ensures that you’re not inadvertently sharing sensitive information as you set up your standard apps and services. “The minute you download and install iOS 8, the latest version of Apple’s mobile operating system for iPhone and iPad, you should take note of these privacy steps in order to lock down your device. iOS 8 has a number of new features tied to your location. It also has new privacy settings, allowing users to limit how long data is stored for, such as message expiry features and new private browsing settings…Before you do anything like customizing your phone, loading new apps, or syncing your data for the first time, these first seven settings need to be checked, and if necessary, changed,” explains Zack Whittaker in an article appearing on ZDNet.
22. Use MyPermissions.com to control app permissions in one fell swoop.
While it’s not all-inclusive, MyPermissions.com is a handy tool that allows you to check your permission settings across a multitude of apps, get reminders to clean your permissions with mobile-friendly apps, and get alerts when apps access your personal information so that you can remove it with a single click.
23. Lock your smartphone and tablet devices.
Practically everyone has a smartphone, tablet, or both these days. All it takes is a single mishap where your device slips out of your pocket or briefcase at a restaurant or on public transportation, and your data could wind up in the hands of someone who will use it maliciously. You can take steps to protect your data in the event of a lost or stolen device, however, beginning with locking your device. When your device is locked, a thief must crack your password before gaining access to your apps or personal information, adding a layer of protection. Unfortunately, many don’t lock their devices, says Monica Anderson of Pew Research, “More than a quarter (28%) of smartphone owners say they do not use a screen lock or other security features to access their phone.
24. Don’t forget to backup your mobile device data.
Another data protection strategy that’s often overlooked for mobile devices is the need to backup your data from your mobile device in addition to your desktop computer’s or laptop’s data. There are some automatic cloud-backup options, but this article on Yahoo Small Business Advisor suggests an interesting strategy: using IFTTT (If This Then That) to facilitate automatic backups of important files, such as photos or work documents.
25. Disable automatic uploading.
Some devices automatically backup your data to the cloud, and some apps used on smartphones or tablets store information in remote servers. Yes, having a backup of your data is a good thing, but the backup should be accessible only by you or someone you authorize. You can prevent your devices from sharing your personal photos and other information with the cloud for the world to see by disabling automatic backup settings on your device and on individual apps. In an article on BBC, Colin Barras explains, “As cloud services grow it’s becoming common for devices like smartphones to upload user data to remote servers by default. If you’re at all worried about some of your photos falling into the hands of malicious parties it’s probably not a bad idea to check your phone settings to see what data is being automatically backed up to the cloud, and disable automatic uploading.”
26. Disable Bluetooth when you’re not using it.
Bluetooth technology has offered incredible conveniences to the mobile world, but it also opens the door for vulnerabilities. Most threats exploiting Bluetooth connectivity are dependent on the active Bluetooth connection, and while they aren’t typically devastating or dangerous, they’re certainly inconvenient and can be serious. “Bluetooth attacks depend on exploiting the permission request/grant process that is the backbone of Bluetooth connectivity. Regardless of the security features on your device, the only way to completely prevent attackers from exploiting that permission request/grant process is to power off your device’s Bluetooth function when you’re not using it — not putting it into an invisible or undetectable mode, but completely turning it off (there are bad apps that can power your device back on, just one more reason overall app security is vital),” advises Kaspersky Lab.
27. Get anti-virus or anti-malware protection for your mobile devices.
Anti-malware protection software is a given for most computer users, but many consumers still overlook the importance of protecting mobile devices from the growing number of malware programs impacting all types of mobile devices. Just a few years ago, however, security options for mobile devices offered mediocre protection against threats, at best. “Besides antivirus and malware scanning, security apps for Android also offer a full McAfee LiveSafe 2014 Android screenshot McAfee for Android security suite with features such as device location, remote wipe, backup, and suspicious-URL blocking. These extra features usually require a premium subscription, but most apps offer a minimal, basic level of protection for free, including malware scanning,” according to an article on PCWorld.
28. Check your push notification settings on mobile devices.
Push notifications are notices posted to your device homescreen so that you don’t miss important information or updates. “Many applications send proactive notifications to your phone’s home screen. In general, these notifications are valuable and make it easy to keep track of what’s happening in your favorite applications. Personal health applications may send these types of notifications as well. If you are using applications that use push notifications, review them to ensure that sensitive data isn’t being shared unexpectedly to your home screen. You don’t want your personal health data laying out in plain site on your phone,” according to an article on TrueVault.
29. Enable Touch ID if you use an Apple device.
If you use an iPhone 5 or later, you can take advantage of an added security measure known as Touch ID, a technologically advanced fingerprint security tactic. “The actual image of your fingerprint is not stored anywhere, and is instead converted to a mathematical representation of a fingerprint that cannot be reverse engineered into one. This mathematical representation is stored in a Secure Enclave within your phone’s chip, and is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else.”
30. Set up content filters.
If you have children who use mobile devices, check into security options such as content filters that can be activated either through your wireless provider or on the physical device. These filters restrict access to certain types of content, ensuring that your children cannot inadvertently go to websites or download apps that contain either inappropriate or malicious content. Verizon Wireless, for instance, offers a number of content filters and security options for families.
31. Set your device to automatically lock after a period of inactivity.
Most smartphones and tablets enable you to set a specified time frame, after which the device automatically locks if it’s been inactive. This means if you lose your smartphone but it wasn’t locked, it will lock on its own, ideally before a thief obtains it and attempts to access your personal information. “Configure your settings to ensure that your device locks after a short period of time,” says DeviceCheck.ca, formerly known as ProtectYourData.ca.
