Does working at the Office of the Privacy Commissioner make you paranoid? Well, it’s not quite that bad, but a New Zealand Herald article about cybercrime and identity theft prompted me to think about the number of my online profiles that use, or are linked to, my real identity.

I sat down at my computer and tried to work this out. I don’t post much on Facebook, rarely tweet, don’t Snapchat, Instagram or tumble (is that what one does on Tumblr?). Yet despite not being a social media socialite, I found that I have 20 online profiles that use my real identity.

My online life

These cover all sorts of activities, from forums where I post comments, to the website where I enter my sporting events, through to music and TV streaming services. I have three profiles where had I thought to use a false name, but all of those accounts were created using my primary email address, which contains my real name.

Many of my accounts contain sensitive personal information, such as my online banking, IRD and RealMe accounts, and eight of them include my credit card details. I suspect that, compared to many New Zealanders, this is a low number.

The recently released National Cyber Security Strategy estimates that 81 percent of New Zealanders have experienced some form of cyber breach, and 22 percent have had their email accounts hacked.

Daisy-chained identity

In my case, gaining access to my primary email account, which I’ve been using for many years, would also make it much easier to crack open all my other accounts - including those linked to my credit card. This is because many of these sites will send password resets to my primary email account. For some of them, you don’t even need to know my username because the email address is enough to activate a password reset.

This story, from 2012, illustrates what can happen when online profiles, even ones with seemingly good security, can be undermined when daisy-chained together.

Protecting yourself

What can you do to protect yourself online? The Connect Smart website has some good advice for individuals and businesses. Good password practice is number one; use complex passwords, use two factor authentication wherever possible, and change your passwords frequently.

I would add to this list: create and use separate identities, such as separate email accounts, for your activities online where your real identity is not required. In my case, I didn’t really start thinking about online security until I joined the Office of the Privacy Commissioner, and taking my own advice is going to be a pain in the proverbial. But maybe this extra effort is a fair trade-off for the enjoyment and convenience of life online, and a good resolution for 2016.

Image credit: American common buzzard - via the National Audubon Society.

email, cybersecurity, data