Data Privacy Day began in the USA in 2008 as an extension of Data Protection Day in Europe.
Since then, The National Cyber Security Alliance (NCSA) has led this international effort, which is held annually on January 28 to help create awareness about the importance of safeguarding data, respecting privacy, and enabling trust.
In our efforts to help promote this important annual event, I have asked a range of folks to share some advice on what they do to keep their data private.
Christopher Burgess – @burgessct
Social networks are designed to have you share information in exchange for free and unencumbered use of their services. My advice to individuals is:
- Read the privacy statements and understand how your information is used and shared. Search for the words “share” and “use.”
- Please do not overshare when using these free services. When you post, tell us where you’ve been, not where you are. Resist the temptation to tag your children or grandchildren’s photos.
- It’s A-ok to make up wholesale lies on those password reset questions like, “What’s your first car?” The mindset of trust no one (or any social media platform) with your information will serve you well on this Data Privacy Day 2018.
Bob Covello – @BobCovello
The single piece of advice that I would give to any privacy-conscious person is one that makes many people raise their eyebrows: Don’t use free e-mail services.
As convenient and wonderful as these services are, they come at the cost of privacy. Use free e-mail to enroll in subscription-based services, but not for private business. My free e-mail is awash with all the daily newsletters and is a magnet for spam. This is not true of my private, paid service.
For a small fee, your privacy is better protected using either a paid e-mail service that openly states its privacy terms or, if you are among those who really care about privacy in a world of surveillance, an encrypted mail service such as ProtonMail. Your privacy is so worth the cost!
Kim Crawley – @kim_crawley
We are now almost completely computer technology-dependent in 2018. People regularly share information about their everyday lives on social media, and lots of enterprises have information about us on their internet servers.
Even as ordinary people, we must think about all the information we put into personal computers, mobile, and IoT devices the same way that intelligence agencies think about their information. Is this sensitive or safe for public consumption? If the information we put into a computer is safe for public knowledge, then it’s fine to put it on the internet. Any information you wouldn’t want the whole world to know should only be put into computers in a way that’s isolated from the internet.
People think they can put sensitive information in the parts of the internet that seem to be private, such as “private” messages over Facebook or Twitter. That assumption will inevitably harm the users who believe it. Everything on the internet is public.
Tim Erlin – @terlin
Nearly the entire economy is geared to convince you that your data really doesn’t need to be private and that you should freely share it. From social media to loyalty programs to smart home devices, all of these trends are built on the back of your data. Remember that it’s yours, it’s valuable, and you have a right to protect it and keep it private. That leads you to making explicit choices to share rather than sharing by default. And maybe, that awareness changes a few of those choices.
Anthony Israel-Davis – @anthony_id
For protecting data, it’s not unique and probably the most obvious, but two-step authentication (also called multi-factor or dual-factor) is the number one way to protect digital data. A strong (longer is stronger!) password is a good start, but adding that additional step is key. What are the two steps? Something you know – a password – and something you have – a cell phone code, push notification, fingerprint, facial-recognition. Even if your password is stolen, that extra step is both an alert and lock.
Encryption is a close second, but encryption at rest (e.g. hard drives) is only useful to prevent physical media from being accessed. If someone authenticates, that encryption won’t help. Encryption in motion is more effective – ensure all sensitive communication is encrypted with technologies like TLS, and for goodness sake, if you’re going to use public Wi-Fi, do it over a responsible VPN.
Last tip, maybe a bit more unique and a good reminder – when sending sensitive email, especially attachments, remember to double check your recipient list. With auto-complete, it’s very easy for that data to go to the wrong person if we’re not paying attention. And locking those attachments with a password is a good secondary control. Just make sure that password isn’t sent in the original email. Consider how to securely share that with the intended parties.
David Jamieson – @dhjamieson
Google Drive is a great place to store and share files. It’s also an easy way to “over-share.” Google makes a couple of sharing options readily available … by “link” and by “invitation.” If you use “by link,” then anyone with the link can view (and maybe edit) your document. Aunt Millie could forward it to her entire email distribution list. By invitation (email) allows you to restrict it to those who authenticate through their email account. Much safer. Use the email invitation option as much as possible to help keep your data safe.
