Ways to Protect Your Data and Keep it Secure
With more and more of us connecting to the web from our phones, our computers, and even our watches, keeping our data safe when using the internet has never been more important. By making some simple changes to your accounts and devices, you can stay safer online and minimise the risk of fraudsters gaining access to your data, protect your privacy from websites you don’t want to share it with, and minimise the fallout of third-party data breaches when they happen.
What sort of data are you talking about?
Everything! Data is a vague definition, but it can include:
• Personally identifiable information like your name, address or phone number.
• Financial information like your debit card number, bank account, or other payment method data.
• Account information, like email addresses or passwords.
Why is it important to keep your information private?
Your data, including your personally identifiable information, is linked with your financial identity. This data can be used to access your accounts or imitate you (identity theft). Your personal data can also be used in phishing or smishing attempts to make a scam email or text look more trustworthy, so keeping it private benefits you both directly (from immediate threats) and indirectly (from it being used in phishing attempts).
Data security vs. data privacy
These two concepts are often used interchangeably, but they are nuanced.
• Data security is about protecting your data from criminals or deliberate attempts to steal your information.
• Data privacy is about managing what data you willingly share with websites or service providers.
Quite often we think that data security is the most important part of keeping yourself secure online. As internet users, we’re a lot better at scrutinising attempts to gather our data from unknown places than we are when a legitimate website wants to process it. Using strong passwords and spotting phishing attempts is a great start, but there are steps we can take to protect our data when large websites experience a breach and our personally identifiable data is taken without our consent.
Ways to protect your data online
Protecting your data is a combination of keeping your accounts secure from unauthorised access, minimising your public presence, and keeping things unique.
Strong, unique passwords
When it comes to strong passwords, longer is generally better. But just because a password is long, it doesn’t mean it’s effective. A password like ‘12345678’ can be brute-forced extremely quickly, whereas an alphanumeric password would take years for a computer to crack.
Create a password with both these elements to make it the most secure:
• Non-sequential letters or numbers (alphanumeric)
• Includes a symbol
Many password managers have this a generate password feature built in.
Beyond a strong password, it’s good practice to make each password you use unique to each account. Keeping track of all your passwords can be done easily with a password manager tool, like Lastpass or your internet browser.
Use multi-factor authentication
Many websites let you add multi-factor authentication (MFA) to your account. This can be as simple as receiving a text message with a code to log in, or using a dedicated authentication app that generates a temporary login code.
It’s considered safer to use an authentication app like Authy or Google Authenticator rather than receiving an SMS code, as a SIM swap attack can negate any of the additional security measures MFA provides if your number is compromised.
Here’s some advice from Tesco Mobile’s cyber security team:
“Login codes generated from SMS or apps should be treated in the same way as password best practice – not to be shared with anyone. If you receive one pertaining to be from us that you weren’t expecting, be vigilant and contact us to verify the activity.”
Limit how much of your data is publicly available
Social media is fun, but do you know how much data you’re willingly sharing with the world? To avoid people taking information from your profile, you should keep your privacy settings strict and only permit friends and family to view your posts or any other personally identifiable information, like your birthday.
Beyond social media, if you sign up for an account or service you no longer use and don’t plan on using again, under GDPR you can exercise your ‘right to be forgotten.’ This means pieces of your data, like your name or the password you used to sign up, can no longer be stored by the third-party. It’s sensible to delete your data from places you don’t need it stored anymore, just in case that third-party experiences a breach.
Keep your phone updated
Software makers regularly issue updates that patch vulnerabilities or bugs as they’re found. Out of date software is less secure than newer versions, so by installing software updates as they get released you can keep your phone more secure.
Back up your data
Protecting your data can also mean protecting it from yourself! Get in the habit of regularly backing up your phone so that you don’t lose any data, photos, or important information if the phone fails, but also if you’re the victim of ransomware. Many phones come with cloud backup, such as Samsung Cloud or iCloud, but a physical backup to a hard drive can provide an extra layer of protection.
Ransomware is less common in individuals and more common in businesses, but it’s still smart to keep regular backups just in case.