Spring clean your online life with these privacy tips
Welcome to Threat Intel’s #WednesdayWisdom column, a weekly read to help improve your cybersecurity knowledge and keep you informed on important developments.
As more and more of our lives are lived online, privacy is becoming increasingly important.
That might seem like a contradiction in terms, but in a time when so much of our communication takes place over Wi-Fi, and precious memories like photos are stored in the cloud, privacy is more important than ever.
For companies, too, privacy, and ensuring they adequately protect the information they have about people, is becoming increasingly important. Next year, the EU will introduce the General Data Protection Regulation (GDPR), which seeks to bring data protection regulations up-to-date for our digital world and includes serious sanctions for companies that fail to adequately protects people’s data.
Of course, if you really want to prevent snooping, you could vow to only talk to people in person and use old-school non-digital cameras for taking photos, but those steps are simply not practical for most people.
So, what steps can you take to protect your privacy online, keep your communications private, and ensure only your friends, and not the entire internet, see those photos from last summer’s holiday?
Be aware of the permissions you’ve granted
Be careful what you give permission for. Pay attention to what kind of permissions apps that you’re downloading to your phone are looking for, and don’t just automatically agree to them. Some apps want to access a lot of information that you may not always want to share, such as location data etc. Always ask yourself why the app is looking for these permissions and if it really needs them.
Similar advice applies if you are signing up to online sites or services using your social media accounts. Sites requesting access to basic info like your email address is to be expected, but some online services request access to your photos and the right to post on your behalf. Always know what you’re giving permission for.
Always check website and app privacy policies too, so you know what they are doing with the information you do provide to them.
Use those privacy settings
Social media sites like Facebook, Instagram, and Twitter give you the option of locking down your profiles so that only those you choose to connect with can see them. Instagram and Twitter both give you the option of having private accounts so that only those you approve can follow you. Facebook allows you to customize your privacy settings so that if someone is not friends with you they can only see the most basic info on your profile. Settings on Facebook such as not allowing photos of you to be tagged without your permission and the ability to customize how even some of your friends see your profile can also increase your privacy.
The most important thing about privacy settings is to be aware of how you have them implemented, so that you know just how much information you are sharing about yourself online.
Having good privacy settings is also key to ensure fraudsters can’t access so much information about you that it makes it easy for them to steal your identity.
Go incognito
Using the incognito or privacy mode on your browser disables browsing history and the storage of cookies, meaning the pages you view won’t stick around in your search history. However, going incognito or private won’t hide where you’ve been from ISPs. To ensure even more privacy, you could download the Tor browser. Tor routes your web traffic through an array of encrypted layers to obscure its origin and is popular with whistleblowers and political dissidents, among others.
Use more than one email address
Having all your online accounts linked to one email address is not a great idea and can make it easy for anyone who has your email address to track you down elsewhere online — such as on your Facebook or LinkedIn profiles. It also means that if your one-and-only email account is hacked, all your online accounts could be compromised. Having one personal email address that you only share with people you actually know, and a separate one for signing up for social media accounts etc, is advisable.
Ensure your password is strong and enable 2FA
We’ve said it before but it probably cannot be said enough: ensure all your accounts are protected by passwords that are long, strong, and unique. Do not reuse passwords across multiple internet accounts. Also, where possible, enable two-factor authentication (2FA). This offers you an extra layer of protection and makes it much more difficult to gain access to your accounts. Big hitters like Facebook, Instagram, and Gmail all offer 2FA.
Trust no-one
Well, that might be a little dramatic. But be wary of opening emails and clicking links, even if they are from someone you know, unless you are certain of their content. Your friend could easily have been hacked, and their account could be under the control of an attacker intent on distributing malware.
Never open emails, click links or download attachments sent to you by someone you don’t know.
Say no to cookies
Not the chocolate chip variety, but rather the online variety that track your online activity. Block third-party cookies on your web browser to make it harder for websites and advertisers to track your online activity.
While following these tips may help, it is hard to ever truly guarantee privacy online, so it is always good to keep in mind that whatever you post online could potentially be seen by other people.
Check out the Security Response blog and follow Threat Intel on Twitter to keep up-to-date with the latest happenings in the world of threat intelligence and cybersecurity.
