10 Tips for Data Privacy Day 2016
Today marks national Data Privacy Day - here are 10 tips to keep your information private and secure while online.
Happy Data Privacy Day (DPD) 2016! We are quite pleased to be Champions of Data Privacy Day 2016, as protecting sensitive information, including personally identifiable information, has been one of our core missions since Digital Guardian’s inception in 2002. This year’s key themes are Respecting Privacy, Safeguarding Data and Enabling Trust. In accordance with these themes, we’ve compiled 10 tips for users that will help protect their information online.
1. Review and tighten your privacy settings for social media
Your digital footprint is constantly expanding as you share more information online, including status updates, geo-location info, and personal preferences/experiences. Given this, it’s important to control who’s looking at this information – keep your social circle of friends tight and take steps to filter who is viewing your information and updates. Check the privacy settings on your social sites to ensure that your info is only being viewed by people you want to see it. Here are some links to help configure privacy settings for Facebook, Linkedin, Twitter, Google +, Instagram, and SnapChat.
2. Use complex and unique passwords
Password management is a critical component of protecting your accounts, online identity and sensitive information. Using unique, complex passwords for each account you own is the first step to take in ensuring that your accounts and personal information aren't improperly accessed or exposed. Long character counts and a mix of upper and lower case letters and special characters add additional layers of complexity, making your passwords harder to crack and more secure.
3. Change your passwords every 60-90 days or immediately after a reported security breach
Changing your passwords every 60-90 days is good data hygiene, and of course changing them immediately following a reported breach is key to keeping your information protected from unwanted hands. If you belong to a lot of accounts and feel overwhelmed, use a Password Manager to help you.
4. Consider using Do Not Track browser plug-ins
For increased privacy, consider using Do Not Track browser extensions/plug-ins to prevent unwanted parties from tracking your activity on the web. These plug-ins protect you from third-party tracking cookies and scripts. A few popular ones include Disconnect, Privacy Badger and Ghostery.
5. Subscribe to a Virtual Private Network (VPN) service
Any time you connect to a public Wi-Fi service your information is at risk, so it’s a good idea to subscribe to a VPN service provider. A VPN service will assist by encrypting any information you send while on an untrusted network. This will help secure any data that you’re transferring wirelessly while protecting you from anyone trying to sniff your traffic or gain access to your device. PC Magazine has a thorough write-up on selecting the best VPN service, with a review of each major provider.
6. Enable Two-Factor Authentication (2FA) for high-value accounts
While two-factor authentication (2FA) isn’t bullet-proof, it is an important line of defense against attackers who are trying to access your accounts after your credentials have already been compromised. By requiring a second factor for authentication in addition to your username/password combination, 2FA also prevents brute force attacks aimed at cracking your passwords to gain access to your accounts. 2FA is especially critical for high-value accounts like online banking accounts or any accounts – such as Amazon, Apple, or others – that store or process financial or otherwise private information. While it may be inconvenient to set up, take the time to do it with accounts where you host or access your most sensitive information. Google, Apple, Twitter, Microsoft and Facebook all offer 2FA, among other sites.
7. Use a passcode on your mobile device
Protecting your devices with passcodes may be status-quo by now, but if you haven’t done this already you really need to do it… now. Device loss and human error are still the most common ways sensitive information is exposed. You can easily misplace your phone or forget it in a restaurant, the back of an Uber, or any other public location. Take steps to avoid easily giving away your personal data by putting this simple safeguard in place.
8. Avoid oversharing on social media
Cybercriminals often use social profiling and harvest information from social media sites to launch customized social engineering campaigns that capitalize on victims’ trust while exploiting their emotions. Ensure this doesn’t happen to you by filtering what you say on social sites – even if you have tight privacy settings, attackers could still see info you upload if they have control of someone else’s account. There’s no reason to announce your flight plans, post about when you’ll be away from the house or always use geo-location tags for your immediate whereabouts. You’re putting yourself at risk each time you do this. For more tips how to avoid social oversharing, see our infographic on the subject.
9. Keep your operating system and all software up-to-date
Software updates typically contain fixes for security vulnerabilities, so it is important to keep any software applications that you run up-to-date at all times in order to reduce your risk of being vulnerable to cyber attacks. This includes your mobile devices as well, as many iOS and Android apps have been known to contain exploitable vulnerabilities. Where possible, enable automatic updates – especially for your AV program (to protect against the latest threats) as well as for Microsoft, Oracle, Java and Adobe, all of which are popular targets for cybercriminals looking exploit unpatched vulnerabilities and infect your devices.
10. Learn to recognize and avoid phishing attacks
Speaking of social engineering and cybercriminals – be on the lookout for phishing attacks. Every minute, someone falls victim to a phishing attack that results in the loss of sensitive information. Phishing attacks began in the mid-1990s and have only increased in frequency since, particularly in the past ten years. Attackers target individuals and deceive them into revealing confidential information by sending fake emails with links to seemingly legitimate websites or infected attachments. Those emails and sites then request private information, such as credit card details and passwords.
Despite their simplicity, phishing scams are still the most potent and popular method of attack because they’re highly successful and easy to deploy, even at large scale. In only 82 seconds – the time it takes from the launch of a phishing scam to a user falling for a malicious link or other trap – one can lose their most valuable personal or financial information. However, there are ways to avoid becoming a victim. Among them:
- Check your emails with caution
- Only share information on secure websites
- Beware of pop-ups and banner ads
- Check online accounts/bank statements regularly
- Set spam filters to high and use an AV program
- Don’t be afraid to report suspicious activity
If you have any additional tips please add them below and don’t forget to support Data Privacy Day 2016 with the hashtag #PrivacyAware!
The Definitive Guide to DLP
- The seven trends that have made DLP hot again
- How to determine the right approach for your organization
- Making the business case to executives
The Definitive Guide to Data Classification
- Why Data Classification is Foundational
- How to Classify Your Data
- Selling Data Classification to the Business