Compartmentalization is the limiting of access to information to persons or other entities who need to know it in order to perform certain tasks. The concept originated in the handling of classified information in military and intelligence applications. The basis for compartmentalization is the idea that, if fewer people know the details of a mission or task, the risk or likelihood that such information will be compromised or fall into the hands of the opposition is decreased.
For our purposes, compartmentalization in information security is a best practice that should be incorporated into how you organize and manage your online accounts. The idea is that if any one part of your overall profile is compromised, there is an increased likelihood that other areas of your identity may be adversely affected. During private consultations, I emphasis the importance of this concept with clients. It can be a complicated topic, but one that has a huge impact on your overall online security. The following scenario introduces this concept:
For convenience many people have a primary personal email account that is used for the majority of their online activity. That same email is also the username in many cases, and the first piece of information used to access their bank account, social media accounts, and online shopping accounts, like Amazon. Having one email that you use as your primary point of contact for the majority of your online presence makes life easier, however it is not the ideal set up for security. If any one of those accounts were to be compromised by hacker or through a data breach, then your other accounts could then be targeted because an attacker already knows 50% of the information they need (your primary email) to access any other account that shares that same email address. It is a fact that many people also use the same of a similar password at other accounts they own, and attackers know that as well. A compromised Facebook account may be all that is needed for someone to also compromise your bank account or cloud storage accounts if the username and password is shared between those accounts. Make sense?
Ideally, if you had 100 different online accounts that all needed a username and password to access them, then you would also have a unique username and a strong, unique password for each one of those accounts. In the event that any one of those accounts were compromised, none of your other accounts would be at risk because the compromised username and password were exclusive to only one website.
Putting this compartmentalization into practice is a balancing act between security and convenience. As you develop a better strategy to manage access to your online accounts, it is important to have an idea of what the “ideal” and most secure set up would look like and the reasons for that level of compartmentalization. Your strategy may deviate from the perfect scenario in order be more convenient, but you should carefully consider where those compromises exist so you know where you may be more vulnerable.
Security experts suggest setting up different email accounts that are used for a specific purpose. The bottom line is using a single email account nowadays, is antiquated and risky. Here is an example of how this could be organized:
Personal Email: For communication with your close family and friends.
Private Email: Communication with companies where your critical information is kept. Financial institutions are an example of a critical account.
Online Shopping: Amazon, and other online retailers fit into this category.
Work Contacts: Communication with your employer or work acquaintances.
The above is a basic example of how separating different aspects of your life into categories can help to compartmentalize your accounts. A security breach in one area would not jeopardize another area. This separation can be broken down even further depending on your specific needs and desired level of security.
My personal, trusted contacts (family, close friends) have one email address they use to communicate with me. That address is not used anywhere else or for any other purpose. Work contacts also have a separate email address. My iCloud account, and financial accounts, each have their own unique email addresses. Any accounts that I consider critical, gets it’s own unique address. Having multiple email accounts that separate multiple aspects of your life; all with very strong and unique passwords on each account, is accomplished easily using a password manager. You should also take advantage of Two Factor Authentication (2FA) for any accounts that offer it. Masked email accounts can also be incorporated into your strategy for even more layers of anonymity and protection, as well as disposable forwarding emails such as 33Mail.
Examples of how people’s critical accounts were compromised because their social media or a less critical account was hacked are endless. You cannot use the same passwords on different accounts and expect to have a secure online identity. On 31st August 2016, unknown hackers leaked 68 million Dropbox user accounts including login emails and encrypted passwords. Earlier this year, hackers stole and sold 427 Million MySpace passwords on the dark web marketplace; in May 2016, 117 million LinkedIn and 33 million Twitter login credentials and were listed on a dark web marketplace for sale. Jennifer Lawrence and many other celebrities certainly learned how hackers gain access to private accounts when their nude photos were leaked due to compromised iCloud accounts. Resignations, divorces and suicides followed the Ashley Madison data leak of 30 million compromised email accounts. One analysis of email addresses found in the data dump shows that some 15,000 are .mil. or .gov addresses were used. Those are just a few recent examples.
Use a password manager, and separate your online accounts into as many categories as you can to protect them from each other in the event someone gains access to one of them. Setting up your compartmentalization takes some time and some careful consideration. The benefits to the security of your online profile is immeasurable when you take the time to accomplish this.
Helpful links related to this topic: