Privacy and data protection has never been such a hot topic, for both consumers and businesses. Negotiations surrounding safe harbour are ongoing, while the EU has approved new data protection laws and the UK is pushing the Investigatory bill, or Snooper’s Charter, into law.
These reforms and new rules are set to change the data protection and privacy landscape, but as Adam Zurek, IT Security Engineer at Future Processing, told CBR, the reality is that data will never be 100% safe.
"There is no such thing as 100% secure or private system, even if it claims so. You should always employ a healthy amount of caution."
Being cautious online is the number one basic rule to follow when surfing the internet, and with hackers phishing with pop-ups and companies gathering a myriad of data, that rule has never been so important.
AVG Technologies’ Senior Security Evangelist, Tony Anscombe, told CBR: "Every time you write something down that is personal, think: Who is storing it, where is it being stored and why am I sending it to them?
"In return for online privacy, you need to think about forgoing some convenience."
However, just being cautious is not enough. CBR gives you the best tricks and tips to keeping your data, and you, safe online.
1. Go Long – Passwords
We are going back to basics with our first tip in staying secure online. However, the basics when it comes to passwords are often overlooked by many.
Cath Goulding, Head of IT Security at Nominet, told CBR: "Passwords are the most straightforward and integral way of protecting your privacy online, however they aren’t without their faults. Many don’t realise how complicated a password should be, and pick easy-to-guess phrases or words. It’s also easy to share them accidentally, especially if somebody less experienced falls for a sophisticated phishing trick."
Passwords should be long, Goulding suggests 14 characters long, and contain a mix of non-alphanumeric characters, upper case, lower case and symbols. Many experts suggest using the title of a song or phrases. Goulding told CBR of a great story where a phrase was used as a password in order to give motivation – proving that passwords do not have to be mundane and can go beyond basic security!
Although passwords should be long and complex, experts recommend also using multiple passwords for different sites and services. However, remembering a number of long passwords leads many to click the ‘forgotten password?’ option at the bottom of a login. For some sites, however, offering a password reset could endanger your online privacy, as Paco Garcia, CTO at Yoti, explained to CBR:
"No website should be able to email you your own password. For example, if you have forgotten your password and need to reset it, the website should only email you a password reset link; not your actual password. I’d think twice about using any service that emails me my own password."
Password managers are a great way to securely store all your passwords, avoiding the forgotten password problem.
2. Step up your password game – 2FA
Passwords only go so far, with hackers ever more equipped to break down user logins. Add another layer of protection with multi-factor authentification, such as SMS and push notifications, to bolster the security of your password. James Romer, Chief Security Architect at SecureAuth, told CBR:
"By adding additional layers of authentication, so that logging in requires something you have and something you know, it quickly adds another layer for the hackers to deal with, making it much harder for them to access your data."
The value of that added layer of protection was highlighted by Nominet’s Cath Goulding who drew upon her own experience, telling CBR:
"A couple of years ago I added 2FA on a Twitter account, and almost immediately got woken in the middle of the night by a text message from Twitter containing an access code. This meant that somebody had already got past the password stage – and if it hadn’t been for the added layer of security, would’ve been able to access the account."
3. All Change! Switch browser & search engine
Data is gold on the internet, and the likes of Google know this. Commercial search engines like Google make money from search data, which is why Douglas Crawford, Cyber Security expert at BestVPN.com, advises CBR readers to opt for a privacy-oriented search service such as DuckDuckGo.
Many reading this will be thinking that upping sticks to the likes of DuckDuckGo is not needed, with users regarding ‘Incognito mode’ as way to surf the net while keeping data and privacy safe. Rob Perin, one of the founders of Oscobo, strongly disagrees, telling CBR:
"We are now in a post-cookie world when it comes to online privacy and tracking. In terms of online search, many internet users are unaware that their activity is being tracked at almost every point of their journey. Search engine providers are tracking behavioural data to create an online profile which can influence individual search results.
"One of the great myths of internet privacy is the use of Incognito mode. What users do not realise is that if they are logged in to Incognito mode, Google will still track and serve them adverts and results that they think are relevant to their online profile.
