It’s been more than 10 years since social media became mainstream, and few people in the developed world can go without it. Families communicate through sites like Facebook, people look for jobs using LinkedIn, and many like to spout off on Twitter. Younger generations enjoy the quick “one and done” effect of Instagram and the photo-oriented approach to Pinterest.

Combined with many direct chat systems, and we have a world that it could be argued is “over-connected.” With all this information flowing back and forth, many don’t realize the kind of personal information they have made available to the public. What you post online serves as a microscope into your life — whether it’s your family, your success or even the toys and assets you own. The philosophy is if you look successful online, you must be successful as a person and a business owner, capable of achieving similar results for your clients. However, too much online transparency can pose significant safety risks.

This article points out five key areas of online information that can be used against you as well as steps you can take to control the offending information so you don’t become a victim of crimes such as wire transfer fraud, burglary, kidnapping or worse.

Passwords

Passwords and password protection are part of an ever-moving area of technology, similar to law enforcement and speed trap technologies versus radar detectors where they’re legal. One year, the police will come out with the latest technology that’s better than the current radar detectors that enables them to capture more speeders — especially those speeders who use older radar detectors and are lured into a false sense of security. Later, the next level of radar detectors come out that can detect the latest radar guns, and these detectors allow speeders to detect police before they can be caught for speeding. 

This cat-and-mouse game is the same with passwords. According to Moore’s Law, the computing speed of a computer doubles every two years — so computers today are exponentially faster than those from 10 years ago. This means the average person with the average computer can use that computer with the proper algorithm to break down possible password combinations using a “brute force attack.” In 1995, using an Intel Pentium Pro processor at a rate of 166,927 keys per second (kps), the eight-character alpha-numeric password “john1981” would take over six months to break. Twenty years later in 2015, using an Intel Core i5-6600K processor at a rate of 11,344,618 kps, that same “john1981” password would be broken in less than three days. And the speeds are even faster in 2018, approximately 15 million kps. These concerns grow more serious if you become the target of pure professionals. If you regularly handle large amounts of money, you could become the target of professionals who can utilize computer “clusters” that can calculate at more than 100,000 times the speed of an average computer.

Solution: Make your passwords longer with at least 10 characters or more that you can remember so you don’t have to write them down. When strengthening your passwords, follow one of these principles:

• Create a password phrase: A password based on a phrase, like a movie line, can be difficult to hack. To create a password phrase, you can use the movie line like “hasta la vista, baby,” from the 1991 film Terminator 2: Judgment Day with Arnold Schwarzenegger. Take the first letter of each word, add the actor’s initials, then the year the movie was released, and mix these items together for your password phrase: “AShlvb1991!” It’s always a good idea, and sometimes required by websites, to use punctuation in your password as well. According to our time calculator, it would take over 8,400 millennia to crack that password at today’s computer speeds.
• String unrelated words together: Another strong password is one that includes several unrelated common words strung together, for example, “HorseHatFootballJoke?” Memorizing it would be easy: Just picture a horse wearing a hat telling a football joke. This password is off the scale in terms of breakability. The BetterBuys’ password-cracking calculator at www.betterbuys.com/estimating-password-cracking-times shows “infinity” as the time frame for cracking the “HorseHatFootballJoke?” password. Keep in mind, it’s not humans we’re trying to fight; it’s computers with the ability to blindly and systematically break down passwords at billions of tries per second.
• Apply these password concepts to all of the websites you access as well as your devices — laptop computers, tablets and mobile phones — and to your home Wi-Fi router.

“The Best of the Tech Helpline” article this month also explores password protection. Learn more about strategies to protect your passwords at www.wra.org/WREM/Sep18/TechHelpline.

Public Wi-Fi

Here is an area of cybersafety where you have less control than you should. Sharing a router with strangers is getting them a bit too close to your own mobile device and your personal information. With the right modem card in a laptop, a hacker could get in between the signal between your laptop and the router. The hacker then breaks that connection, and once the connection is re-established, the hacker picks up the “code.” The hacker can then go home and, through the internet, reconnect with your laptop and start what’s called a “blunt-force” password attack to get access to your laptop. If you have a weak password, the hacker can break it in a matter of seconds. 

Also, if you’re surfing unsecured websites, you leave yourself open to having someone skilled at hacking “intercept” the data you’re sending back and forth between yourself and the router. An unsecured website will begin with “http://” in the URL, while a secure website will include “S” in “https://,” meaning “secure.” 

Additionally, you need to make sure you’re on the correct Wi-Fi. Sometimes someone will set up a fake Wi-Fi with an address very similar to the real one. Make sure you’re connecting to the intended one. How do you keep yourself safe when you’re out in the world?

