The past several years have seen a rise in cyberattacks, hacks, and cyber warfare. This registered in mass consciousness with spectacular data breaches at Equifax, Uber, and Yahoo, as well as through the use of Twitter “bots” to spread so-called fake news about the 2016 U.S. Presidential election. In the face of these myriad cyber risks, proceeding with a business-as-usual approach to your identity on the web can be dangerous.
In 2016 there were 5,585 reported cellphone vulnerabilities. An estimated 110 million Americans had their personal information exposed in this year, let alone the 143 million who had their information “doxed” a year later in the Equifax hack. There was a 547% increase in the number of stolen credentials available on the dark web between 2013 and 2016, which is about 95% of the internet that isn’t indexed by mainstream search engines (the average price of credit card data for sale on the dark web is anywhere from 10 cents to $20). These rates will grow apace with the spread of malware and the growing adoption of smartphones and other mobile devices around the world.
We consume most of our media, and even do a sizable amount of work, through smartphones and apps. Knowing how to protect your digital identity matters even more amidst the rise of a generation of young adults that has never known a world without the internet. Taking these services for granted means it can be easier and easier to gloss over privacy and security concerns.
Are you driving changes, or are you being driven by it? Are you riding passenger, or are you being a proactive participant in technological changes? In this blog post I will discuss ways to secure your online identity. That’s not all. As an academic, managing your online identity is also a valuable way to professionalize your online presence, develop your academic credibility, and build your online social network.
Securing Your Online Identity
How can you avoid problems like identity theft? For one, realize that information you share online, especially on social networks, can be used by others to guess account-confirmation questions (like “what is your pet’s name?”) on your private digital accounts.
In reality, 99% of all data breaches start with a phishing attack. They happen through an email in your email box that has a link, or attachment, that allows the hackers to gather your data and migrate into other networks of potential targets via your contacts list. This happens even with trusted software applications like Outlook and Gmail.
Make sure you recognize the source of any emails you’re getting. If you’re not sure, and if the sender is asking for potentially sensitive information (or even just asking you to click a link you’ve never seen before), then try to verify their email address. Also look for spelling or grammar mistakes, or other things that seem fishy. Look for legitimate URL’s, and use your internet browser bookmarks to reach a site rather than following a URL from an unverified email.
Also, keep your browser settings and your computer security patches up-to-date. If the person is contacting you by phone, take the time to really listen to any voicemails they may have left. Then take appropriate measures: get a number to call them back, or google the phrase or offer that you’re hearing about to make sure it’s not a scam.
Many of us have so many subscriptions to secure or authenticated websites that we may have dozens, even hundreds, of usernames and passwords to remember. How can anyone possibly remember that many individual passwords? On the other hand, how can anyone afford to use the same password for all their sites at the risk of compromising sensitive personal data? Many people use a password manager to solve this dilemma. Some popular password managers include Dashlane, Keeper, and LastPass. You may not like having all your passwords in one place. But you may find it is a massively convenient and even indispensable solution.
It’s also a good idea to enable dual-factor authentication on your apps, especially ones that transmit sensitive information (like banking). Often, this takes the form of a password that you receive on your mobile phone, through an email confirmation, or through a Google Authenticator passcode. Also consider activating voice, fingerprint, facial recognition, or geolocation-based means of authentication which may be available on some of newer smartphone models.
If you’re concerned about the privacy of your communications, then consider using services that encrypt sensitive materials you send via email or texting. It can be a bit of a headache; in many cases, both the email sender and the recipient need to have software installed to encrypt and decrypt messages. There is a range of services that you can sign up for, from internet browser extensions to paid subscription services, to help you do this.
Be mindful of emerging technologies. Especially with AI-enabled technologies that use voice recognition (like Amazon’s Alexa), or wearable devices like smart watches that may be collecting your health and biometric information, try to inform yourself about how these devices are managing your information; whether they’re saving this information; and whether they’re susceptible to hacks. If you are saving information in the cloud, consider whether it’s worth getting this data encrypted.
Finally, be aware of potential vulnerabilities with electronics charging stations in public locations like airports. In some cases, thieves can hack USB-enabled charging stations and use them to siphon your data to a third party by manipulating the data transfer protocols in your smartphone. If you’re logging into private online accounts from public computers, consider wiping your browser history or web cookies after you’re done.
Curating, Professionalizing, and Promoting Your Online Academic Identity
Being safe online isn’t just a matter of protecting yourself from hackers, spammers, and thieves. It’s also about building, some might say branding, your online presence. Paying a little attention to this ensures that what people discover about you online reflects dimensions of your personal and professional identity that you want to project in public.
It’s become commonplace that potential employers may look at your social media accounts to glean more information about you and your lifestyle. Regardless of whether this happens to you, it’s always good to assume that they might. Check out your privacy settings on your social media accounts to make sure that the information you want to keep private is not being broadcast to anyone and everyone who googles you.
While you’re at it, try googling yourself. It’s true that “googling someone” has become a cliché in situations ranging from job interviews to first dates and even meeting new colleagues. Once people find you, they tend to make split-second decisions: Do they like you? Do they trust you? Do they want to hire you? Google yourself to find out what links are showing up in the top search results, and whether these results reflect the identity that you want to project in public.
To help manage these first impressions you may want to create profiles on social media sites for academics, like ResearchGate and Academia.edu. Even if your published work is copyrighted by the publisher, often you can upload a pre-print version of your published work (but be sure to double-check your author agreements before doing so!). Otherwise, consider just uploading abstracts of your articles, course syllabi, or conference presentations to these sites.
Also consider creating accounts on academic social media like Orcid, Google Scholar, and CUNY Academic Works. Orcid provides a persistent digital identifier that distinguishes you from every other researcher. It ensures that your work is recognized as your own by allowing you to link yourself to your professional activities across your various research outputs. Google Scholar helps link your published work indexed on Google to your real-life identity. And CUNY Academic Works is an online repository that preserves and disseminates your work to the GC community and beyond.
Taking control of your digital academic identity might also mean making your own website. You can use pre-made, plug-and-play templates from WordPress, which is always a popular choice. You can also go with newer competitors like Wix, Squarespace, Weebly, or even templates available from Academia.edu. Finally, you can always try to learn HTML and CSS and build your website from scratch.
Popular menu categories on academics’ personal websites often include sections like About Me, Courses, CV, Blog, Publications, or Contact Me. If you have a website, be sure to link to it everywhere you can, and especially on your social media pages on sites like LinkedIn, Facebook, Twitter, Vitae, Academia.edu, ResearchGate, or Google. Linking your website to popular social media sites will boost your page in search engine rankings and give you greater control of your search engine results.
Finally, it’s a good idea to monitor your digital identity by creating a Google Alert (as well as a Google Scholar alert) for your name and website. Google will send you an email notification anytime your work has been cited by someone else in a professional context, such as in an academic publication or a mainstream media outlet. This can help you expand your professional network and cultivate new publishing opportunities for your research (including blogging and speaking engagements) that you may not have anticipated.
You may have heard some of this advice in different places. Hopefully you’ve gleaned some advice you didn’t already know about how to make your online identity more secure, streamlined, and personally and professionally rewarding!
Take care and happy surfing.