This post has been modified to reflect new information since its original publication.
Because the threats to our privacy in the physical world are easy to understand, we don’t have to think too hard about the best ways to protect ourselves. We simply close our curtains and lock our doors. However, in the online world, the threats are less obvious. This makes it harder to fully comprehend our vulnerabilities or what we should be doing to secure our personal information.
To avoid the consequences of unsecured personal data, including identity theft and fraud, you need to learn what the biggest threats are to your online privacy. Here are the top five.
Data breaches
People steal, collect, and analyze your personal data because it’s valuable. As such, the number of reported data breaches has been growing over the years, from only 157 in 2005 to 1,579 in 2017. And each new breach builds upon the last, meaning that cybercriminals now have so much data about you that they can easily trick you into revealing even more information.
While there is little you can do to prevent a company you do business with from experiencing a breach, there are steps you can take to proactively reduce a breach’s effect on you.
- Monitor your credit: You can get a free report from AnnualCreditReport.com. Go through your entire history to look for any unfamiliar activity. Notify the credit agency immediately if you see anything suspicious.
- Freeze your credit: By freezing your accounts with the three major credit reporting agencies, Experian, TransUnion, and Equifax, you make it harder for anyone to open new lines of credit in your name. You can always pause or remove the freeze when you need to apply for credit, for example, if you’re buying a house or a car.
- File your taxes as early as you can: The idea here is to file your returns before a scammer has the chance to file a fraudulent return using your Social Security number.
Public Wi-Fi
Free public Wi-Fi networks are a favorite hunting ground of cybercriminals looking to steal people’s private information. Often, people unknowingly join these networks because their phones or tablets are set to “connect automatically” to familiar networks.
The best way to safeguard your privacy is to avoid using public Wi-Fi altogether, especially for any online banking purposes. However, if you must use public Wi-Fi, you should always verify that the connection is encrypted. For example, you should only visit sites that have URLs starting with “https,” not “http,” without the (s).
You should also make sure your email is encrypted. Luckily, most major providers like Gmail and Outlook automatically encrypt everything. If you are using a less robust email service, your messages might be sent in plain text. You can do a Google search on “How to find email header for {Your Email Provider Name}” to find out if your provider uses encryption.
Another way to make public networks safer is to create a private Internet connection with a virtual private network (VPN). Just find a trusted VPN service in your price range and download its mobile app.
Third-party ad trackers
There are two kinds of privacy to protect: who you are and what you do. Third-party ad trackers monitor the latter, recording all your online actions, including the things you search for, the websites you visit, the articles you read, and the items you buy online.
These trackers report their information to marketing companies and data brokers (also called people-search companies) that gather and maintain data profiles on millions of individuals. These firms then analyze, package, and sell these profiles to businesses engaged in direct marketing, targeted advertising, and risk assessment.
“One of the biggest challenges in protecting privacy is that many of the violations are invisible. For example, you might have bought a product from an online retailer—something most of us have done. But what the retailer doesn’t tell you is that it then turned around and sold or transferred information about your purchase to a “data broker”—a company that exists purely to collect your information, package it and sell it to yet another buyer… Let’s be clear: you never signed up for that.”—Tim Cooke, Apple CEO
While this information is anonymized, it is not hard to correlate a data set to a certain individual. In fact, according to an MIT study, “just four fairly vague pieces of information—the dates and locations of four purchases—are enough to identify 90 percent of the people in a data set recording three months of credit-card transactions by 1.1 million users.”
One way to avoid ad tracking is to use ad-blocker products, like 1BlockerX and Ghostery, that also block trackers.
Mobile apps
Do you enjoy playing multiplayer games like Words with Friends on your phone? How much less would you enjoy it if you knew it was collecting the following information about you?
- Your username
- Your first and last name
- Your gender
- Your birthday
- Your age
- Your email address
- All your contacts from your address book
- All your in-game purchases
- Your approximate physical location
- The contents of all chats and messages between players
- Your Facebook ID
- The IP address you’re using
- The type of device and OS you use to play the game
- The type of browser you are using and which language you prefer
- Your MAC address
Your personal data is valuable, and many app developers are making a large profit by tracking their customers’ data and selling it online. In fact, research from the University of Massachusetts and Stony Brook University recently revealed that over 70% of smartphone apps send users’ personal data to third-party tracking companies.
As such, you need to know how to protect your data while using mobile apps. Here are some good guidelines to follow:
- Do your homework: Before you download any new app, check its ratings, read its reviews, and find out if there are any security flaws you should know about.
- Don’t trust apps that ask for excessive permissions: Make sure the permissions it asks for make sense. For example, a flashlight app doesn’t need to know your location.
