Security should always be on your mind when online. Whether at a larger organizational level or at an individual level, you should always have at least some way to keep your data safe. And the more data you must protect, the more important the act of data protection becomes. You should be asking yourself how you can keep that data safe and secure, especially if that information can be used against you.
Personal data normally refers to data that can identify a person, such as credit card information, bank account information, Social Security number (SSN) or other sensitive data. The act of data protection includes actions such as safeguarding important information from corruption, compromise or loss. A large part of data protection is ensuring that data can be restored quickly after a situation like data loss or corruption. Other key components of data protection include actions such as protecting and safeguarding data from compromise in the first place.
To accomplish this, you should always know who you're sharing information with, maintain the appropriate security on your devices, and know how to appropriately dispose of your data once you no longer need it.
Where does personal data exist?
Your personal data can exist offline in physical spaces such as personal financial documents and records, or online in a digital context. Keeping offline personal data safe is relatively simple and comes down to common sense a lot of the time. For example, you'd want to keep documents, or anything with personal information on it, locked someplace safe and out of view. Keep your wallet or purse in a safe place at work. Don't keep your SSN in your wallet or purse. Before giving your information out to anyone, ask why they need it and how it will be kept safe. Shred anything with personal data on it that you don't need anymore, like insurance forms, checks or bank statements. Keeping offline personal data safe relates to being mindful of where your personal information is and how you share it.
Online personal information can be a little more complicated when it comes to keeping it safe. Digital personal information could exist on smartphones, desktops, laptops and other online devices. You may have granted businesses access to your data, so they could be holding personal information in a server on-premises or use a cloud storage service. In these cases, it is good to inquire how they secure your data, since it will differ per company. In addition, regulations such as GDPR and California Consumer Privacy Act (CCPA) have made it easier to request to see what personal data an organization holds about you, and to request the deletion of said data.
Tips for protecting against data security threats
Data security can take many forms when defending against the seemingly limitless threats. Often, the answer to how to protect personal information from data breaches comes down to common sense; however, some technical concepts around security may be harder to understand. Here are 10 tips that can help you gain a better understanding of some basic and more complicated approaches you can take to personal information security.
1. Passwords. Weak passwords can be guessed, and even strong passwords can be figured out through methods such as brute force attacks. Creating a strong password will at least make it harder for a hacker to guess them. However, you should have a different password set for each application you use, and you should not write those passwords down. A password manager may be able to help in remembering them.
Ways to prevent something like a brute force attack are mostly on the developer side. Approaches such as limiting failed login attempts, using CAPTCHA, monitoring server logs, or using multifactor authentication, which can help avoid these attacks. So, the next time you get an image asking you to identify all the busses in a sectioned-out photo and a box to click to say you are not a robot, that's what that CAPTCHA is for.
2. App privacy settings. Even though application security can apply to desktop devices, the term is used mostly in reference to mobile apps. Some apps request more privileges than they really need in the name of data collection. These permissions allow them to access numerous data sources on the device, possibly including contacts, browsing history and geolocation. If you want to limit this access, you should be able to do so in your phone settings.
3. Firewalls and antivirus. A firewall is a software or firmware that prevents unauthorized access to a network. Many devices come with one built-in and are widely considered an essential component of network security. A firewall helps keep personal data secure by inspecting incoming and outgoing traffic, using a set of rules to identify and block threats. Firewalls are used both in personal and enterprise settings. Firewalls also perform important logging and audit functions to keep a record of events. Different types of firewalls include packet-filtering, stateful inspection, proxy and next-generation firewalls.
Antivirus software is a security software program designed to prevent, detect and remove malware infections. Antivirus software can be used on individual computing devices, networks and IT systems to protect personal data. Originally, antivirus software was designed to detect and remove viruses from computers, but it can also protect against a wide variety of threats, such as spyware, botnets, ransomware, keyloggers and other malicious software.
