How to be your own privacy watchdog
The spotlight on Europe’s privacy regulation (GDPR) has been great for bringing data privacy into the spotlight. It’s compelling companies to amend their practices, be more transparent around what data they process and do better at protecting personal information.
The increased coverage and reporting of data breaches helps to keep us aware of just how easily our data could be compromised, even via trusted service providers, that one would expect to have watertight security.
But, let’s not be lulled into a false sense of complacency based on the belief that we can rely on legislation to keep our personal data safe, without effort from ourselves. It’s like believing that law enforcement will keep all your belongings safe, so you don’t have to secure them. If you live in a high crime area, you can’t only rely on the police to keep you safe – you lock your doors, switch on your alarms and remain vigilant. This should be no different in the cyber world.
Data privacy regulations give you increased control over your own data – how it’s used, where it’s stored and who gets to share it. Legislation, such as GDPR, provides a means to reactively lay a complaint against an organization you believe has not done enough to keep your data private and secure. But, don’t just wait for something bad to happen – you can take proactive measures to secure your own information. While this requires a bit of time and effort, it could mean the difference between being a victim of the next major data breach, or not. Below are some tips (and effort estimates) for proactively taking control over your own online data privacy.
Tips on being your own privacy watchdog
1. Check if your details have been compromised
It’s scary to think that your details could have either been accessed by a criminal or published somewhere on the public or dark web. Unfortunately, based on the number of records compromised in recent years, the chances are high that this has already happened.
- Use a free service such as Have I Been Pwned? to check if your email address has been in a data breach. Input your email address and don’t forget to check the old Hotmail, Yahoo or Gmail accounts that you seldom access.
- If your email address has been compromised, the site will show you a list of the reported data breaches in which your address was found. You should immediately look into it and do a password update on those sites and any others where that same password was used.
- Have I Been Pwned? is not an exhaustive list – it only includes breaches that have been reported and made available for inclusion in the database.
- Also, a good idea is to subscribe to receive notifications of major breaches that include your address, so that you can change the relevant password on those sites as soon as possible.
Time to check: Less than 10 seconds per address
Time to fix: Depends on how many email addresses you have to check and the number and severity of breaches that contained that address
2. Check your privacy settings on social media
When social media first became such a global phenomenon, we didn’t know as much as we know now about the value of personal data to the criminal enterprise. So, we shared … everything. Nowadays, it’s preferable to tighten access to your personal information as much as you can.
- Why? Because personal information feeds criminal ability to tailor-make a scam that has enough information about you to seem valid.
- Also, sharing your whereabouts and when you are on vacation (and your house is unguarded) can also prompt criminals to consider targeting you.
- Change the privacy settings on social media to ensure that your personal information is only available to your friends, fans or followers.
Time to check: Allow 10 minutes per site to review and select the right privacy settings
Time to fix: Varies from site to site, but the major ones – Facebook, Instagram, Twitter, Google+ – all provide prominent and easy-to-follow instructions on how to change privacy settings
3. Use a password application to manage all your online/app passwords.
A spreadsheet on your computer is a dreadful way to store passwords. If your machine is compromised, whether by a hacker or a malicious program, you can be sure that the spreadsheet will be found and used to access your online accounts.
- There are a number of free and paid for password management applications – find one that suits your requirements and wallet.
- I checked my password manager application’s ‘password audit,’ and was suitably mortified at how few of my passwords are strong or medium and how many are weak.
- It also tells you where you have repeated a password – and let’s be honest – we have all done it and probably forgotten half of them. If one of those sites is compromised, then all sites with repeated passwords are vulnerable. Instead of using the same password, rather have a standard password ‘approach’ which allows you to remember the basic password and how you varied it for each site.
- Here’s a useful video on how to choose and manage good passwords.
Time to check: Set aside an hour to evaluate the different application options
Time to implement: Varies between applications – it took me an hour to migrate from one password manager to another
4. Double protect accounts that store sensitive personal or payment information
Two-/Multi- factor authentication is a fancy name for a simple, but effective process. It adds another layer of security over and above your password, using a second channel/device.
- When you perform certain functions on a site (this can be login, details update or purchase), you are required to input a one time pin that is sent to you by email or text.
- For an account that is protected by two factor authentication to be compromised, the criminal has to have your password and control over the device that receives the OTP.
Time to check: Less than 5 minutes per site
Time to fix: The major ones – Facebook, Instagram, Twitter, Google+ – all provide prominent and easy-to-follow instructions to switch on two-factor authentication
5. Delete old accounts on sites/apps that you no longer use
Now that some of us (ahem) have been digitally active for over 20 years, we’re overdue for an online spring clean.
- Your interests have changed: maybe you’ve moved countries, gotten married, changed careers – there are bound to be websites (and apps) that used to be relevant, but due to life changes, you no longer use. Take an hour to go to those sites and find out how to delete your account and remove your data. This makes you less vulnerable if one of those sites is hacked. It’s like fixing holes in your fence.
- Remember to also review the mobile apps you no longer use – like the local food delivery app you used when before you moved cities. Deleting the app off your phone does not mean your account has been deleted or your data removed.
Time to check: This is a tough one to estimate, it depends how active you used to be and how many previously used sites are no longer relevant to you
Time to fix: This is important enough to assign an hour a week until you are done
As great as the increased attention to data privacy is, one shouldn’t rely on policies and laws to protect valuable property. And that’s what your personal information is – something that has value and is worth stealing.
A little bit of awareness and effort will make it much harder to steal yours.
Did you enjoy the read? Then be sure to subscribe to our blog to receive more great posts from our expert bloggers.