32. Be mindful of the apps you install.
There are new apps entering the market constantly. But too many apps running in the background not only slows down your smartphone or tablet, but some of them could be sharing your personal information, even your current location via GPS, without your knowledge. Don’t install apps unless they’re from trusted sources. “The problem is that many third-party app stores are not safe. If you choose to download an APK file and install it yourself, you could be putting malware on your device. You may also be sent an APK file in an email or a text message, or you could be prompted to install one after clicking on a link in your web browser. It’s best not to install these unless you are certain it is safe,” according to an article on Digital Trends.
33. Prevent your smartphone from being stolen.
While remote wiping and location-tracking solutions are great for finding your device and protecting your data if it’s been stolen, the ideal solution is to avoid having your smartphone or other device stolen in the first place. “One of your best ‘grab-prevention’ options is a wireless proximity alarm system. These handy app/device combos let you know when your phone gets more than the pre-set distance limit from the proximity device (which is usually small enough to fit on a key ring),” ComputerWorld recommends.
34. Use an on-device, personal firewall.
Firewalls aren’t just for servers and browsers; you can get a personal firewall for your mobile device, too. MySecurityAwareness.com suggests installing “an on-device personal firewall to protect mobile device interfaces from direct attack.”
35. Wipe devices and set to factory defaults before donating or discarding.
Don’t just give your old mobile devices to someone else, particularly someone you don’t know, without first wiping it clean and restoring it to factory settings. Otherwise, you’re basically handing over all your personal data to whoever ends up with your old smartphone or tablet. “Many security experts say performing a factory reset on your old phone is exactly what you’re supposed to do if you plan to sell or donate it. According to the nation’s major wireless carriers, a reset will erase all personal information – such as texts, contact lists, photos and important user data – from your phone’s memory,” says WTHR.com. But, this method isn’t fool-proof; in fact, 13 Investigates put this very theory to the test and found that in some cases, a factory reset will wipe a device clean. In others, it won’t. The solution? Do a factory reset as a precaution, but do your research and determine the best way to discard of your device or cleaning it before donating it to charity.
36. Be mindful of eavesdroppers when shopping via your mobile device in public.
If you have time to kill on your morning commute, you might browse the virtual shopping aisles, but be mindful of who is sitting beside you or behind you. Criminals can easily peep over your shoulder and watch as you enter passwords, credit card details, and other information. “A long commute on a bus or a train is the perfect time to get some holiday shopping done, but beware of that stranger sitting next to you. Your neighbors might try and read your screen and steal your credit card number or other information. Investing in a privacy screen or filter can significantly reduce the risk of peeping thieves. Screen protectors come in all shapes and sizes and at Best Buy, you can find the one that’s best for your favorite tech gadget,” advises BestBuy in an article offering tips for keeping your digital data safe on Cyber Monday (and really, anytime you’re shopping online).
PROTECTING YOUR IDENTITY
37. Decide what you define as Personally Identifiable Information (PII).
ComputerWorld asks six privacy experts for their recommendations for protecting data in the modern digital age. “‘The traditional definition of personally identifying information (PII) — health records, credit card numbers, social security number, etc. — is so 20th century. The big data age of the Internet is upon us, and even data not previously considered to be PII can feel very personal when viewed in a broader context. ‘Bits of data, when combined, tell a lot about you,’ says Alex Fowler, chief privacy officer at Mozilla. Those aggregated bits, which constitute the new PII, may include such information as your email address, browsing history and search history. ‘The definition of PII — information that a person has a legitimate interest in understanding and protecting — is going to be broadened as we move further into the information society,’ says Fowler. ‘It’s a different footprint than what your parents ever thought about. Think about what you consider personal information,’ Fowler adds. ‘You need a working definition.
38. Use secure passwords.
Passwords are easily cracked by hackers, particularly if you don’t use sound password-creation practices. The best passwords contain uppercase and lowercase letters, numbers, and special characters. You should also avoid using easily guessed words or alphanumeric combinations, such as the names of children or pets, birth dates, addresses, and similar information that can be easily guessed by someone looking at your Facebook profile or through a Google search. “The shorter and less complex your password is, the quicker it is for cyber criminals to come up with the correct combination of characters in your password.” suggests the CSA Alliance.
39. Don’t use Social Security numbers, phone numbers, addresses, or other personally identifiable information as passwords.
Don’t use numbers or combinations associated with other personally identifiable information as all or even part of your passwords. “Don’t use any part of your social security number (or any other sensitive info, like a credit card number) as a password, user ID or personal identification number (PIN). If someone gains access to this information, it will be among the first things they use to try to get into your account,” Bank of America advises.
40. Be overly cautious when sharing personal information.
This tip applies to both the online and offline worlds: Who is asking for your personal information, such as your Social Security number or credit card information? Why do they need it? How will they use it? What security measures do they have in place to ensure that your private information remains private? According to the Department of Justice, “Sharing personal information with others you do not know personally is one of your biggest risks online. Sharing sensitive information such as your address, phone number, family members’ names, car information, passwords, work history, credit status, social security numbers, birth date, school names, passport information, driver’s license numbers, insurance policy numbers, loan numbers, credit/ debit card numbers, PIN numbers, and bank account information is risky and should be avoided. Consider removing your name from websites that share your personal information obtained from public records (including your phone number, address, social media avatars, and pictures) with anyone on the internet.”
