Melissa Unsell-Smith is co-founder and president of Rectify, a data protection and privacy startup currently participating in the Build Sec Foundry cybersecurity incubator program. For Data Privacy Day she writes today’s guest post offering the top five tips for being #privacyaware.
Data Privacy Day is an internationally observed holiday created as an annual initiative focused on raising awareness around the importance of data privacy. With enhanced dialogue around privacy, it is vitally important to become familiar with popular privacy methods and security tips. The tips offered below are not all-inclusive, and some of them are intended to expand awareness of our ever-connected world and the possible ramifications and liabilities.
Privacy Tip #1: Update software across all devices frequently
The 2017 Equifax breach was caused because Equifax failed to install a simple patch for its Apache web server. The same holds true for your information – update your computer, mobile device (including apps) and IoT devices to help ensure protection and security. These updates often contain important patches that are vital for information security and privacy.
With adults spending so much time reading, watching, listening and interacting with online media, protecting your online life starts with keeping your systems and software current. When you receive an update notification from your device manufacturer or operating system vendor, verify the source and apply the update to keep your devices secure.
Privacy Tip #2: Be mindful of authentication (and have really good passwords)
There are three ways to authenticate yourself – something you know (for example, passwords), something you are (for example, biometrics) and something you have (for example, a token).
Be sure to have very strong passwords and don’t use the same one across multiple platforms. Have a cadence for changing them often – perhaps once a month or once a quarter. This can seem daunting and many individuals dislike having to manage multiple passwords. The good news is that you can create strong passwords by using phrases and replacing some of the letters with symbols and numbers. Try using one of your favorite lyrics or a quote that’s easy for you to remember. For example, the phrase “my favorite day is data privacy day” could be converted to a very strong password – MyFav0r!tEDaY!sD8aPr!vaCyDay.
Privacy Tip #3: Understand and mindfully limit the number of internet-connected devices you use
Computers are extensible – meaning they extend to almost anything in our material world. Devices of all types are becoming computers and awareness of this is key. Extensible systems are hard to secure so you need to manage how many of them you use and how often you use them.
For example, the Amazon Echo or Google Voice devices have active listening enabled so that they can respond when you state a command. It has been reported that these devices record and store everything. When you know you aren’t going to use the device, unplug it to limit the data it retrieves. Another example is your refrigerator – newer models are enabled by computers tracking how often you open the door and what types of food and beverages you purchase. Understand that these computer-enabled devices have ramifications on your privacy. It’s up to you to decide what information about yourself you are willing to give up.
To learn more about this concept, consider reading Bruce Schneier‘s book. He is one of the world’s foremost security experts and has written extensively on data collection and security.
Privacy Tip #4: Be privy to “surveillance capitalism”
The business model of the internet is to track and analyze the ‘digital exhaust’ we all leave behind as we go through our lives. In the past, our data was discarded because the value of it was marginal. Today, however, data storage is so cheap that our society can afford to store anything and everything.
Businesses are storing our information (with no plan for deletion in sight). Consider this as you interact with online platforms and devices – social media, home automation devices, and other platforms. Be mindful of the potential harm associated with social media games or challenges.
Take, for example, the ten-year challenge that has spread across social media in which individuals post a current photo alongside a photo from 10 years ago. This potentially could enable further training for facial recognition technology that can later be used maliciously, and for reasons we may not fully understand today.
Privacy Tip #5: Protect your sensitive data
Last and most importantly, invest the time to secure your sensitive data. For example, keep Social Security Numbers, credit card information, student records, and health information off of workstations, laptops, or mobile devices. Securely remove sensitive data files from any system when they are no longer needed. Always use redaction software when transmitting sensitive data. Redaction enables the removal of personally identifiable information (PII) when content needs to be shared with third parties.
Take these privacy tips into consideration and invest time contemplating what privacy rights you are comfortable forfeiting in return for technological conveniences.