For peace of mind, you may be taking simple steps to enhance your privacy, such as taping over the webcam (a la Mark Zuckerberg), turning off location services or browsing the web in incognito mode. So it may be interesting to know Google’s cybersecurity boss, Gerhard Eschelbeck, doesn’t bother with any of these small measures. Here are his three top tips for protecting yourself online.
Mr Eschelbeck, who leads a 600-strong team that protects users from hackers, spammers and spies, says the most critical step for everyone to take is to stay on top of software updates.
“The biggest compromises that have happened over the past six to nine months often happened in an un-patched device that had a security vulnerability, and the patches weren’t applied fast enough,” he told Fairfax Media.
“Patch often, patch quickly. It’s a very good strategy to defend from cyber attacks.”
Since taking the reins in 2014, Mr Eschelbeck says he’s most proud of developing the Security Key, a slim USB device a user inserts into a port to log into Google’s sites such as Gmail as part of two-factor authentication.
He said passwords were the “weakest link” in online security and hopes to see the Security Key go mainstream in the next three years.
He said Facebook boss Mark Zuckerberg’s extra layer of security – he was caught last week with his laptop’s webcam and microphone covered with tape – wasn’t necessary, at least for him.
“I don’t do that. It depends on personal choice and preference, but I don’t feel it’s necessary [because of the other precautions I take],” he said.
When it comes to his mobile phone, he relies on a “robust” password and never uses the fingerprint reader.
“I never need to turn off location service, because you’re signalling to your cell phone towers anyway,” he said.
“I actually find it quite useful to look back a few months later and look at where I was at that point in time.”
And he rarely feels the need to switch the web browser to “incognito mode”.
In this era of big data, some have declared “privacy is dead”. Google, monitoring our habits and analysing our clicks, are raking in millions and building a brand of power and influence.
But Mr Eschelbeck says he rejects the statement, pointing to the way Google offers users the ability to configure privacy and security settings.
“There are features and functions we provide that are dependent on the data, but if the user says ‘I don’t need it’ and turns it off, that’s okay,” he said.
“The key, is to put that decision into the users’ hands … that builds trust.”
So how does Mr Eschelbeck, whose official title is Vice president of security and privacy engineering, protect his privacy? There are three practices he “religiously” follows.
#1 He never misses a security patch
Mr Eschelbeck says one of his biggest security mistakes is ignoring software updates and missing patches.
“It’s one of the things I constantly stay on top of, for the operating system, for applications,” he said.
“It’s easy to miss an update, a patch and it requires a bit of rigour. It’s where I see people, and myself, making mistakes.”
#2 He has strong and unique passwords
He says he understands it can be tricky for people to create and remember unique passwords. His trick is to use the Password Safe app, which creates a secured and encrypted username and password list.
“I don’t necessarily rely on my brain to memorises all those passwords,” he said.
“I can create really unique and truly randomised passwords for all my accounts and store them in an encrypted fashion.”
#3 He uses a Security Key
It’s the invention he’s most proud of and one which he believes has protected him and many others from phishing attacks.
There’s no looking at codes and re-typing. The Security Key just needs to be inserted into the USB port when the user is prompted. It only works on the Chrome browser.
“It’s an option, it’s certainly not mandatory. But we encourage people to use it,” he said.