Ben Layer – @benlayer
Mark the new year by resolving to update your personal data privacy. Data Privacy Day being in January is an excellent reminder to spend a part of the new year tidying up every area in which our personal data could be at risk. Along with double checking the privacy options of each site you use, changing passwords, and enabling multi-factor authentication where available, I particularly like the idea of reducing your online data footprint. Each year, archive or delete older social media and email content, especially in cases where you may have over-shared.
Paul Norris – @pjnorris
As everyday interaction with the world around us is becoming more reliant on computer systems, it’s even more vital that you should care and take action around your data privacy.
These days, personal identifiable identification (PII) data can be stored at a lot of places ranging from local drives on laptops to portable media and cloud providers that store data online. It’s imperative that you maintain individual strong passwords for all your online accounts so that other accounts do not suffer if one account is compromised. And as you will have so many passwords to manage, consider using a password management piece of software and enable two-factor authentication to add a layer of security to your solution.
Stuart Peck – @cybersecstu
Protecting your privacy and your very sensitive info should always be top of your priority. There is always one piece of advice I give for protecting online privacy in particular, and this is to compartmentalise your digital footprint to make it difficult for an organisation or attacker to gather information on you. Examples include using unique email addresses (avatars and passwords) for signing up to online services, ideally using services like Riseup and Protonmail to further enhance this. Ensure that information shared with third parties is limited (not using your full name, DOB, photos) especially on social media, and use extensions that further reduce tracking such as Ghostery/Disconnect.me and HTTPS everywhere.
Bev Robb – @teksquisite
When I travel, I always use a VPN on all my devices. I carry a travel router with me when I need to use motel WiFi. I also keep all my devices updated and only use one web browser (with a password manager) and disable all other extensions.
Carrie Roberts – @OrOneEqualsOne
Enable two-factor protection on key accounts such as banking, retirement, and ALWAYS email. Remember that password reset requests are sent to your email account, so access to your email equals access to any other account.
Tyler Reguly – @treguly
Accept that your data is not private. Once you do that, you will find yourself less stressed when your data is inevitably breached. I have three rules that I try to live by:
- If they don’t utilize Amazon/PayPal for payments, place your order elsewhere.
- If you wouldn’t get it developed at the store, don’t take the picture.
- Don’t take risks with your primary PC. Restrict social media browsing to cell phones, tablets, and secondary PCs. While these steps won’t necessarily keep you safe, they may keep you safer, and that should be everyone’s first step.
Adrian Sanabria – @sawaba
We often take data on our personal devices and in the cloud for granted. Always think about the worst-case scenario for your data. If you have an unencrypted flash drive, consider what someone would have access to if you lost it. I’ve found that some people tend to overshare and others overprotect. If you have a Google account, regularly review what you’ve given account access to and who you’ve shared documents with. Who has access? If you are an Apple user, consider what would happen if you lost access to your devices and AppleID. What data would you lose?
Nick Santoria – @Curricula
With most of the concern residing on the cyber side, we still need to be aware of publicly disclosing sensitive information. Things like customer details, financial, health, and other sensitive information should not be discussed in public spaces. You never know who is listening and what they could use that information for.
Glenda Snodgrass – @Glenda_TNE
Use multi-factor authentication whenever it’s available. Not only does it make it harder for someone else to log in as you (even if they know your password); it also sends you an alert that someone has tried, so you can take action.
A big part of privacy has to do with hiding online presence and behavior. If you really want to hide your identity while online, you should consider using a Tor browser. Tor is secretive and sly… which is why the bad guys like to use it also.
Most people that read this blog will perhaps utilize most of these tips already, so what is important is that you share this with your family and friends to help them stay secure. If we can all get one person to start using a password manager or VPN or to implement multi-factor authentication, we are helping make the internet a more secure place.
Also at Tripwire, we asked our Twitter followers who they are most concerned about collecting their private information. You can find the answers below.
#DataPrivacyDay is Sunday, January 28! We’d like to know: who are you most concerned about collecting your private information? Please vote, RT and comment with your other suggestions. #privacy #data
— Tripwire, Inc. (@TripwireInc) January 23, 2018