Do we really have nothing to hide?
This year, notable controversies such as the Facebook-Cambridge Analytica scandal and a number of major data breaches made many people realise that our online personal data is less… personal than we thought.
For some of us, being concerned about data security is part of our job. Preventing individuals with fraudulent intentions from gaining control of our company’s data is a personal and professional mission for many IT professionals, so it becomes the norm to treat every connection, download, or sign-up as if we were entering a hostile environment. Keeping business and customer information protected and confidential is at the heart of protecting the future and the reputation of the company for who you work.
On the other hand, more casual internet users often fall into the trap of thinking that they have nothing to hide, so there isn’t that much to worry about. But that's just wishful thinking.
According to the “nothing to hide” argument, it doesn’t matter if a government or a third-party wants to track and collect a person’s data, such as location, photos, and text messages, because they will not find anything compromising.
After all, who cares if anyone reads the messages sent to our college friends living overseas, or intercepts the pumpkin pie recipes we emailed our auntie in preparation for Thanksgiving?
Well, the issue is lot more complicated than that. Privacy is a key part of all our lives, and while offline boundaries are often enforced and well defined, we spend an increasing portion of our life online where these become a lot more blurred. And just because we live our lives morally without breaking the law, it doesn’t mean we shouldn’t find privacy precious and valuable.
Apart from privacy issues, having most of our personal data available online makes us a target for spam, identity theft, and burglaries, and having our accounts compromised by hackers could put our credit card information in the wrong hands.
It is safe to say that every individual should be aware of what they share online and ensure that their personal data is protected by taking some simple precautions.
Here are a few easy steps you can take to keep control of your private data:
1 – Go for strong, unique passwords
Let’s make it clear: passwords are a pretty vulnerable security measure. If a password is the only tool you are using to protect your accounts, you are at a greater risk of being hacked compared to users who adopt additional security precautions (but more on this later).
Having said that, not all passwords are created equal, and there are definitely some rules you should follow to make yours stronger. A password longer than 10 characters including letters, numerals, and special characters is the best way to go. It’s also important to use a different password for each account, so if one of them gets compromised the others will still be safe.
It’s good practice to never use personal information in your password, like the names of your loved ones, pets, or significant dates. This is not only because it will make the password easy to guess in itself, but it will also provide the hackers with information about your password creation patterns: for example, if you included your dog’s name in one of your passwords, the hacker might try and guess your other ones by starting with the name of your cat.
The best option is a password too long and complex for you to remember, and using a password management software will help you create and store strong, unique passwords for all your accounts.
2 – Use Multi-Factor Authentication (MFA)
On this note, you should add at least one more layer of security to ensure that your password is not the only thing that stands between you and unwanted attention. Most accounts will offer the option to set-up two-factor authentication (2FA) or multi-factor authentication (MFA), so once you have entered your password you will be texted a code to your mobile phone to ensure you are the account’s legitimate owner.
While texting a code is the most common second factor adopted in MFA procedures, it isn’t the only option. Multi-factor authentication can combine multiple credentials that are unique to the user and fall into three categories:
- Something the user knows, like a password or the answer to a pre-set question
- Something the user has, like a card or the device the code is texted to in the example above
- Something the user is, like a fingerprint or facial recognition.
The benefit of adding a second layer of security is that a hacker who manages to identify a password will have to overcome a new obstacle of entirely different nature to access the account. If you want to know more about MFA and how it works, you can take a look at a more in-depth blog post we wrote on this subject.
3 - Avoid public wi-fi
The Internet has become such an important part of human life that, in 2016, the UN has accepted internet access as a basic human right. In 2017, the Indian State of Kerala has backed up the resolution by declaring that every citizen should be able to access free wi-fi, and agreeing to extend broadband connectivity to every house within its borders, in addition to public wi-fi hotspots.
Public wi-fi has indeed become extremely popular, as millions of people routinely connect to public networks from coffee shops, commuter trains, and hotels. If you are concerned about your privacy, however, browsing the web while sipping a latte at the local Starbucks might not be a great idea.