41. Watch out for impersonators.
Related to the previous tip, there are many impostors who attempt to trick unsuspecting consumers into giving out their sensitive personal information by pretending to be the individual’s bank, credit card company, or other entity. This can happen by phone or online, via phishing emails or websites designed to mimic the authentic company’s look and feel. “Make sure you know who is getting your personal or financial information. Don’t give out personal information on the phone, through the mail or over the Internet unless you’ve initiated the contact or know who you’re dealing with. If a company that claims to have an account with you sends email asking for personal information, don’t click on links in the email. Instead, type the company name into your web browser, go to their site, and contact them through customer service. Or, call the customer service number listed on your account statement. Ask whether the company really sent a request,” advises the Federal Trade Commission.
42. Share passwords carefully.
This is a data protection tip that’s been emphasized by many security experts, yet there are still many people who fail to follow this advice. The truth is, it’s impractical in the modern environment. Families need to share passwords to bank accounts, credit cards, and other online services with spouses, and many share a single login to services like Netflix. In the workplace, there are abundant reasons why co-workers may need to share login credentials. You shouldn’t give out passwords without concern; rather, determine when another person legitimately requires access to your personal information or account and grant access on a case-by-case basis. If another person needs access for a single, isolated purpose, change your password when the task is completed and they no longer require access. Another option, suggested in an article on PCMag, is to use a password manager that can share single login credentials with other people without them actually being able to view or interpret the login information.
43. Don’t use the same password for more than one account or service.
A password manager seems like an even better idea when you consider the fact that you should never use the same password for more than one account or service. Think about it: If a hacker cracks your password on one website, they suddenly have cracked your password for a dozen more. But remembering the slew of passwords the average person would need to recall to access the many accounts and services most people have these days is no simple feat, unless you have a photographic memory. In lieu of a password manager, you could follow Danny Heisner’s advice at Cranking the Ranking and create your own password algorithm that makes it simple to remember all your passwords without ever using the same one twice.
44. Watch out for theft of your government-issued identification numbers.
Thieves don’t always go after credit and debit cards; sometimes, they steal important government-issued identification numbers, such as driver’s license numbers or Social Security numbers in attempt to assume another individual’s identity. “If you are notified of a breach involving your driver’s license or another government document, contact the agency that issued the document and find out what it recommends in such situations. You might be instructed to cancel the document and obtain a replacement. Or the agency might instead ‘flag’ your file to prevent an imposter from getting a license in your name,” suggests PrivacyRights.org.
45. Don’t write your passwords down.
It’s tempting to keep a written list of passwords, or even a single password written down in a notebook or, worse yet, a sticky note. But this is a bad idea, as it makes it extraordinarily easy for someone else to steal your login information and access your accounts without your permission. “Writing your password on a ‘sticky-note’ and sticking it on your monitor makes it very easy for people who regularly steal passwords to obtain yours. Hiding it under your keyboard or mouse pad is not much better, as these are common hiding places for passwords. However if you must write something down, jot down a hint or clue that will help jog your memory or store the written password in a secure, locked place,” says SANS.org.
46. Organize your passwords in logical groupings.
By using a different system for creating passwords for different types of websites, such as social networking websites, financial institutions, and other membership sites, you ensure that should a hacker crack one of your algorithms, they won’t immediately be able to crack all of your accounts’ passwords. “First up, group your passwords by function — social media, financial information, work — and use a different approach for creating passwords within each group. That way, if a hacker figures out your Facebook password, he won’t be just clicks away from your bank account,” explains an article on Boston Globe.
47. Avoid faxing sensitive information unless absolutely necessary.
Faxing can be a convenient way to send information quickly, but it’s not possible to ensure that the intended recipient is the person who receives the document on the other end, or that the information isn’t visible to someone else in the process of transporting it to another department or individual. “Personal information should not be sent by fax unless it is necessary to transmit the information quickly. It is important that sufficient precautions are taken to ensure that it is received only by its intended recipient,” says BCMJ.org.
48. Shred old documents and statements.
Most consumers receive an abundance of mail largely considered junk mail. Credit card statements, bank account statements, notifications regarding other accounts, credit card offers, and more plague the mailboxes of consumers across the U.S. While online access to accounts has made printed statements practically unnecessary, many consumers simply toss these items out when they’re received. But doing so without first shredding them could put your personal information in the hands of thieves. “Identity theft is the nation’s number one complaint, according to the Federal Trade Commission. One of the most common methods used by thieves to steal personal information is dumpster diving, which entails rummaging through trash looking for old bills or other documents that contain personal information,” explains Katie Delong, in an article for Fox 6 Now. Fellowes.com offers an informative list of documents that should be shredded, as well as best practices for document shredding to ensure adequate data protection.
49. Get rid of old data you no longer need.
Keeping your computer and mobile devices clean is a good practice to ensure usability, but it’s also wise to eliminate old data you no longer need. Why give potential criminals more info than absolutely necessary? “Keep only the data you need for routine current business, safely archive or destroy older data, and remove it from all computers and other devices (smart phones, laptops, flash drives, external hard disks),” advises the Massachussetts Institute of Technology.
50. Properly dispose of electronics.
It’s true that nothing is ever really deleted permanently from a computing device; hackers and technologically savvy criminals (and, of course, the FBI) are often able to recover information from hard drives if they haven’t been properly disposed of. “Document shredding and electronics recycling are two of the most effective ways to dispose of sensitive records, data, documents and information. Electronic devices, even when no longer in use, often retain confidential personal information that can fall into the wrong hands if disposed of incorrectly,” the Better Business Bureau says.
