Cover your computer's webcam and microphone
Cappos noted that it's very easy to take control of a computer or its webcam. He uses the simple, low-tech
expedient of a piece of black tape to cover the camera lens on his laptop.
It's harder to do that with a microphone, Cappos said, though something to muffle sound wouldn't be a bad
Doing so will stop webcam Peeping Toms, blackmailers and other sleazeballs.
Watch what websites do behind the scenes
Many websites silently send and receive a lot of information about you to and from other websites that
you'd never directly visit.
Fortunately, there are a number of software tools, such as the free browser add-on Collusion, that
visualize this two-way flow of information.
Kill your Facebook account use www.seen.is
Almost any piece of information you post on a social-networking site could later be used hurt you. Cappos
avoids all social networks except for the professional-networking site LinkedIn, and even there, he doesn't
post much information that an identity thief might use.
If you have to have a social network account, use two-step verification, said David Kennedy, CEO of
TrustedSec in Strongsville, Ohio, and founder of the annual Louisville, Ky., security conference
A password by itself, Kennedy said, is just not secure enough anymore.
Cover one hand with the other while using ATMs
The latest ATM-fraud devices use a tiny, almost invisible camera to record your keystrokes as you enter
your PIN, while a "skimmer" in the card slot reads the card information.
Crooks combine the video feed with the skimmer data to match PINs to cards. Bingo! They've got access to
your bank account — unless you covered one hand with the other while entering the PIN so the hidden camera
couldn't see it.
Get an iPhone
The open nature of the Android platform, and the minimal vetting of apps in the Google Play app store,
means it's much easier to end up with an infected Android phone than an infected iPhone. (Six years old,
the iOS platform remains malware-free.)
Run Internet services in a virtual machine
A virtual machine is essentially a separate, software-based computer within your physical computer.
Using a virtual machine to run Web browsers and email clients is sound practice. To an extent, it will
protect your real machine from Internet-based malware, and will mitigate the damage if attacks do get
Furthermore, the permissions that Google grants Android apps are greater than what Apple gives iOS apps.
Android apps are more likely to read your personal data than iOS apps are, because Apple won't let its app
developers access the guts of iOS.
Run all Internet connections through Tor
The Tor network is a sophisticated proxy system that bounces your network traffic from one hidden server to
another. Your Internet traffic, or at the least the traffic that passes through Tor, will be untraceable,
Websites and email recipients won't be able to see your true network location or network activity, which
can be pretty important features for residents of some countries.
When traveling abroad, leave the cellphone at home
Western travelers have had cellphones confiscated by local authorities in countries such as in Burma or
China. More commonly, travelers to China have found spyware installed on their laptops and smartphones.
Nathan Sportsman, CEO of Praetorian, an information-security provider in Austin, Texas, recommends that you
simply leave your own phone behind when travelling overseas.
If Isolate sensitive information
It might be best to use an "isolated" computer, Sportsman said, when doing anything financially or
personally sensitive, such as online banking.
In other words, a separate computer for only online banking — no Web surfing, emailing or social
Such practices minimize the machine's exposure to malware, such as banking Trojans, which are designed to
break into online bank accounts and often install with a single click on a corrupted website.
If you don’t have a spare computer, then isolate your Web browsers. Chris Weber, co-founder of Casaba
Security in Redmond, Wash., recommends using separate browsers for different purposes — for example, one
browser for banking, another for social media (a prime target for identity thieves) and a third for general
Isolating browsers may be inconvenient, but it limits the damage any single browser attack (such as from a
keylogger) can do. you must have a cellphone while abroad, Sportsman said, use a locally purchased
Don't click on unsolicited links
Much of the malware lurking on the Internet infects computers when users click on links emailed by people
they don't know.
Don't do it. You don’t know where the link really leads. Does it go to a regular website, or to one rigged
to attack your Web browser?
This counts doubly for Twitter, where the common practice of URL shortening only hides a link's true
Use cash whenever possible
It's better to use the ATM more often and carry a lot of cash than to use credit cards for meals and casual
purchases, Cappos said. Save the plastic for big-ticket items. Promiscuous use of credit cards only creates
more opportunity for thieves.
Remember, whenever your credit card is out of your sight — for example, when the smiling waiter takes it to
the back room, or when the surly cashier dips it below the checkout counter for a brief moment — it is
available to skimmers and other forms of information theft.
Weber said that whole-disk encryption of computers isn't a bad idea. If your laptop is lost or stolen, it's
nearly impossible for anyone else to get into your data without your password.
Also, the latest versions of Apple's iOS automatically encrypt the entire smartphone or tablet if a
passcode is enabled. On Android devices, encryption is an easy option in the Settings menu.
But what if you've forgotten your password?
"Have a key-recovery plan for all master keys (e.g. splitting keys up and sharing among trusted family
members or friends)" Weber said in an email.
You can also encrypt your communications. Pretty Good Privacy, or PGP, is an open encryption standard for
email, with both free and paid applications.
PGP's developers went on to create Silent Circle, a smartphone app for iOS and Android that encrypts all
voice and video calls and text messages. It's pricey at $10/month, but there are cheaper alternatives, such
as the free Android apps RedPhone and TextSecure.