Over the past few months, a spate of high-profile security breaches and scandals (most notably Facebook/Cambridge Analytica) have made the average person far more aware of how their data is used online. With the Europe’s General Data Protection Regulation coming into effect amid all this, many would’ve been hopeful that their data might be used more responsibly.
The regulations, which came into effect on 25 May, compel organisations to amend their practices, be more transparent around what data they process and do better at protecting personal information.
They should not, however, be seen as a silver bullet when it comes to the privacy and personal data. No amount of legislation can keep your personal data safe without you putting in a little effort yourself.
Think about it: if you live in a high-crime area, you don’t just rely on law enforcement to keep you and your possessions safe. You also lock your doors, switch on your alarm and remain vigilant. The same should be true in the online space.
Taking the right precautions might require a little time and effort but doing so could mean the difference between being a victim of the next major data breach, or not.
What can you do to proactively protect your personal data?
1. Check if you’re already compromised
Don’t just sit back and wonder if your details have already either been accessed by a criminal or published somewhere on the public or dark Web. Based on the number of records compromised in recent years, the chances are high that they have, meaning it’s better to know and act.
Use a free service such as Have I Been Pwned to check if your e-mail address has been in a data breach — and don’t forget to check the old Hotmail, Yahoo or Gmail accounts that you seldom access.
If your e-mail address has been compromised, the site will show you a list of the reported data breaches in which your address was found. You should immediately do a password update on those sites and any others where that same password was used.
Have I Been Pwned is not an exhaustive list — it only includes breaches that have been made available for inclusion in the database.
Another good idea is to subscribe to receive notifications of major breaches that include your address, so that you can change the relevant password on those sites.
2. Check your privacy settings on social media
In the early days of social media, we had no idea how valuable our personal data was to criminal elements. So, we shared … everything. Slowly, we’re waking up to how important it is to keep a tighter lock on our personal information.
Why? Because personal information feeds criminal ability to tailor-make a scam that has enough information about you to seem valid. Also, sharing your whereabouts and when you are on holiday (and your house is unguarded) can make you a target for real-world criminals.
Change the privacy settings on social media to ensure that your personal information is only available to your friends, fans or followers.
3. Use a password application to manage all your online/app passwords
No, we’re not talking about a spreadsheet on your computer. That’s a terrible idea. If your machine is compromised, whether by a hacker or a malicious application, you can be sure that the spreadsheet will be found and used to access your online accounts.
There are many free and paid for password management applications – find one that suits your requirements and wallet.
You know that site you registered on and thought you’d never access again, so you used a simple, common password? I was suitably mortified when I checked the application’s “password audit” and saw how few of my passwords are strong or medium and how many are weak.
It also tells you where you have repeated a password — and let’s be honest — we have all done it and probably forgotten half of them. If one of those sites is compromised, then all sites with repeated passwords are vulnerable. Instead of using the same password, rather have a standard password “approach”, which allows you to remember the basic password and how you varied it for each site.
Here’s a useful video on how to choose a good password:
4. Double protect accounts that store sensitive personal or payment information
Two-factor authentication is a fancy name for a simple but effective process. It adds a second layer of security over and above your password, using a second channel/device. When you perform certain functions on a site (this can be login, details update or purchase), you are required to input a one-time Pin that is sent to you by e-mail or text.
For an account that is protected by two-factor authentication to be compromised, the criminal has to have your password and control over the device that receives the one-time Pin.
5. Delete old accounts on sites/apps you no longer use
Most Internet users are probably overdue for an online spring clean. Your interests have changed: maybe you’ve moved countries, got married — there are bound to be websites (and apps) that used to be relevant, but due to life changes, you no longer use.
Take an hour to go to those sites and find out how to delete your account and remove your data. This makes you less vulnerable if one of those sites is hacked. It’s like fixing holes in your fence.
Remember also to review the mobile apps you no longer use, like the local food-delivery app you used before you moved cities. Deleting the app off your phone does not mean your account has been deleted or your data removed.
As important as the increased attention to data privacy is, we must remember that laws and regulations will never be enough to protect valuable property. That is, after all, what your personal information is — something that has value and is worth stealing. A little bit of awareness and effort will make it that much more difficult to take.
- Alison Treadaway is a director at Striata