PROTECTING YOUR CREDIT
51. Sign when using debit cards, don’t enter your PIN.
When possible, ask cashiers to process your debit card as a credit card transaction. Not all retail stores allow this (it results in a small processing fee to be paid by the retailer), but most do. It’s often simpler just to enter your PIN, but it also makes it easier for thieves to steal all the information they need to make unauthorized purchases using your card. “Not entering you PIN into a keypad will help reduce the chances of a hacker stealing that number too, Young says. Crooks can do more damage with your PIN, possibly printing a copy of the card and taking money out of an ATM, he says. During Target’s breach last year, the discount retailer said hackers gained access to customers’ PINs. Home Depot, however, said there was no indication that PINs were compromised in the breach at its stores,” explains Joseph Pasani in an Associated Press article appearing on USA Today.
52. Sign up for email alerts for transactions.
If your bank or credit card company offers this service, sign up to receive an email alert when your card has been used for a transaction. This makes it easy to pinpoint charges you didn’t make, and allows you to take rapid action to cancel cards. “Sign up for email alerts when something is charged to the account. Not all banks will offer this, but these alerts let you know when a new transaction has been made using your card,” says CT Watchdog.
53. Review your statements regularly.
“Review your bank and credit card statements regularly to look for suspicious transactions. If you have online access to your bank and credit card accounts, it is a good idea to check them regularly, perhaps weekly, for transactions that aren’t yours. Contact your bank or credit card issuer immediately to report a problem. Debit card users in particular should promptly report a lost card or an unauthorized transaction. Unlike the federal protections for credit cards that cap losses from fraudulent charges at $50, your liability limit for a debit card could be up to $500, or more, if you don’t notify your bank within two business days after discovering the loss or theft,” advises FDIC.gov.
54. Keep an eye out for small transactions.
Fraudsters don’t always make major purchases with stolen cards. In fact, there have been some otherwise-legitimate companies that have scammed their own customers by charging small amounts to credit and debit cards they believed would go unnoticed by consumers. Jack Ablin, chief investment officer at BMO Private Bank in Chicago, talks with ChicagoBusiness.com about his experience: “Mr. Ablin says those who pay with credit should be vigilant about tracking their bills. He recalls after a recent online order he placed for flowers that a random charge for $1.99 appeared on his account from an unknown source. He found that the flower company he used was scamming people for this small amount. He figures the company believed most people wouldn’t notice the relatively small amount. ‘Don’t necessarily look for the Hawaiian vacation on your statement,’ Mr. Ablin says.”
55. Be wary of offers of help following a data breach.
It’s an unfortunate reality that a data breach impacting a major corporation and, therefore, hundreds of thousands of its customers, spells opportunity for thieves. “Be very careful about responding to an unsolicited e-mail promoting credit monitoring services, since many of these offers are fraudulent. If you’re interested in credit monitoring and it’s not being offered for free by your retailer or bank, do your own independent research to find a reputable service,” suggests FDIC.gov.
56. Get a one-call fraud alert.
Calling one of the three major credit bureaus (Experian, Equifax, and TransUnion) and asking for a one-call fraud alert is a great way to stay on top of suspicious activity. “You only need to call one of the three credit bureaus. The one you contact is required to contact the other two. This one-call fraud alert will remain in your credit file for at least 90 days. The fraud alert requires creditors to contact you before opening any new accounts or increasing credit limits on your existing accounts. When you place a fraud alert on your credit report, you are entitled to one free credit report from each of the three credit bureaus upon request,” suggests Office of Minnesota Attorney General Lori Swanson.
57. Shop on familiar websites.
There are hundreds of thousands of online retailers, known as e-commerce vendors, some more credible than others. Always opt to shop with a well-known retailer you’re familiar with, rather than smaller, unfamiliar sites that could merely be a facade for credit card theft. “When it comes to online shopping, it’s best to use a trusted website rather than selecting a random website with a search engine. If you’re familiar with the company and website, it’s easier to avoid scams. For instance, many consumer items can be bought just as easily for competitive prices using Amazon.com vs. finding boutique online shopping. Amazon has reputation and regulations to uphold,” according to NENS.com. Additionally, major online retailers are more likely to offer fraud protection options and the ability to return damaged or defective merchandise.
58. Get a free credit report.
Secura Insurance Companies recommends getting a copy of your credit report annually. “The FACT Act of 2003 entitles you to a free credit report once a year from the three credit bureaus. The reports should be examined for fraudulent activity. To obtain your free annual credit report, either order online via http://www.annualcreditreport.com, or by telephone at ( 877) 322-8228.
59. Be careful shopping online — for personal and business purchases.
Because shopping online is one of the easiest ways to get your credit card number stolen, some experts suggest maintaining a separate, low-balance credit card specifically for online purchases. “Online shopping security is a concern for everyone who makes purchases on the Internet, but it is also an important issue for business leaders — and not just those in the retail sector. Firms also go shopping online, and their employees frequently make business purchases on the company credit card.” explains Security Intelligence.
PROTECTING YOUR DATA ON SOCIAL NETWORKING
60. Don’t share too much information on social networking platforms.
Social networking has become a way of life for many individuals, but sharing too much personal information on your social media profiles can be dangerous. For instance, many hackers have successfully guessed passwords through trial-and-error methods, using combinations of common information (such as children’s names, addresses, and other details) easily found on users’ social media profiles. “Do not post information that would make you vulnerable, such as your address or information about your schedule or routine. If your connections post information about you, make sure the combined information is not more than you would be comfortable with strangers knowing. Also be considerate when posting information, including photos, about your connections,” advises the United States Computer Emergency Readiness Team (US-CERT).
