When we think about our cybersecurity we may not make the distinction between privacy and security. However, it is an important distinction to be made. Security refers to the practice of preventing access to your assets, such as protecting your bank account or preventing credit card numbers from being stolen. Privacy refers to actions taken to prevent your movements from being tracked for purposes of advertising or surveillance.
While these distinct practices by definition are separate, they do intersect. In fact, a lack of privacy can have adverse security implications. For example, imagine that you willingly submit your address to an online form to purchase a product and then find out that that vendor got hacked, revealing your data to the attacker. That attacker could use that information to stalk or doxx you. This lack of privacy became a security concern. Many of us have taken steps to increase our security, but have you done anything to maintain your privacy? In this blog, I will outline things that can be done to protect your privacy, because in today’s overly tracked and surveilled environment, protecting your privacy must be a part of your strategy to increase your security.
We all have things we want to protect from the outside world: sensitive information, photos, our opinions, etc. Even with the things we like to share, we like to have control over who we share it with. Here are things you should do.
Protect your online accounts
Online accounts are not only the single most point of compromise, they are repositories of our PII. PII (personal identifiable information) refers to the data points that can be used to trace back to you. PII include home addresses, email addresses, social security numbers, vin numbers, and even connections to relatives. For one reason or another, we often input this information into online forms or store them in online accounts. Therefore, it is crucial to protect these accounts so that attackers do not gain access to PII that can be used to track you.
To protect your online accounts, take the following steps:
- Strengthen your passwords. Passwords to all of your accounts should be long and unique. Using a password manager, such as LastPass, makes this process easier.
- Turn on two-factor authentication. This is the single most important step you can take to protect your online accounts.
Do not share your PII and keep it offline as much as possible
Your PII can be used by both advertising companies and those with malicious intent. Avoid sharing your PII online. There should never be a need to share your PII on social media. To further prevent your PII from falling into the wrong hands, consider a PII removal service. Concentric has a team that helps scrub your PII from all of the major data aggregation companies that are constantly collecting our PII so that it can be sold to advertisers and be obtained by attackers.
Audit your apps
Much of the tracking and surveillance that occurs take place through the apps we use. More often than not we grant apps escalated privilege that allows them access to data they do not need. For example, imagine downloading a flashlight app that requests access to your contacts during the installation process. The app does not need this access to perform its intended function, but it asks for it because it’s going to collect that data in the background. This is the money-making scheme of many app makers, in which they give you a legitimate service for “free” in exchange for access to your data. As a rule of thumb, any “free” service means that you are the product.
To avoid this data collection, go through the Settings on your phone and audit each app’s permission. If it doesn’t need access to something to function, remove that access. Common data points these apps don’t need access to are your location data and contacts. In one case, I’ve seen an app that requested access to an email inbox. To take it a step further, if you find you no longer use an app, delete the app. Lastly, avoid free apps where you can.
Turn off ad personalization
In addition to auditing your apps, you can audit your devices and online accounts for ad personalization. Having “ad personalization” allows companies to track you. Here are links to turn this setting off in major platforms:
DuckDuckGo is a search engine, like Google, that doesn't track your data, like Google.
Use a VPN
VPN, virtual private networks, are a great tool to help you maintain your privacy. VPNs obscure your location data and prevent your internet service provider and attackers from seeing what you’re doing.
Signal is a messaging app that offers end-to-end encryption, which essentially means that you and the recipient can read the message you send, and no one in the middle can. While your metadata can still be ciphered, it’s better than the alternative.
If you have an iPhone and are messaging another iPhone, the message is already encrypted, but this is not the case between iPhones and Androids.
If you have any security and privacy concerns, please reach out to me at email@example.com.