Solutions:

• Make sure your device includes a password to unlock and access it. Be sure this password adheres to the standards described earlier.
• Only exchange information on secure websites. It’s best to not access banking or other highly sensitive websites from public Wi-Fi. To access these sensitive websites, wait until you’re on your home network or office if it’s set up correctly. Check with your broker to make sure it is.
• Sign up for a Virtual Private Network (VPN). The average cost is less than $20/ month, and a VPN encrypts everything you do and disguises who you are and where you are, which makes it much harder for criminals to track you. 

Public records

Most of us take for granted that real estate ownership records are public information. As professionals in real estate, it may be easy to think only we have access to sensitive information about house values, mortgage balances and tax bills, for example. But the truth is that anyone has access to those records if they know where to go. In most of the United States, a quick Google search for “‘X’ county assessor” will take you to a website where you can search by someone’s name to find out what property they own. The average Facebook profile contains a person’s name and city of residence, which is all a person needs to do this type of search and have the address in minutes.

Solution: Have an attorney create a trust or LLC in a name other than your own, and then have the trust of LLC own your property. There are other potential benefits such as reduced liability in some cases or the ease of transfer after death, but we’re talking about personal safety because being a real estate professional can make you a target. And if someone wants to target you, you don’t want it to be easy for them to find out where you live because that opens the door to myriad possible attacks on you.

Social media

There are so many opportunities to give away too much on social media that can lead a clever person to learning too much about you and your family. It’s amazing to me how much people give away about themselves. A few years back, a couple of math whizzes at MIT created an algorithm that could take your hometown and birthdate and predict your actual Social Security number in as few as 10 tries. You need to limit even the most basic personal information you provide in your social media profiles. Facebook is the biggest culprit, but there are several items related to social media security to be aware of in general:

Facebook profile information: Here you can learn about someone’s place of birth, date of birth, family connections, current city of residence — which helps in the public records search previously mentioned, anniversaries and much more. So many people are happy to fill out Facebook’s forms like they’re at a government office or something. The truth is that most of this information has no business being on your profile at all — much less under the settings we’ll recommend.

LinkedIn profile information: I actually laugh out loud when I see this sometimes, but only because it’s so ridiculous how complete real estate professionals fill out their job history, education history, bio, profile and more on LinkedIn as if they’re thinking it will somehow get them one more deal. The truth is that after 10 years of studying, writing books and traveling around the U.S., I’ve never heard a story of someone getting a client from a social media site because of the year they graduated from high school.

Other social media sites: I’ve seen too much information provided in the actual social media profile URL, such as “/johnsmith1971” with 1971 being a birth year. Photos can give away information in the background you’re not paying attention to. Same with video. 

Solutions:

• Start by taking off unnecessary information from your social profiles. No one needs to see your birthdate, anniversary or graduation years. Those who need to know it you can tell in person.
• Next, put all your Facebook friends in “lists.” This will help you set the privacy of all your Facebook activities from your posts to your profile information, item by item. For example, you may make a post about a family reunion. With lists, you can post that only to your family “list” so they can enjoy it but no one else will be able to see it … especially people you don’t know and/or can’t trust.
• Protect every photo and video you post by not posting them to the “public” but only to select lists you’ve created as they can contain information only the slickest of minds can extract. It’s best to limit who can see these rather than try to scrub every one hoping not to miss something.

Not-so-private records

A recently new concern has popped up. It never used to be this “thorough” on a free site but now, on a website called “whitepages.com,” you can get many individuals’ full address history; the names of relatives; and phone numbers at home, cellular and work. I haven’t figured out yet how this website is generating this information, but my guess is that the site is getting such information from the credit bureaus. Credit bureaus take a lot of your personal information you put on your credit apps for car loans, house loans and utility hookups and sell it. This really shouldn’t be allowed — but welcome to a free market economy; the bad side. The result is that your home address can be obtained from them because of bills being sent to you as well.

Solution: Get a P.O. box or a UPS store box and have your bills sent to the box — especially bills for your cell phones and utilities. You might also want your property trust or LLC to have an address at a P.O. or UPS box. The fee for a box is only about $20 per month, but this greatly increases your personal safety. And as a bonus, you might be able to get your driver’s license address changed to your box address. I did years ago to ensure that if I had my wallet and keys stolen together, no one would be able to look at where I live and use my keys to rob me. Initially I tricked the DMV — they must not have had my UPS box address on their list of P.O. box sites. But in recent years, many jurisdictions are seeing the benefit of allowing people to add a box address instead of a property address.

Bottom line: If you do these few things, you will be exponentially safer than before and would probably withstand a lawsuit against you if you did get hacked because you’re doing everything within reason to protect your information and your clients’ sensitive information.

Jack Lindberg is a former REALTOR^® and Internet Safety Specialist focusing on the real estate industry. He is currently on tour teaching his class “Internet Data Protection Practices” to REALTOR^® associations across the country and has a website — www.agentsplanet.com/safetyclass — dedicated to the principles he’s shared in this article.