61. Customize your social networking privacy settings.
Social networks like Facebook enable users to customize their privacy settings. On Facebook, for instance, you can choose who is able to see the content you post and who is able to view information on your profile, such as your place of employment, birth date, and hometown. Always choose the highest level of privacy possible to ensure that your personal data doesn’t end up in the hands of someone with malicious intent. “The content you post online will be around for a long time, but you can customize privacy settings on most social media sites. This will affect who can contact you and who can see the information you post. Be choosy: while it’s fun to share information, keep your online reputation in mind. And if you over-disclose information publicly, it could be used by identity thieves to hijack your identity,” suggests the Chronicle of Data Protection.
62. Don’t trust “friends” who claim to be mugged or have other unbelievable stories.
Facebook has become a dangerous platform for users who aren’t careful. Scams have been attempted, some successfully, on the social network, involving thieves masquerading as users on an individual’s friends list, asking for financial help after supposedly being mugged in a foreign country. Non-suspecting users who merely want to help their friends may wire money to these criminals, failing to recognize the ploy. According to the BBB, “Don’t believe everything you read on Facebook Messenger, even if it appears to be from someone you know and trust…especially if it involves receiving or sending money.” Never trust anyone who cannot verify they are, in fact, the person they claim to be. Ask strategic questions to which the answers are not readily available on the user’s profile or easily located online. If it seems suspicious, get in touch with the person via phone or another communication method to try to verify the story.
63. Block suspicious or shady users on Facebook.
For users you don’t know outside of Facebook who befriend you and then make you uncomfortable by asking repeated, personal questions or pressure you to meet them offline, blocking them is a viable option. “You also have a ‘Block List’ feature in your privacy settings. If you choose to block people, you cannot interact with them on Facebook at all,” says Just Ask Gemalto. Blocking shady users means they cannot message you, contact you, or see that you’re online. In fact, they cannot view your profile at all.
64. Protect your Tweets.
If you’re using Twitter to promote your business, you might want your Tweets to be publicly available. However, if you use Twitter for personal communications, you have the option of setting your Tweets to private, meaning only approved followers are able to view your content.
65. Check your privacy settings regularly.
Privacy options are always changing on social networking platforms, so be sure to check your personal settings regularly and make adjustments as needed. “Content uploaded to social media platforms is not always secure, so it’s imperative to understand how to use the privacy features your social media sites have to offer,” according to Social Media Examiner. Click through to the full article for a breakdown of how to update your privacy settings on each of the popular social networks.
66. Know who your friends are.
Don’t accept random friend requests on Facebook from people you don’t know. “Some of the fun is creating a large pool of friends from many aspects of your life. That doesn’t mean all friends are created equal. Use tools to manage the information you share with friends in different groups or even have multiple online pages. If you’re trying to create a public persona as a blogger or expert, create an open profile or a ‘fan’ page that encourages broad participation and limits personal information. Use your personal profile to keep your real friends (the ones you know trust) more synched up with your daily life,” advises StaySafeOnline.org.
67. Use two-step verification for LinkedIn.
“LinkedIn offers members the ability to turn on two-step verification for their accounts. This will require an account password and a numeric code sent to your phone via SMS whenever you attempt to sign in from a device that your LinkedIn account does not recognize,” according to a post on Business News Daily. This ensures that should someone crack your account password, they will be unable to login unless they can’t access your account unless they also gain access to your code — meaning they’d have to also be in possession of your mobile device.
68. Contact the social network to regain access, and let your friends know if you’ve been hacked.
Sometimes, having your social networks hacked means your friends could be being conned by criminals pretending to be you. Or, you could even be blocked from your own account if they’ve changed the password or conducted activities that have led to your account being banned by the service. “If you’re locked out of your account or blocked from accessing it, many Web services have steps in place so you can get back in. For example, Facebook has a system where you can use a trusted source like a friend to take back your account. Search each service’s help section for specific instructions. Speaking of friends, you should let your contacts know that you’ve been hacked, and report the issue to the site. Also, run a scan of your computer or mobile device using a trusted and up-to-date antivirus program,” advises re/code.
PROTECTING YOUR DATA ONLINE
69. Avoid sensitive transactions on public Wi-Fi.
Working at the local coffee shop may have some appeal, but relying on a public Wi-Fi connection means your data is interceptable by outsiders. Avoid conducting banking transactions and sending other sensitive information over a public Wi-Fi network. As the FTC notes, “If you use an unsecured network to log in to an unencrypted site — or a site that uses encryption only on the sign-in page — other users on the network can see what you see and what you send. They could hijack your session and log in as you.”
70. Use website privacy settings.
Websites other than social networking platforms also offer some privacy options. YouTube, for instance (which could arguably be considered a social networking platform, as well), allows users to make videos private or viewable only by specified persons. “You can often find privacy controls on a site by navigating to a control panel or settings menu. Sometimes, websites will draw attention to privacy controls while in other cases they will group them under broader categories like “Account Settings”. Privacy controls may also be offered during the sign-up process for a new online service or account. To best protect your privacy you should explore and understand privacy controls available to you on a given website/platform before you share personal information on or with the site,” recommends TRUSTe.