4. Backup data. Backing up your data refers to copying the physical and virtual files or databases to a secondary location for preservation in case of equipment failure or attack. Backing up data is considered pivotal to disaster recovery plans. Additionally, it's the best option for recovering from ransomware attacks or from major data losses. Personal data that is important should be backed up to a separate drive, device or location. Backups essentially capture and synchronize a point in time that you can use to return data to its previous state. If you have personal data that regularly changes, then you should regularly back up devices that have the personal data on them.
5. Anti-theft. Anti-theft refers to data protection and theft prevention when data is in transit or at rest -- when it's in use or not. Protecting data that's at rest normally involves just managing who has access to that data, along with basic security protections such as the use of firewalls, encryption and threat monitoring. Protecting data in use or transit can involve basic security precautions and more complicated precautions. Anti-theft software is more commonly used in enterprise scenarios, but some examples for personal use include McAfee Total Protection or Absolute Home & Office.
6. Bluetooth vulnerabilities. Bluetooth devices can also leave personal data vulnerable. Personal data could be accessed through Bluetooth in several ways. Bluesnarfing is when a hacker pairs with a Bluetooth device without the user's knowledge to compromise personal data. Hackers could also eavesdrop on calls by accessing the mobile device or a Bluetooth headset in use. Denial of service attacks can also be a worry when it comes to Bluetooth devices. It's recommended to keep Bluetooth off when not in use to avoid risking compromising personal data. In addition, users shouldn't accept pairing requests from unknown devices.
7. OS updates. You should always keep your devices updated to ensure they have the latest performance and security updates. This goes for the operating system on a desktop or the OS on a mobile device. Mobile device OSes tend to get updated often, so it's important to check every so now and then for those updates.
8. Public Wi-Fi. Even though it may be hard while traveling, you shouldn't connect to unsecured Wi-Fi networks. Aside from Wi-Fi network security lacking in most cases, some of them may not even be real. If you go to a public spot and see "Free Public Wi-Fi" show up on your phone, the unsecured wireless network may actually be from a nearby laptop or smartphone that is attempting to connect to other devices to steal personal information. Ideally, you should only connect to known, trusted SSIDs and authenticated access points. Use 4G or LTE on your device when you can if you're out and about, or even a Wi-Fi hotspot aggregator.
9. Secure personal info offline. One of the simplest ways to secure personal information is to secure personal data on a device that doesn't connect to the internet. For example, physical data can be kept in a location out of view in your home or in a safe. If it's digitalized data, then keeping that data in a separate external hard drive will keep it offline when it is not actively connected to a computer at least. You can then store that hard drive in a secure physical location of your choosing.
10. Stay alert to hoaxes and impersonators. There's no shortage of scams and impersonators, especially on the internet. For example, virus hoaxes can give you a false warning about a computer virus. In this example, a warning may arrive in an email with a message about a virus, prompting you to click a link that takes you to a website that will end up harming your computer. Other scams may try to steal enough of your personal information so they can steal your identity, which can affect numerous things such as your credit report.
Sometimes an entity may pose to be someone they're not to phish for your personal information. These impersonators compose an official-looking email from a company, then notify you have been charged for something you have not bought, or have signed in from another location -- among other things -- then bring you to a fake site to sign in so they can gain your username and password information.
One easy way to tell if an email is a phishing scheme is by the sender. Smartphones may simplify the email to just say something like "Apple," for example, but when you tap on the email address itself, it will show a different email address. Often it's something unreadable. To keep your online privacy and data safe, it's best not to respond to emails like this, or to simply delete them.
How to safely dispose of personal data
Deleting a file does not remove it from storage media -- in most cases at least. It actually marks that piece of storage space as available to write over. One of the most time-tested methods for dealing with unwanted personal data is by overwriting that data with meaningless binary. This process should be relatively easy, but it's not 100% secure either. With the right tools, data can still be retrieved from an overwritten disk.
You could also physically destroy the device the data is on. This method is effective, but you have to be sure you're safe while doing it. You could also give your device to a data destruction service that will go through the process of data destruction for you. Disk wipes are yet another option. You can wipe all the data on a disk with a free disk wipe software.