Ways to Protect Your Data and Keep it Secure

With more and more of us connecting to the web from our phones, our computers, and even our watches, keeping our data safe when using the internet has never been more important. By making some simple changes to your accounts and devices, you can stay safer online and minimise the risk of fraudsters gaining access to your data, protect your privacy from websites you don’t want to share it with, and minimise the fallout of third-party data breaches when they happen.

Ways to protect your data online

Protecting your data is a combination of keeping your accounts secure from unauthorised access, minimising your public presence, and keeping things unique.

What sort of data are you talking about?

Everything! Data is a vague definition, but it can include:

  • Personally identifiable information like your name, address or phone number.
  • Financial information like your debit card number, bank account, or other payment method data.
  • Account information, like email addresses or passwords.

Why is it important to keep your information private?

Your data, including your personally identifiable information, is linked with your financial identity. This data can be used to access your accounts or imitate you (identity theft). 

Your personal data can also be used in phishing or smishing attempts to make a scam email or text look more trustworthy, so keeping it private benefits you both directly (from immediate threats) and indirectly (from it being used in phishing attempts).

What to do if you’ve received a warning text from us

Have you received a text from us letting you know one of your devices has been compromised? If so, you’ve recently logged in to My Account on a device that’s infected with malware. Please go to the National Cyber Security Centre (NCSC) help page now and follow the advice to protect your personal data.

Once you’ve completed the factory reset on your device, we strongly recommend you change your My Account password and any other important passwords (online banking, email, social media, etc). You should also remove any apps you no longer use.

Tips for creating strong, unique passwords

When it comes to strong passwords, longer is generally better. But just because a password is long, it doesn’t mean it’s effective. A password like ‘12345678’ can be brute-forced extremely quickly, whereas an alphanumeric password would take years for a computer to crack. Create a password with both these elements to make it the most secure: 

  • Should be between 8 and 15 characters
  • Should include at least one numberic, one uppercase character and one lowercase character
  • Shouldn't contain 4 or more consectuive characters (e.g 12434, abcd)
  • Shouldn't contain 4 or more consecutive keyboard characters (e.g qwerty, QWER)
  • Shouldn't be your username

 

Tips for creating strong, unique passwords

When it comes to strong passwords, longer is generally better. But just because a password is long, it doesn’t mean it’s effective. A password like ‘12345678’ can be brute-forced extremely quickly, whereas an alphanumeric password would take years for a computer to crack. Create a password with both these elements to make it the most secure: 

  • Should be between 8 and 15 characters
  • Should include at least one numberic, one uppercase character and one lowercase character
  • Shouldn't contain 4 or more consectuive characters (e.g 12434, abcd)
  • Shouldn't contain 4 or more consecutive keyboard characters (e.g qwerty, QWER)
  • Shouldn't be your username

 

Keep your passwords safe

Once you've created a strong password, it's just as important to keep it safe. Here are some tips from our Cyber security team:

  • Keeping track of all your passwords can be done easily with a secure password manager tool, like Lastpass.
  • Try and use a different password for every website.
  • Never share your passwords and try not to write them down

 

Use multi-factor authentication

Many websites let you add multi-factor authentication (MFA) to your account. This can be as simple as receiving a text message with a code to log in, or using a dedicated authentication app that generates a temporary login code. 

It’s considered safer to use an authentication app like 
Authy or Google Authenticator rather than receiving an SMS code, as a SIM swap attack can negate any of the additional security measures MFA provides if your number is compromised.

Here’s some advice from Tesco Mobile’s cyber security team: “Login codes generated from SMS or apps should be treated in the same way as password best practice - not to be shared with anyone. If you receive one pertaining to be from us that you weren’t expecting, be vigilant and contact us to verify the activity.”

Keep your phone updated

Software makers regularly issue updates that patch vulnerabilities or bugs as they’re found. Out of date software is less secure than newer versions, so by installing software updates as they get released you can keep your phone more secure.

Limit how much of your data is publicly available

Social media is fun, but do you know how much data you’re willingly sharing with the world? To avoid people taking information from your profile, you should keep your privacy settings strict and only permit friends and family to view your posts or any other personally identifiable information, like your birthday.

Beyond social media, if you sign up for an account or service you no longer use and don’t plan on using again, under GDPR you can exercise your ‘right to be forgotten.’ This means pieces of your data, like your name or the password you used to sign up, can no longer be stored by the third-party. It’s sensible to delete your data from places you don’t need it stored anymore, just in case that third-party experiences a breach.

Back up your data

Protecting your data can also mean protecting it from yourself! Get in the habit of regularly backing up your phone so that you don’t lose any data, photos, or important information if the phone fails, but also if you’re the victim of ransomware. Many phones come with cloud backup, such as Samsung CloudiCloud, but a physical backup to a hard drive can provide an extra layer of protection.

Ransomware is less common in individuals and more common in businesses, but it’s still smart to keep regular backups just in case.