71. Don’t forget to sign out.
Signing in to online services is necessary when you need to access your personal accounts, but many users forget to sign out when they’re finished using a service. “But when using public computers like in a cybercafe or library, remember that you may still be signed into any services you’ve been using even after you close the browser. So when using a public computer, be sure to sign out by clicking on your account photo or email address in the top right corner and selecting Sign out. If you use public computers often, use 2-step verification to help keep your account safe, and be extra careful to sign out of your accounts and shut down your browser when you have finished using the web,” according to the Google Safety Center.
72. Don’t open emails from people you don’t know.
If you receive an email from a source or individual you don’t recognize, don’t open it, and definitely avoid clicking any links or file attachments. The Hubbard Township Police Department in Ohio suggests, “Delete email from unknown sources. Watch out for files attached to e-mails, particularly those with an ‘exe’ extension-even if people you know sent them to you. Some files transport and distribute viruses and other programs that can permanently destroy files and damage computers and Web sites. Do not forward e-mail if you are not completely sure that any attached files are safe.”
73. Use two-factor authentication.
Two-factor authentication is an additional layer of security that provides protection in the event that a hacker guesses or cracks your password. Two-factor authentication requires a second verification step, such as the answer to a secret question or a personal identification number (PIN). You should opt for two-factor authentication when given an option. “Some websites, such as Google, will text you a code when you login to verify your identity, while others have small devices that you can carry around to generate the code. Authenticator apps are also available on all major smartphone platforms. Other types of two-factor authentication do exist as well, so look in the settings of your banking, shopping, and e-mail hosts for the option,” explains the Webroot Threat Blog.
74. Don’t believe everything you read.
This tip is important for much beyond data protection, such as protecting your financial assets, your reputation, and perhaps most importantly, your personal confidence or self-worth. Too many people have fallen victim to scams online, by buying into false claims and promises of vast accumulation of wealth. Michael Daniel, on The White House Blog, advises, “Be cautious about what you receive or read online – if it sounds too good to be true, it probably is.” Best-case scenario is you lose a few bucks buying into a pyramid scheme that will never net you any profits; worst-case, your personal information is sold and your identity stolen.
75. Use secure websites, especially for sensitive transactions.
When you’re conducting a financial transaction or sharing other sensitive information, always use a secure website to do so. Secure Socket Layers (SSL) is a commonly used website security protocol that provides additional protection for data as it’s transmitted through the Internet. You can tell if you’re using a secure website by looking at the beginning of the URL. Those beginning with https:// are secure. “Web browsers such as Internet Explorer and Firefox display a padlock icon to indicate that the website is secure, as it also displays https:// in the address bar. When a user connects to a website via HTTPS, the website encrypts the session with a Digital Certificate,” explains Instant SSL.
76. Avoid clicking on links in emails.
Most everyone gets the occasional email from their bank, financial institution, or similar accounts and services. But to be safe, you should always open a browser window and type the URL in the address bar, rather than click on links in emails. Why? Phishing emails are one of the most common ways hackers obtain personal information, tricking users into inadvertently handing over their login credentials to bank accounts, credit cards, and other accounts where they can glean further information, make unauthorized purchases, or even steal your identity. “Don’t get caught by phishers. Phishing is when you get an email or a social media message that looks like it’s coming from a legitimate place such as a bank or social networking site. If you click on a link in the message, you’re taken to a website that looks legitimate but could be run by criminals trying to trick you to sign in with your username and password so they can capture that information. Your best bet is not to click on the link but rather type the web address (such as mybank.com) into your browser window and go to the site that way,” the Google Safety Center recommends.
77. Be mindful of your online reputation.
Any information you enter on social networking websites, accounts, or any other website could potentially be up for grabs in the event of a data breach. In general, the information you put online contributes to your online reputation, which can impact your chances of securing employment, getting into your college of choice, and create many problems if the information is unfavorable. Monitoring your online reputation can also help you pick up on sensitive information that shouldn’t be publicly available so you can take action to have it removed. Microsoft suggests searching all variations of your name, avoiding searching for personal identification numbers (such as your driver’s license number or Social Security number), and asking website owners to remove this information if you find it published. You should also check sites you frequent, as well as social networking websites, so that you can clean up your profiles if necessary.
78. Don’t download files from untrustworthy websites.
Websites like peer-to-peer file-sharing platforms are not only illegal, but they’re often rife with malware. Avoid downloading files from any website that you don’t trust completely. “According to a press release released this morning, the research found that of the 30 top pirate sites, ‘90% contained malware and other ‘Potentially Unwanted Programmes’ designed to deceive or defraud unwitting viewers.’ The ‘Potentially Unwanted Programmes’ category is rather broad, and includes popups and ads that link to download managers. In addition, the report links one-third of the sites to credit card fraud. ‘The rogue sites are also rife with credit card scams, with over two-thirds (67%) of the 30 sites containing credit card fraud,’ the press release states,” per a May 2014 report on BeforeItsNews.com.
79. Consider using a disposable email.
A disposable email account is one created solely for a specific purpose that you’ll never use again or for any other account or purpose. “We live in a world where there are so many things that are disposable and email addresses can be added to that list. With the many free online email accounts that take just a few minutes to set up, it’s easy to create an email address that can be disposed of after it has served its purpose. There are many instances where such a disposable email will make sense. Examples include short-term projects, an email address specific to one online application (such as Facebook or Twitter,) for testing purposes, etc; basically, anytime you are unsure of the period of use, like when you decide to take on numerous free software trials,” GetApp explains.
80. Take advantage of secure mobile access options.
Some online services offer secure mobile access options, enabling users to access services without exposing login credentials. “Keep sensitive personal information and bank account numbers/passwords off your phone. Some banks offer secure mobile access without having to expose your account information or passwords,” says Bank of America.
