Why are we paying attention to our online privacy now? In March 2018, it was discovered that Cambridge Analytica had been harvesting Facebook user information, and using it to build voter profiles which they then sold off to groups who wanted to influence the 2016 Presidential Election.
The issues we are facing today aren’t new. The Internet puts your personal information at risk: on your computer and mobile devices, in email and social media. It just becomes harder to protect your privacy and personal information, as the Internet and social media become more complex.
Link: Mark Zuckerberg Testifies Before Senate
Another reason we are paying more attention to privacy is that the European data privacy regulation (GDPR) goes into effect in May 2018. In Europe, consumers must explicitly opt in to get email and agree in advance to share their personal information. In the US, the common practice was “let the buyer beware”: US consumers often had to opt out to avoid having their personal information collected and shared. In the US, consumers have liability limited to $50 if a credit card is stolen, so they have a more lax attitude toward protecting financial information. In the EU, consumers are responsible for protecting their information and take privacy much more seriously. The US is starting to realize that personally identifiable information (PII) can include many items which when linked together can expose our habits and preferences, our personal health history and much more.
Consumers need to be aware of what they are sharing, and with whom. Companies like Facebook need to make it easier to make informed decisions. Security and privacy need to be the default, but don’t be naive, if companies like Facebook and Google are forced by regulators to change how they gather and use personal and marketing information, it may come at a cost to consumers.
Consumers are eager to take something for free, and without reading the terms and conditions when they sign up, they either don’t realize or don’t care that companies like Google and Facebook base their business model on selling your information. Now they are starting to revisit their online choices to better secure their PII as well as to secure their children.
Attacks on privacy, bullying and cyberstalking can occur due to our social media presence. Even children are affected, as they use social media, messaging and picture sharing apps. We all need to understand that our identity and safety are at risk, if we don’t understand the threats and implement better security controls.
In addition to our concerns over our privacy, or lack thereof, malware is still rampant, with 39% of malware being ransomware. The malware that infects our computers often comes from phishing emails and malicious links on websites. There are many other threats to our security and privacy in the world today, and it is the consumer’s responsibility to stay informed and take the basic steps to protect themselves and their loved ones. The government won’t do it for you.
Link: QC Cybersecurity Alliance Online Privacy & Security Resources
On behalf of the Quad Cities Cybersecurity Alliance, let me share some advice and best practices on security and privacy settings and tools, for your home computer, mobile devices and social media accounts.
Top 10 Steps to Protect Your Privacy and Secure Your Devices
1. Back up your data: If you have a safe external backup, it will help you recover from a virus or ransomware better. Even keeping your files in secure online storage like Dropbox can help you recover. Just makes sure to choose strong login options so someone else can’t steal or guess your password. Home backup solutions reviewed
2. Use different passwords: Don’t use the same password for all your devices. It is easier to hack your online accounts if your email or social media passwords are all the same. Use software like KeePass, LastPass or 1Pass. They often have free applications for your home computer and mobile device. With a password manager, you can also use more secure passwords, because you don’t need to rely on your memory.
It goes without saying, don’t write down or share passwords.
When it is offered, use multi-factor authentication. This is often in the form of a SMS message with a code or an app that gives you a short-lived code to type in, in addition to the password you have memorized. Even if your password is stolen, someone will need to steal and unlock your phone or computer to log onto an account protected this way.
3. Run modern anti-malware/anti-spyware software: You are more limited on mobile devices, but software to protect you against malicious apps or those that abuse your private information are becoming more common. Lookout is a good mobile app that I have used. On your computer, look for software that will protect against known malware, but also spyware and new attacks which may not be known but behave maliciously, whether they are file-based (attachments and downloads) or whether they are scripts that execute in memory. A more advanced anti-malware solution is worth the investment! Gartner 2018 Magic Quadrant for Endpoint Protection Platforms note: this is an enterprise view of endpoint security. You will need to Google for the best home solutions.
Fighting the threat of malware on mobile devices
4. Lock your computer: When you leave your computer, be sure to use a screen lock to keep others from using it. You should be very cautious about ever leaving your computer or mobile device unattended in public, since even without the screen unlocked, someone might execute code on your device using a USB stick or other means.
5. Encrypt your hard drive: Most devices have an option to enable full disk encryption. If someone steals your device, and they don’t know your password, they could use forensic methods to extract data from your hard drive, if it is not encrypted.
6. Secure your social media accounts: Social media, like Facebook and Instagram, often offer options for security and privacy. Facebook offers multi-factor authentication in the form of a SMS message or Yubi Key. The Facebook Security page will also provide advice on how to lock down your privacy settings. Many other accounts are offering more granular privacy settings and more security authentication. Steps to Secure Your Facebook Account
Facebook: Security & Privacy Page
7. Use secure messaging apps: If you want to truly have secure conversations, you need a messaging app like Wickr or Signal, where you hold the encryption keys and no one (not the provider or the government) can decode your messages. An added feature of Wickr is that it securely deletes messages (including text, voice and images) after a predetermined time.
8. Don’t keep information longer than needed: By this, I mean if you have printed or digital information, it becomes a liability if you keep it too long. Decide on a retention policy, and legally keep documents as long as they should be kept, but consider shredding or burning or securely deleting old sensitive documents that have outlived their usefulness and might be seen as a liability.
9. Be cautious about public Wi-Fi and use a VPN: I am not going to tell you that public wi-fi is bad, but it can be an easy method for a hacker to eavesdrop or attack your device. Both wi-fi and cellular can be hacked. When you are in public, I recommend a virtual private network (VPN). This is usually an app and subscription you will use to establish an encrypted and secure tunnel to a provider. A VPN can protect you against attacks on public wi-fi, as well as giving you anonymity while going about your business on the Internet. I have personally been very pleased using Private Internet Access (PIA). Here is a comparison of common VPN providers, and another.
10. Consider if you really need that app: It can be fun to find a cool new app and download it, but there are thousands of malicious apps that get into app stores every year, either because of malware or because of how they abuse your privacy. Does that app really need access to your camera, microphone, contacts and GPS data?
For more resources or to join us for events and training, check out Quad Cities Cybersecurity Alliance.