It’s no secret that here at Virtru, we’re a little passionate about online privacy. While using email encryption is a crucial step toward protecting yourself while you’re using the Internet, how can individual users protect themselves outside of the inbox?
We asked four security experts what steps they would recommend to the average Internet citizen who wants to protect his or her online privacy. After all, while enterprises may have company-wide data security policies, most of us are on our own when it comes to browsing safely on our home computers and mobile devices. In a social-obsessed, constantly connected world, how can users maintain a safe level of online privacy without pulling the plug?
Better Safe Than Sorry: Prioritizing Online Privacy
We’ll start off with Bill Hargenrader (@billhargenrader), Cybersecurity Manager and Senior Lead Technologist at Booz Allen Hamilton (@BoozAllen), a Fortune 500 technology and strategy consulting firm. Bill is also the author of the Next Level Life, a blog dedicated to helping people reach their goals and realize their full potential.
To help individual users reach their full online privacy potential, Hargenrader suggests beginning by centering your whole mindset around privacy:
“One of the biggest issues with effectively protecting online privacy for the average Jane or Joe is the disassociation of the consequences with physical reality. I often use this analogy to hammer home this point: you wouldn’t leave your keys in the door at home would you? Or store your credit cards in your mailbox? We need to start thinking of our Internet privacy in that same light, as an extension of our personal physical domain.
When we call it the cloud it’s as though it’s otherworldly, or out there somewhere. That ‘out there’ is a tangible location accessible by far more people than randomly pass by your house and may happen to see your keys in the door. It’s important to take personal responsibility for security, and one of the best ways to do that is to start rethinking the way we view internet privacy.”
Rethinking the way you view online privacy is an important first step, but what are some actions you can take to follow through?
For that, we turn to Ondrej Krehel, CISSP, CEH, CEI. Krehel is the founder and principal of LIFARS LLC (@LIFARSLLC), an international cybersecurity and digital forensics firm. He’s also the former Chief Information Security Officer of Identity Theft 911, the nation’s premier identity theft recovery and data breach management service.
Krehel recommends eight basic steps to improve your online privacy:
1. Decide if your digital presence and persona is professional or individual.
Having professional content in social media can assist your mission in career and business, while over-sharing personal data can trigger opposite effect. Silo your social media accounts accordingly to maintain your online privacy while still retaining a professional presence.
2. Be aware of who you are sharing your data with.
Customizing your social settings so that you’re keeping strangers out and only sharing your information, posts and pictures with people in your inner circle goes a long way in protecting your online privacy. Most websites will also give you the option to group friends into different categories, each of which gives you the option to limit or edit the kind of information shared. It’s advisable to take advantage of this option when it’s available.
3. Remove any traces of yourself from public searches.
Some websites grant you the ability to keep your profile from being found through a public search engine. If you’d like to remain hidden, look for this option and ensure you activate it. Many can find you easily just by your phone number.
4. Opt out of check-ins.
Many websites and apps allow you to check-in to geographic locations. Plenty of users don’t mind this option, while many actually choose to check in publicly to let others know where they are. Remember however, that when you do tell others where you are, you’re also telling them where you aren’t — at home. Criminals can keep track of your activity to pick a time when you aren’t home and break-in. I recommend not checking in publicly.
5. Keep a close eye on social apps.
There are plenty of apps which have access to your friends list, posts, pictures and other information. Manually editing the app privacy settings, either within the social website or each app individually on your phone, to remove these intrusive permissions will help. I, for example, periodically go through my connected apps and remove the ones I no longer use.
6. Limit the amount of personal information you post.
Personal information posted on public domains leaves you vulnerable. Abstaining from posting information such as your birth date or physical address, among other details, will keep away those meddling identity thieves. If you have friends and family posting information about you, ensure that it is information you are comfortable with strangers knowing about — nothing more.
7. Be wary of strangers.
The Internet makes it entirely easy for people to pose as someone they aren’t — misrepresenting their identities and motives. Consider privacy controls that limit the people who are allowed to contact you on social websites. When you interact with people you do not know, be careful with the amount of your personal information you reveal, and even more careful with meeting people “in real life.”
Privacy policies are known to change frequently on social media websites, so make sure you are aware of the policies and review your privacy settings often.