81. Opt out of ad tracking.
An article on MakeUseOf addresses the issues that arise from ad tracking online: “Advertising is a huge business. We’ve written before about how online ads are used to target you and this goes even further with social media ads. You have to expect a level of this behavior while using the Internet, but there are ways to limit how much information is collected about you.”
82. Don’t save passwords in your browser.
Another useful tip from MakeUseOf, this advice suggests that the common practice of ‘remembering passwords’ in browsers is a dangerous practice. Indeed, should someone gain access to your computer or mobile device, they’d be able to easily access any accounts for which you’ve stored login credentials in your browser. While it may make logging in more convenient, it’s a risky habit in terms of data protection. “Keep an eye out for these pop-ups and be sure to deny them.
83. Use more than one email address for different contexts.
84. Create a dedicated email address for long-term projects.
85. Take stock of your digital footprint.
86. Don’t use social media credentials to register for or sign in on third-party sites.
It seems like a convenient option: Simply register for a website or online service using your Facebook or LinkedIn account, and as long as you’re signed in to that social network, signing in to the third-party site is fast and easy. Doing so can jeopardize your privacy, however. “Although it is a convenient option, signing into another account with your Facebook username and password can mean giving the other site all the information Facebook has gathered about you. Worse, if someone hijacks your social login information, they can also gain access to these third-party accounts,” explains ReputationDefender.
87. Be careful when searching in categories known for malware.
This is a difficult tip to adequately describe in a relatively small number of words, but use caution anytime you’re searching for any topic known for spam or malware. This often happens with extremely popular search topics, such as pharmaceuticals, celebrities, and adult-oriented content. Because so many people search for these topics, it’s easy for hackers to set up websites that are essentially fake, designed solely to elicit clicks and execute malicious files. “Googling your favorite celebrities can be a dangerous business if you don’t recognize the sites you are clicking on. Many Google results of famous celebrity names lead to infecting your PC with malware and viruses,” according to this article on PopSugar.
88. Don’t send passwords or account login credentials over public or unsecured Wi-Fi networks.
“Never, ever send account and password information over an open (unsecure) wireless connection. You are broadcasting to everyone within the radius of your wireless signal, which can be several hundred feet, all of your personal information and account information. They can use this to compromise your accounts (e.g. email, financial, system/application access), steal your identity, or commit fraud in your name,” warns the Office of the Chief Information Officer at The Ohio State University.
89. Store your most sensitive data locally.
Instead of backing up all your data in the cloud, particularly a cloud storage provider with security measures you’re not completely confident in, consider backing up your most sensitive information locally or on a removable storage device you can keep under tight wraps. “I doubt there’s such a thing as real privacy on the internet, so personally I wouldn’t trust storing my top secret files in the cloud. Call it paranoia, but identity theft is on the rise and I just don’t want to risk any of that. In any case, we probably don’t have to look at our most sensitive data through the cloud on a 24/7 basis. My advice is to keep only those files which you need to access frequently and avoid putting up documents containing passwords for your various online accounts or personally identifiable information (PII) such as your credit card numbers, national identification number, home address, etc. If you must include these information in your files, make sure to encrypt them before you upload,” says Michael Poh in an article on Hongkiat.
90. Regular password changes might not actually be necessary.
Frequent password changes has long been advice offered in security circles, but the practice’s efficacy has come into question in recent years. “Security expert Bruce Schneier points out that in most cases today attackers won’t be passive. If they get your bank account login, they won’t wait two months hanging around, but will transfer the money out of your account right away. In the case of private networks, a hacker might be more stealthy and stick around eavesdropping, but he’s less likely to continue to use your stolen password and will instead install backdoor access. Regular password changes won’t do much for either of those cases. (Of course, in both instances, it’s critical to change your password as soon as the security breach is found and the intruder blocked.),” says an article on NBC News.
91. Use an encrypted cloud service.
While cloud storage makes for an ideal backup solution, it can also be more prone to hackers if you’re not careful about the cloud services you choose. Victoria Ivey, in an article on CIO.com, suggests encrypting the data you store in the cloud or using a cloud provdier that encrypts your data for you. “There are some cloud services that provide local encryption and decryption of your files in addition to storage and backup. It means that the service takes care of both encrypting your files on your own computer and storing them safely on the cloud. Therefore, there is a bigger chance that this time no one — including service providers or server administrators — will have access to your files (the so called “zero-knowledge” privacy). Among such services are Spideroak and Wuala.
92. Choose a safe, reputable email provider.
Much like not all cloud storage providers are created equal, neither are email providers. Inc.com interviews Patrick Peterson, Patrick Peterson, the founder and CEO of San Mateo, California-based email security firm Agari, about data protection, password management, and choosing safe service providers. “Be sure yours provides proper security. ‘There’s been technology development that stops people from impersonating your ISP, your bank, or your travel site,” Peterson says. “You need to make sure your email provider uses technology like DMARC to stop that phishing. The good news is that Google does it, Yahoo does it, Microsoft supports it, AOL supports it, so if you’re on one of those, you’re on your way to minimizing your risk.
