The document provides tips for securing your digital footprint and privacy online. It discusses securing social media accounts, using strong and unique passwords, deleting personal information from search engines, enabling two-factor authentication, using secure browsers and VPNs, being wary of sharing personal information publicly, and understanding the risks of a large digital shadow and footprint online. It also covers tips for securing mobile devices, IoT devices, and protecting privacy when traveling across borders.

1. Securing Your Digital Shadow
Ernest Staats
MS Information Assurance, CISSP, CEH, CWNA,
Security+, MCSE, CNA, I-Net+, Network+, Server+, A​+

2. Security Tips
• Don't sign up using anothersocialnetworkingaccount
• Lock down those socialnetworkprivacy settings
• Think before you post
• Lie. About. Everything

3. More Security Tips
• Usea passwordmanager andtwo-factor authentication
• Disposableemail DoNotTrackMe, and Yahoodisposable
emails MeltMail
• Usesecure browser suchasFirefox withlistedaddons
• Create personal andprofessional personas
• Delete yourInformationon Google
• Google ads
https://www.google.com/settings/u/0/ads/authenticated
• Privacyhttps://myaccount.google.com/

4. Identity Protection Tips
• Ask questions before you share it
• Lock it up
• Shred it before you put intrash
• Password protect it
• Freeze Credit (for allfamilymembers)
• Checkall familymembers digital foot print
• Set Google Alerts for family
• https://www.google.com/alerts#

5. Understand Risk
Mobile + IoT + Digital Shadow = Digital Monster
• IoT Scanner https://iotscanner.bullguard.com/
• IoT Search - Shodan https://www.shodan.io/explore

6. Protect Personal & Work Data
• Use and maintain anti-virus software and
a firewall
• Regularly scan your computer for
spyware
• Keep software up to date
• Evaluate your software's settings
• Remove unused software programs/Apps
• Consider creating separate user accounts
• Use passwords and encrypt sensitive files
• Dispose of sensitive information properly

7. Protecting Your Privacy
• Do business with credible companies
• Do not use primary email in online
submissions
• Avoid submitting credit card
information online
• Devote one credit card to online
purchases

8. Safe Social Networking
• Lie
• Limit personal information you post
• Internet is a public resource
• Be skeptical
• Evaluate your settings
• Be wary of third-party applications
• Use strong passwords

9. Avoid Identity Theft
• Do business with reputable companies
• Check privacy policies
• Be careful what information you
publicize
• Use and maintain anti-virus software
and a firewall
• Be aware of your account activity

10. Has your identity been stolen
• Unusual or unexplainable charges on
your bills
• Phone calls or bills for accounts,
products, or services that you do not
have
• Failure to receive regular bills or mail
• New, strange accounts appearing on
your credit report
• Unexpected denial of your credit card

11. What is IoT

12. The ‘S” in IoT

13. Common Passwords IoT

14. IoT Discovery Security
• Check your network from the outside
– https://iotscanner.bullguard.com/
• If found then run https://www.shodan.io/
• Download and Run RIoT
– https://www.beyondtrust.com/free-iot-
vulnerability-scanner/

15. IoT Protection
• Monthly check IoT & router's firmware
• Change administration passwords
• Change your Wi-Fi network name
• Select WPA2 encryption for Wi-Fi
• Stick a cut-off headset plug in laptop's
microphone
• Put Cover on Cam
• Research smart-home devices

16. Check your System Firewall
• Checkpoints free FW Verification
• Ransomware
• Identity Theft / Phishing
• Zero Day Vulnerability
• Bot Infection
• Browser Attack
• Anonymizer Usage
• Sensitive Data leakage
http://www.cpcheckme.com/checkme/

17. Digital Shadow
• Nothing to hide
• Don’t care if others know
• Just the internet
– Looking for a job or applying for credit
• One in millions (still easy to find)
• I get discounts (at what cost)
• I am getting something for Free (no)

18. Known Digital Shadows
PeekYou
Give a lot ofInformationfor free just wait andscroll down
http://www.peekyou.com/
Pipl
Search fora person using nameandlocationhttps://pipl.com/
Check Mate
Search fora person using nameandlocation
https://www.instantcheckmate.com
Spokeo
Searches lots ofpublic Records to find informationabout someone
http://www.spokeo.com
US Search
Search fora person using emailnameor user name
http://www.ussearch.com/

19. Unknown Digital Shadows
Pandora
What do theylisten to and who is following them http://www.pandora.com/
Twitter
See what they post online https://twitter.com/
Amazon
What aretheir likes wishes and look at comments http://www.amazon.com/
Facebook
Pay attention tofamily connections posting GPS
https://www.facebook.com/
Linkedin
What arethey posting https://www.linkedin.com/