André Elmoznino Laufer is the Head of Growth at SaferVPN (@SaferVPN), a premium virtual private network (VPN) service with more than 100 dedicated servers across the globe. As a VPN guru, Laufer is passionate about digital privacy and security, and offers the following pointers for individual users who want to improve their online privacy habits:
1. Really dig into your social privacy settings.
Make sure to go through your social media privacy settings manually for each account. If you’re using the default privacy settings on Facebook, LinkedIn or Google+, you’re not getting much in the way of online privacy.
2. Always double-check to see who you’re sharing with.
Whenever you post on social media, double check which audience you’re sharing your updates with — otherwise they might be publicly visible to everyone (like your boss, or tons of people you don’t know).
3. Use a VPN to connect to the Internet.
Always connect to a VPN since it prevents websites, advertisers, snoopers, governments and ISPs from tracking your online activities. With a VPN, you get a new anonymous IP address so that nobody can see your true location, nor tie you to your online activities.
Mike Fleck is the CEO and co-founder of CipherPoint (@CipherPointSW), a B2B provider of data security solutions. “Like all security professionals, I invest time to secure my own identity and maintain my privacy to the extent anyone can do so in today’s always-connected world,” says Fleck. “Here are a few things that I do to protect my own online privacy:
1. Use a more privacy-focused search engine.
If you’re uncomfortable with your search engine tracking you and mining your data for advertisements, it might be time to try a new service. I use DuckDuckGo as a search engine, it doesn’t track users.
2. Don’t grant yourself administrative permissions.
Do not grant administrator permissions to the laptop/desktop account you use on a daily basis. Fraudulent websites and ads are increasingly effective at getting users to accidentally download and install malware. You can protect yourself from yourself by using an account that isn’t able to easily install software.
3. Get strategic with your browsers.
Use multiple browsers and install ad and script suppression extensions. I have installed Firefox, Chrome, and Internet Explorer. I only use Internet Explorer with Office 365 or other trusted websites that don’t function well with other browsers. I use Chrome for most browsing, and have installed ScriptBlock. Firefox is configured not to accept any scripts nor cookies, so I use that for links and websites that I don’t trust.
4. Beef up your defense against viruses.
Use free virus and malware scanning software on your computers. I use Spybot Search & Destroy, Malwarebytes, and Microsoft Security Essentials on my laptop. I use Kaspersky on my smartphone.
5. Get covert on social media.
If you must be on social networks, consider creating multiple aliases for different uses. Misinformation can help to make it harder for someone to steal your identity. I deleted my Facebook account years ago when they automatically enabled facial recognition in photos. Facebook and other social media services have horrendous records when it comes to putting users’ online privacy first. I reluctantly still have a Linkedin account, but I don’t like the amount of information that someone could derive from my network.
6. Use better passwords.
Not a month goes by that one of my friends had his/her email or social media account password broken. Password strength is less of a function of complexity (e.g. 8 characters with a special, uppercase, lowercase, and numeric values) and more of a function of length. A 13 character password is much harder to crack than one with only eight characters.
A great technique is to use everyday items but spell them phonetically or in multiple languages. For example, coffee cup becomes “Kah.phee.Kuhp!” Use a unique password for each account and store them in a free utility such as Password Safe.
7. Be stingy with your personal information.
One of the best ways of protecting your privacy is simply not giving your data away. Remember: it’s your data, and most businesses and government agencies don’t actually need it. Resist giving anyone your full social security number and birthdate. Provide only the last four digits of your social security number and see if they push back. Most times, they will not. Provide a fake birthdate if someone needs it only to establish that you’re over 18 or over 21.
I’ve seen small business owners keep banker’s boxes full of other people’s personal information in their garages at home (which are often wide open). It’s okay to be a little bit cynical about the measures to which business do (or most likely do not) try to secure your personal data.
Protect Your Inbox Using Email Encryption with Virtru
There are plenty of ways to protect your online privacy when browsing the web or using social media, but it’s also important to lock down your inbox. Email encryption makes your email messages and attachments unreadable and unusable to anyone who doesn’t have the encryption key, protecting your data with an extra layer of security.
Luckily, you don’t have to be a tech nerd or have an enterprise budget to protect your online privacy. Virtru is a free browser extension that integrates with Gmail, and other major email providers for completely seamless, easy-to-use client-side email encryption.
Ready to get proactive about your online privacy? See how easy it is to encrypt your email — download Virtru today.