DATA PROTECTION FOLLOWING A DATA BREACH
93. Immediately change your passwords following a data breach.
If a company through which you have an account has suffered a data breach, immediately change your password. An article on ConsumerReports.org discusses the JPMorgan Chase data breach, offering tips for consumers to take steps to protect their data after a breach. “We still recommend online and mobile banking, because it allows you to watch your account in real time from almost anywhere. Yes, it’s now clear that Internet banking is not impervious to hacking, but ‘the convenience you get from banking digitally greatly supercedes any security risk,’ said Al Pascual, head of fraud and security research at Javelin Strategy and Research, a California-based financial services industry consulting firm. As part of your monitoring, watch out for changes to your debit card PIN.
94. Verify that a breach has, in fact, occurred.
There are many opportunists who use the likelihood of a data breach to trick unassuming consumers into actually handing over their passwords and other information, when a data breach hasn’t actually occurred. Before responding to any requests to update your login info through a link sent to you in an email, visit the company’s website by typing the URL into your address bar and confirming the breach occurred, or call the company to verify the information. “First, make sure that your card information has actually been compromised. If you receive a notification via email requesting ‘confirmation’ of your card information, don’t respond – it could be an opportunistic fraudster. Check the merchant’s website for news about a breach or reach out to customer support for details,” says the Electronic Transactions Association (ETA).
95. Request a new card, if applicable.
If a data breach has affected a company that has issued you a card, such as a bank-issued or retail store-issued credit card, cancel your existing card and request a new one. This action makes the previous card number invalid, so if it has been stolen by hackers, it is no longer usable and your finances are secure. “You may be able to do this through your issuer’s customer service department, or through the lost and stolen card department. Some companies will charge a small fee for a replacement card, but most will swap cards for you for free. When you request a new credit card, your old card and its number are destroyed. That means that if a thief tries to use your card in the future, the card will be declined. You will have to wait for the new card to arrive in the mail, so make sure you have money to pay for your purchases during this time,” says CT Watchdog.
96. Consider a credit freeze.
This is a major step, but one that can be especially helpful if you suspect or know your identity has been stolen. It’s possible to restrict access to your credit reports, meaning that thieves who are assuming your identity and attempting to open accounts in your name won’t be able to do so. “Also known as a security freeze, this tool lets you restrict access to your credit report, which in turn makes it more difficult for identity thieves to open new accounts in your name. That’s because most creditors need to look at your credit report before approving a new account. If they can’t see your file, they may not extend the credit. To place a freeze on your credit reports, contact each of the nationwide credit reporting companies: Equifax, Experian, and TransUnion. You will need to supply your name, address, date of birth, Social Security number and other personal information. Fees vary based on where you live, but commonly range from $5 to $10,” according to a Consumer Information article from the Federal Trade Commission.
97. Take advantage of free credit monitoring.
If a major corporation suffers a data breach and your account information has been compromised, the company may offer affected consumers with free credit monitoring services. “If your personal information is hacked, the company that was victimized will probably offer you credit monitoring. (Although a Chase bank spokeswoman told CNBC that credit monitoring would not be provided to customers affected by this week’s breach because no financial information was compromised.) If it does, go ahead and take it,” says Bob Sullivan in an article on CNBC.
98. Don’t ignore reports from friends about mysterious emails coming from your accounts.
One of the most common ways people learn they’ve been hacked is when their friends or family members report receiving an odd email or social media message, or even seeing strange updates posted on social media profiles. It’s easy to ignore these warnings and assume it’s some sort of fluke or someone who simply changed the “reply-to” when sending a spam email, but this is often a sure indicator that your account has been compromised. Don’t ignore these tips. According to Consumer Affairs, “Anytime you receive a new “friend” request from someone who’s already on your Facebook friends list, the simplest thing to do is send your real friend a message asking if they know about their apparent double.
99. Know the warning signs that your data has been breached or that you’ve been hacked.
There are many possible indications that an account has been hacked, your identity stolen, or your data breached in some other way. Educate yourself on the warning signs of a potential breach and create positive habits for monitoring your personal data security to identify potential attacks or breaches before they escalate to devastation. Read up on data protection tips (such as the guide you’re reading right now) and on information outlining the common warning signs of a data breach or hack, such as this list of “11 Sure Signs You’ve Been Hacked” from InfoWorld.
100. Regain control over your compromised accounts.
All too frequently, if one account has been hacked, your data is no longer secure on other accounts using the same login information, particularly if you use the same password for multiple services. “Regaining control of a hacked email account can be tougher. You’ll have to contact the email provider and prove that you’re the true account holder. Of course, if the hacker changes your password, you can’t use your regular email to contact the provider. It’s important to have more than one email address, and make each the alternate contact address for the other. Did you use your email address as a username on other sites? That’s certainly a common practice. But if you also used the same password that you used for the hacked email account, those accounts are now compromised as well. Even if you didn’t use the same password, you could still be in trouble. Think about this. If you forget a website password, what do you do? Right—you click to get a password reset link sent to your email address. A smart hacker who has control of the email account will quickly seek your other accounts, social media, perhaps, or worse, shopping and banking accounts,” explains Neil J. Rubenking in an article at PCMag.
101. Find out precisely why the breach or hack occurred.
If your account has been hacked, your data lost, or device stolen, consider it a learning opportunity. Find out exactly what went wrong and how you could have protected your data by taking better precautions. “While you are fixing things, it’s a good time to take a step back, and ask yourself a more basic question: What was the reason for the breach? If it was your bank account, the answer may be obvious. In other cases, such as e-mail, it can be for a host of reasons — from using it to send spam, to requesting money from your contacts, to getting password resets on other services. An attacker may even be trying to gain access to your business. Knowing why you were targeted can also sometimes help you understand how you were breached,” says Mat Honan at Wired.