Data Protection: Securing Your Personal Information in the Digital Age
Though it may seem impossible to store all data offline today, you can take active steps to prevent sensitive information from falling into the wrong hands.
In today's information age where most people are “on the grid”, services are largely automated, records are heavily digitised, and technology is dominantly used to connect and communicate with other individuals around the world.
Our digital footprints are commensurate with our online activity that if not safeguarded can be invaluable sources of private information to malicious actors.
The objective of this post is to share some tips that anyone can apply to secure their confidential information.
Install an anti-virus program
The anti-virus is perhaps the most basic yet equally overlooked protection layer for your personal devices. While having one may not necessarily protect you from new and undocumented malware attacks, anti-virus programs can still mitigate a significant number of them because they use vast databases of known malware signatures. It’s better to have one installed and frequently updated than be sorry later.
Keep your applications up-to-date
Developers work hard to secure their applications, and that includes releasing patches and updates that address potential or proven security vulnerabilities. Always ensure that you stay current on any software updates to mitigate the potential risk of personal information leakage due to exploitation of vulnerabilities in installed applications. It may also prove useful to cultivate a habit of reading information about updates so that you are fully aware of the changes effected and the issues addressed.
Take advantage of encryption
You can maintain information confidentiality by making it harder for unauthorised parties to view your information. Through encryption, you can obscure/hide sensitive information from prying eyes. There are many tools online that can help you achieve this, for example, Pretty Good Privacy (PGP) can be used to encrypt your email communication and ensure that any unintended recipients have a difficult time trying to read the message. For more in-depth information, you can check out this post explaining encryption.
Practice safe browsing
The internet can be a dangerous place if not carefully navigated. Web browsing brings with it a fair share of challenges associated with data privacy and information security, and it’s probably best to operate on the least trust principle. The internet is flooded with malicious individuals who are always coming up with new and innovative methods to steal personal information. Make a point to follow the basic principles of safe browsing, for example, do not enter sensitive information such as credit card or login information in an unsecured website (i.e. link does not begin with "https"), avoid clicking suspicious links, and avoid downloading pirated software, among others.
Beware of social engineering
Social engineering may not get as much attention as other more sophisticated attacks, but it can be quite devastating in its own right. It involves tricking the human mind into divulging confidential information that may be used fraudulently. Phishing (fraudulent email) and vishing (telephone equivalent of phishing) are popular vectors used by attackers. Watch out for suspicious emails from people posing as reputable entities that seek to steal your personal information such as login credentials and financial information. Avoid clicking any links or downloading any attachments in such emails, and when possible do not open them altogether. If it sounds too good to be true, it probably is.
Prefer passphrases to passwords
You’ve probably been asked at least once to secure your account with a hard-to-remember password that is at least 8-10 characters long and contains a combination of uppercase, lowercase, numeric and special characters. While this kind of password has been peddled as “secure” over the years, the fact is that computers can easily guess such passwords. Consider using a passphrase instead, which is a combination of random words that provide a balance of memorability and security. According to Use a Passphrase, a passphrase strength testing tool, the password “S4nfr4n” would take a computer only 639 milliseconds to crack, while the passphrase “mergers decade labeled manager” would take about 6,000,126 centuries.
Use unique passphrases
Whether you’re using a password or passphrase, one thing that many information security professionals may agree on is that you should not re-use them across different websites and applications. Make a point to set a different and unique passphrase or password to secure the different platforms where they are used. This mitigates the risk of other accounts being compromised by an attacker following the revelation of one account's password. If you’re worried about having to remember all of them, password managers like LastPass and KeePass may be worth looking into.
Enable two-factor authentication
Many modern platforms now offer two-factor authentication (2FA) as a security layer in addition to your primary password. Where available, always make a point to enable the feature and set up your preferred secondary authentication method. This could be in the form of a code delivered to your registered mobile number or email, a timed code from an authenticator app, or a hardware device such as a YubiKey. This multi-layer security makes it more difficult for an unauthorised user to access your accounts even if they manage to get a hold of your password. Additionally, because most services notify users of potentially unauthorised access, having 2FA enabled can buy you precious minutes to secure your account before any damage is done.
Secure your personal devices
When it comes to your personal devices, technical security is just as critical as physical security. Use a hard-to-guess PIN or password to secure your devices from unauthorised access. Additionally, turn off your connectivity services such as Bluetooth and Wi-Fi when they are not in use and do not leave your mobile devices unattended in public.
Avoid using public Wi-Fi
More often than not, we rush to connect to public Wi-Fi access points without giving it a second thought. It is commonplace for coffee shops, shopping malls, hotel lobbies, and even public transportation to offer free Wi-Fi now. However, it is worth noting this as a potential point of intrusion to your devices, with your personal information being the prize. We tend to have a false need to stay connected, which can easily make us targets for attackers. The evil twin and man-in-the-middle (MITM) attacks are both popular with respect to public and unsecured wireless networks.
The evil twin attack takes advantage of the fact that your device “remembers” the Wi-Fi networks you connect to, making it difficult to distinguish between a trusted network and a malicious network with the same SSID (and even password), hence the name. In the MITM attack, on the other hand, an attacker intercepts communication between you and the internet, usually to “eavesdrop” and steal your personal information. When you are away from a trusted wireless network, consider using mobile data or your own hotspot or access point.
Dispose of devices and documents properly
When it comes to recovering personal information due to improper disposal, you should worry about dumpster diving and data recovery. Dumpster diving is a method used to gathering information about a target by literally going through their trash, and you would be surprised how much personal information you can gather from discarded documents. Additionally, devices disposed of hold so much data, even when deleted, and can potentially reveal so much personal information. While how far an attacker is willing to go will depend on how “high-level” of a target you are, you can still be targeted. To keep your information from being used fraudulently, be sure to shred physical documents before trashing them, and always wipe (sanitise) the internal storage of devices you own before discarding them.
Limit information shared online
You’ve probably already heard of this one, so I won’t say much about it. The more personal information you share online, the easier it is for an attacker to piece together details about you during reconnaissance, which is typically the first step to getting hacked. Open-Source Intelligence (OSINT) tools make this easier and allow attackers to scrape the internet for information about you that is available from public sources. So, be sure you can live with what you share because the internet never forgets.
If you have any other information security tips, please feel free to share them below.