- Prune your apps: Update the ones you actually use and delete the ones you haven’t used in a while. Updating the apps you still use will keep them secure, while removing obsolete apps will protect you from security vulnerabilities and improve your phone’s performance.
- Review your app permissions: Try experimenting with how few permissions an app really needs to function. Many apps will still work if you deactivate some—or all—of their permissions.
- Use a VPN: Badly designed apps can have security vulnerabilities that will expose your data to snoopers. However, if your mobile device has a VPN app, then all of your apps will be encrypted too.
You
It might surprise you to know that you are one of the biggest threats to your online privacy, but it’s true. Your lax security habits and your penchant for oversharing personal information on social media are providing scammers and thieves with most of the ammunition they need to use against you.
But “wait,” you say. “I care about my privacy!” You probably do—just not enough to do much about it. In fact, 96% of people claim to be concerned about their online privacy, while research shows that few people actually take action to secure their data, especially on social media.
“A lot of people think about privacy but don’t really care until something happens to them personally. It’s like freedom. You don’t appreciate it until it’s gone.”—Beth Givens, director of the Privacy Rights Clearinghouse
According to a study by MalwareBytes (PDF):
- 66% of individuals skim through or don’t bother reading license agreements or consent documents.
- 29% of people reuse passwords across multiple sites.
- 26% of participants had no idea which permissions their apps were using.
One reason people don’t take greater security precautions is that these tasks can be difficult; people don’t want to read through a 200-page legal agreement before they start using a new app. Researchers at the University of Connecticut and Toronto’s York University proved this in 2016, when they found that every test subject agreed to a new social media site’s fake terms and conditions that required users to give up their first-born child. The results showed that 74% of participants never read the policy—and those who did read it obviously didn’t read very carefully.
And following good password etiquette is nearly impossible if you don’t have access to a password management tool, like 1Password or DashLane. These tools can generate and store unique, strong passwords for all your online accounts and automatically enter them into websites for you.
Another reason people aren’t securing their online privacy is that they are unwilling to give up the services they receive in return for their information. According to a recent Experian study, 70% of consumers “are willing to share more personal data with the organizations they interact with online, particularly when they see a benefit such as greater online security and convenience.” And a Center for Data Innovation survey backs up this assertion, finding that nearly 60% of Americans are “willing to share their most sensitive personal data” (such as location, biometric, or medical data) in exchange for access to services.
Tips for protecting your online privacy
Luckily, there are some relatively easy things you can do to increase your online privacy:
- Don’t let browsers save your password: By saving these passwords, you are making it easier for others to find them. Even if you are using Chrome on Windows 10 or macOS, which require a user password to see saved passwords, hackers can still use password-changing tools (like iSumsoft Windows Password Refixer) to reset Windows passwords and thus gain access. Meanwhile, if you’re using Chrome on Linux, there’s no prompting for authentication. Firefox also lets people view passwords without any authentication (if they haven’t set a master password), regardless of which platform they’re using. To avoid exposing your passwords to someone with access to your browser profile, you need to turn off the autosave feature or always click “no” when prompted to save a password.
- Use two-factor authentication: This feature, which requires an additional level of identification verification before granting access, makes your password all but useless to someone trying to log into one of your accounts. Usually, two-factor authentication involves entering a code that the website texts to your phone after you’ve typed in your password. However, there are also authentication apps, like Google Authenticator, you can use. These apps are even more secure than regular text message verifications.
- Keep your software up to date: One of the easiest ways to protect your personal data is to make sure you are using the latest software on all your devices. This means accepting software updates whenever you receive a notification. Often, these updates contain security patches to address known security flaws. As such, putting them off to a more convenient time leaves your device vulnerable to attack.
- Monitor your credit report: The sooner you discover that someone has stolen your identity, the faster you can repair the damage. And the best way to find out if someone is using your personal information is to regularly examine your credit report for suspicious activity. Luckily, you are entitled to one free report per year from the three big agencies: Experian, TransUnion, and Equifax.
- Monitor your online reputation: Because the Internet is where people go to learn about you, you should know what kind of information is out there. And the best way to do this is to simply google yourself and see what appears in your search results. Are your results accurate? Is someone else pretending to be you online? What sensitive personal information is out there for others to find? If you find anything you want to remove, you need to contact that website and submit a takedown request.
For more information
Whether your information has been leaked in a data breach or you are trying to avoid being hacked, it’s important to learn all you can about protecting your online privacy. For this reason, we offer a number of self-help articles on our Resource Center, including the following:
- How to clean up your digital footprint
- 11 smart ways to protect your email privacy
- How to remove public records from the Internet in five steps
- How to delete Flash cookies, permacookies, and zombie cookies
If you need help monitoring and maintaining your online privacy, please give us a call. We provide free consultations 24/7 to discuss your particular privacy concerns.