20. Browser Trackers
• Visible Trackers:
– Google's red
– G+ button
– Facebook's "like”
– Twitter's little blue bird .

21. Digital Hygiene
• Keep an eye on your bank accounts - Click here
to learn how to set up two-factor authentication.
• Investigate your email address - Have I Been
Pwned
• Change your password - Read this article to help
you create hack-proof passwords.
• Close unused accounts - Here's an easy way to
manage all of your online accounts at once.
• Beware of phishing scams - Take our phishing
IQ test to see if you can spot a fake email.
• Manage passwords - LastPass or KeePass

22. Remove WiFi Networks
• iPhone or Ipad:
Settings → General → Reset → Reset
Network Settings.
• On Android phones and your computer
you can see the wifi networks you've
connected to before, and delete them
individually.

23. Understand Your Shadow
• Logout & clear browser of all settings
• Search your Name, place of work, school,
use google and DuckDuckGo
• Sign into Google
– https://google.com/history
– https://google.com/takeout
• Sign into Twitter
– request your advertiser list
– see your own interests
• About the Data What is stored
– https://aboutthedata.com/portal/registration/step1

24. About the Data

25. Browser Fingerprinting
• Use Electronic Frontier Foundation
Panopticlick tool
– "Test Me”
• Sticky Trackers
– "stick" in your
browser - instead of disappearing when you
leave a website

26. Clean your Shadow
• Clean Web Browser
– Use Ccleaner
• DEMO
• Delete Apps you don’t use
• Turn Off location settings
– Demo
• Use VPN
• Like Random things
• Delete mobile Number/ school/ work online
• Check App permissions
• Backup photos
• Use Password Manager

27. Basic Privacy Settings
• Facebook go to settings Privacy
– Turn off location
– Select Friends for post, phone, email address
– No to search engines outside of Facebook
• Twitter profile picture>Settings>Security
– Photo tagging do not allow
– Protect my tweets
– Uncheck add location to tweets
– Uncheck let others find me by my email

28. Metadata
• The most common types of metadata are:
– Software Version
– File share / servers
– Phone numbers, emails and usernames
– Location data: where your mobile phone is
– Date- and time-stamps on phone calls,
emails, files, and photos.
– Information about the device you are using
– The subject lines of your emails
• Covered in NY DFS Security Regulation “nonpublic information”

29. Scrubbing Meta Data
Discover Meta Data on websites
FOCA https://www.elevenpaths.com/labstools/foca/index.htm
Software
Jpg andPNGmetadatastriperhttp://www.steelbytes.com/?mid=30
BatchPurifierLITE
http://www.digitalconfidence.com/downloads.html
DocScrubber
http://www.javacoolsoftware.com/dsdownload.html
See MetaData in photos
http://regex.info/exif.cgi

30. Secure Mobile
• Mobile WiFi Demo:

31. Protect Mobile
• Keep all applications and system patched and
updated
• Use 5 digit Pin to lock device (at least)
• Don't install 'off-road' Android apps
• Don't jailbreak/root your mobile
• Install antivirus
• Enable two-factor authentication on every account
• Remove apps you don't use
• Use a password manager
• Cover WebCam / headphone-Mic Jack
• Turn Off WiFI – BlueTooth (when not using)

32. How Many APPS?
• The Number of Apps on your Device
impacts your security exposure:
– 0-19 Low
– 20-39 Moderate
– 40-59 High
– 60+ Very High
• What does the App do for you… at what
cost?

33. Mobile Device Encryption
• Encrypt Mobile and Backups
– freshly-rebooted, without being unlocked

34. TURN OFF WiFi/Bluetooth

36. NIST Cybersecurity Framework

37. Before Crossing The Border
• Register with Smart Traveler Enrollment Program
https://step.state.gov/step/
• First Backup Device and settings
• Establish a VPN account i.e. https://www.privateinternetaccess.com
• Make sure it is Encrypted Mobile, Laptop, & USB drive
• Factory Reset / reimage
– Configure VPN you established before
• Encrypt mobile
• Strong passcode six digit at least (No Fingerprint)

38. More - Before Crossing The Border
• Use a Secure phone - Silent Circle Phone
“Blackphone” https://goo.gl/WnXfOa
• Turn Off WiFi and Bluetooth
– Forget/ Remove all Wireless and Bluetooth networks (all the time)
• Disable Location tracking and history
https://maps.google.com/locationhistory/b/0
• Delete all History before stepping off plane
• Turn off all location and tracking information
• Setup a Temp email i.e. PBJapple@gmail.com Forward email if
needed