When it comes to public wi-fi, there is no way of knowing who may be monitoring your session. if you are planning on exchanging any personal information you may want to switch to your mobile data, or wait until you’re back home.
4 – Encrypt, encrypt, encrypt!
A great way to keep your data safe is encrypting it. Encryption is a process that uses a mathematical algorithm to convert data into unintelligible information, making it impossible to read. The data can only be decrypted with a key, and the encryption algorithm aims to make it as hard as possible to decrypt the information without using the key.
Two important areas where your data can be protected with encryption is when the data is travelling over the Internet (data in motion) and when it’s stored locally on your hard drive (data at rest).
Ensuring you always visit the SSL (Secure Sockets Layer) encrypted version of a website, which has https:// at the start in the URL, means that the data sent to and from that website cannot be viewed whilst in transit. To fully protect all your network traffic, a VPN can be used to create an encrypted tunnel, ensuring that all traffic is kept from prying eyes. There are many different VPN services out there to choose from.
Data stored locally on Windows is best secured via Bitlocker encrypting your hard drive. This means that even if your laptop is stolen, the data cannot be read without knowing your key.
If you want to know more about how to protect your data with encryption, here is useful article that explains how to do just that by making the most of existing encryption functionality.
5 – Delete your old accounts
If you have old accounts you never use, go ahead and delete them now. The more accounts you have open, the more you are exposed to risks, especially if they go back to a time where your password-creation approach was a bit lax.
While it may be difficult to recall all the accounts you have opened over the years, there are some tools out there to help you.
One of these solutions is a clever website called Deseat.me. By signing in with your Google credentials, you will be presented with a list of all your accounts, and you can choose to delete the unwanted ones with just a couple of clicks.
Websites such as AccountKiller and JustDelete.me can also provide useful information on how to close accounts on many mainstream and more niche platforms, and how difficult it really is to leave those services for good.
6 - Be mindful of what you install
Whenever you’re installing anything on your device, whether it’s new software or an app, make sure that the provider is a trusted, reputable company.
Look up a product on popular review platforms, such as G2 Crowd or TrustRadius, and read what other users have to say prior to downloading an app on Google Play or the App Store. And be mindful of fake reviews.
If the reviews are overwhelmingly positive, ask yourself if they sound like they are coming from someone who has legitimately used the product. Are the reviewers verified? Does the language used seem genuine? Is the review a generic one-liner, or is the user experience described in details, showing that the reviewer has genuinely used the product?
Ultimately, it’s important to know where the software comes from to be confident that it’s safe for you to use. A quick online search should also be able to tell you more about the vendor’s security profile (does the company value security? Do they provide additional security options like multi-factor authentication?), to make sure their priorities match yours.
We also try to practice what we preach by being transparent about our remote access software architecture, our security principles, and what actions we take to make our product as secure as possible.
7 – Make sure you haven’t been hacked before
Hopefully, if you haven’t been on top of your security game until now, this article will provide you with enough motivation to spend a few minutes changing your passwords and enabling 2FA on all your important accounts so nobody else will be able to gain access. But what if it’s too late?
The truth is, it’s very possible that one of your accounts might have been compromised in the past without you even noticing. Fortunately, there is one helpful website that will let you know exactly which of your accounts have been hacked in the past and when.
“Have I Been Pwned” allows the users to enter their email address that will be checked against those that have been leaked in data breaches, and if a match is found it will tell you which data specifically has been compromised.
If it turns out that you have been victim of a data breach, you really want to get that password changed as soon as possible, together with any other password that was created using the same or a similar pattern, especially if it includes personal information.
Unfortunately, there is no such thing as “bulletproof security”, but each of the basic security measures discussed in this article will contribute to make your data considerably safer.
A few minutes spent creating longer, more complex passwords and deleting obsolete accounts are a small price to pay to ensure that your online personal information will stay that way: personal, and out of a stranger’s reach.