"The only way to truly search ‘incognito’ is to use an anonymous search engine. There are a few options currently available such as Oscobo, which is a UK focused search engine that will not track any user data, so is able to produce the purest search results."
But the mining of data is not restricted to search engines, with browsers also monitoring user habits. Crawford advises users to ditch the likes of Chrome and opt instead for Firefox, as its "open source, non-profit and offers a range of useful plugins."
4. Read the small print
This is as simple as creating a long password – always check the fine print. The devil is in the detail, but many simply disregard the legal info and click ‘agree’ in order to get the app or service as quickly as possible. You can opt out; all you need to do is stop and read what you are agreeing to – just like a physical contract.
Mike Hickson, MD of LSA Systems, told CBR: "One of the simplest ways to protect your online privacy is staying aware of what you are opting into and the repercussions of what you are clicking through too. Before installing or logging into third party software, signing up for a newsletter or even playing online games, read the fine print.
"Much of what we do on the internet allows you the option of opting out of having your personal information shared or accessed. It is important that you think before clicking away online to ensure that you are not allowing third party software to read your social profiles and garnering access to private information. Reading the fine print before clicking ‘agree’ can help to keep your information private."
5. Avoid public Wi-Fi
Stepping away from the desktop, the risk of using your mobile on a public network is very real. Again, many of us take the easy option, saving data by logging on to Wi-Fi while we are on the go. Gert-Jan Schenk, VP of EMEA at Lookout, said:
"When you’re running low on data you may be tempted to connect and use public Wi-Fi on your mobile device but beware, this could jeopardise your data and privacy. The problem with public Wi-Fi is something called a "Man-in-the-Middle Attack," whereby an attacker can sit on the Wi-Fi connection and eavesdrop on this conversation.
"In this attack, a person is able to listen in on an unprotected network, intercept your communications, and decrypt them (if they’re even encrypted in the first place) to read what you’re talking about."
In order to avoid this threat, you need to use the much safer alternative of 4G/LTE networks. However, if you are in the situation where public wi-fi is the only option, you must use a VPN to encrypt your traffic. Never perform any transactions over public wifi- if you do, you are asking for trouble.
6. Use a Virtual Private Network
If you are serious about privacy then, as BestVPN’s Douglas Crawford tells CBR, a Virtual Private Network (VPN) is a must. Another alternative, which is just as good in anonymising your internet activity, is the Tor Browser.
"If you’re serious about online privacy, invest in a trustworthy VPN. This will hide your IP address and encrypt all Internet traffic, which keeps it safe from hackers and government organizations. Choose a provider that offers good encryption (AES-256), shared IPs and doesn’t keep logs. Instead of a VPN, use the Tor Browser.
"This connects you to the Internet via randomly chosen ‘Tor nodes’ and encrypts data with each node. This makes it impossible for outsiders to trace the path back to you, but unfortunately also slows down connection."
Encryption is vital, and is the closest you can get to 100% security. All communications, SMS and emails are stored by providers so should be encrypted as standard, with Crawford advising CBR readers to "encrypt messages or calls with Signal and e-mails with ProtonMail or Tutanota."
These are the best ways to protect your privacy online; however other tips such as always checking out as a guest when shopping online, using different emails and checking social media sharing settings are other good steps to take.
However, you must be aware that nothing is 100% secure and full anonymity on the web is closer to fantasy than reality. With that in mind, and with so much to remember, Nazar Tymoshyk, Security Consultant at SoftServe has given CBR a 10 point checklist to help you protect your privacy online.
1. Keep all devices protected – mobile, wearables, laptops
2. Ensure account safety and cloud synchronization security with reliable password recovery security questions and two-factor authentication modules.
3. Use multiple passwords for different systems, as well as change them once in a while.
4. Lock your screen and encrypt your data (It may be easier than it sounds using built in operating systems or app features).
5. Be suspicious about the websites and services that request too much information.
6. Switch off Bluetooth when it is not needed.
7. Always carefully read Privacy & Security Policy.
8. Install your OS or app updates as soon as they become available.
9. Don’t be overly fanatical about location check-ins on social media.
10. In short trust apps and services, but verify.