Reconnaissance, Removal, and Reinforcement (R3) — A Brief Guide to Enhancing the Security & Privacy of Your Digital Presence

Over the last few years, social media has become a powerful communication tool for businesses and individuals alike. The wide variety of available media channels has enabled brands to build a digital presence by connecting with existing customers around the world, while simultaneously attracting new ones. Similarly, individual users have been able to stay in touch with friends, connect with colleagues, meet new people, and expand their networks. Like most modern technologies, however, social media was built for convenience — with security and privacy as an afterthought.

The good news is that security and convenience don’t have to be mutually exclusive; there are several techniques we can implement to make our social media use noninvasive and more secure.

My team and I worked on a fairly simple strategy called ‘3R’, which leverages various resources to identify and safeguard online accounts. In the Reconnaissance phase, we inventory all existing accounts. In Removal, we delete accounts that are not in use or no longer needed, in order to reduce potential targets. And lastly, during Reinforcement we implement techniques to strengthen the accounts that we do actively use.

RECONNAISSANCE: For our purposes, this means simply identifying what we want to secure — in this case, our social media/online accounts. ‘namechk’ and ‘checkusernames’ are two resources that can help discover a list of websites where a particular username has been registered. By identifying these accounts, we begin to see the bigger picture of our online identity.

REMOVAL: After we’ve conducted this initial reconnaissance, we want to be able to delete accounts that we no longer use. ‘Justdelete.me’ provides a list of various online accounts and detailed instructions on how to delete them.

REINFORCEMENT: Following this security audit, we can use a few different techniques to strengthen our remaining accounts. The first involves strong passwords:

  • Stay away from simple passwords — try using a passphrase instead
  • Passwords/passphrases should be alphanumerical & use symbols (AbCd, 1234, !@#%)
  • Do not share, write down, email, or reuse passwords
  • Consider using password management software
  • And lastly, enable Two Factor Authentication (2FA) everywhere. This requires you to enter a randomly generated code in addition to your password before you (or anyone else) can access your account.The code can be texted to your cell phone, retrieved through an app, or be used as a physical USB key. The website TwoFactorAuth.org provides a detailed overview of which online accounts make use of this feature, as well as how to enable it.

I wont pretend that this post is anywhere near exhaustive in terms of security advice. It does, however, establish a framework for being more conscious of these topics.

I’ll sign off with this: The best thing we can do for our own security and privacy is act preemptively and remain vigilant. It’s significantly easier to implement best practices from the start, rather than trying to mitigate damage after an incident has taken place.

Feel free to connect with me on Linkedin and follow me on twitter, where I regularly post and share security & privacy tips, tools, and techniques.