Categories
Data and Security data security Digital Identity Hack internet security privacy privacy regulations Software

How to Protect Your Digital Identity

protect digital identity

Our digital identities are shaped by personal information about ourselves that we share online: name, age, gender, geographical location, email address, phone number, etc. If someone steals this data to act on our behalf, we might lose our funds, reputation, and social connections. In this article, you’ll find useful tips on protecting your digital identity from theft and enhancing the security of your online presence.

Create Several Digital Identities

Maybe you have two phone numbers or two emails and use the first one for work and the second one for private communication. Similarly, you can create multiple digital identities.

Emails Can Help

Have several emails.

  • You can create your first email address to communicate with banks and government bodies.
  • The second email address exchanges messages with diverse offline recipients (such as shops, garages, dental clinics).
  • Your third email address is for friends, relatives, and social networks.
  •  A fourth email address will be for subscriptions and registrations.

Each of your digital identities will be connected to a particular email, but they will never overlap — these types of actions create your safety net of digital identities.

You can access all your email addresses from the same mailbox. For instance, you can automatically redirect all the incoming messages to the same Gmail inbox. Gmail will let you select the address that you would like to send each of your emails from.

You won’t even need to use exclusively @gmail.com addresses. Microsoft Outlook functions on the same principle and allows users to attach up to 10 auxiliary emails to the main one so that you have 11 addresses all in all.

Replace Your Password with a Passphrase

A passphrase consists of several words, so it’s much more difficult to brute-force it than a password. Ideally, these words should be generated randomly, and each of them should contain a minimum of 16 characters.

For each site and service you use, you should generate a unique passphrase. Of course, it might be tricky to remember all these combinations — but you can download 1Password, LastPass, or Dashlane. These trusted and credible password managers will safely store your passwords in a well-protected database.

Enable Two-Factor Authentication

Some modern online services include two-factor authentication as a mandatory feature; others offer it optional. After you enable the two-factor authentication, you won’t be able to access your account just by inserting your password. The system will send you a confirmation link or code to your phone or email that will serve as the key to your account.

If someone tries to hack your account from a remote device, you will get to know about it.

Install and Enable an Antivirus

Modern antiviruses are powerful multifunctional programs. They efficiently protect users not only from malicious software but from all sorts of threats. They identify a menace long before it attacks your device and ward it off.

Also, they check your system and software updates to make sure you use the latest versions. Updatings are essential for security because newer versions of the programs don’t contain old vulnerabilities.

Stay Suspicious

If a site or service asks you to share your confidential data, think twice whether it really needs it. Is it necessary for a game, news aggregator, or dating service to know your birth date or bank account number? Or is it just a nefarious trick to cheat confidential information out of you?

Inspect your bank statements and payment history weekly. According to a stereotype, if hackers get hold of your bank account, they will immediately transfer all your funds to their account. But this will inevitably attract your attention, so some smart violators opt for small transfers instead. If you notice payments for goods or services that you never purchased, your account might be hacked.

Don’t include meaningful personal information in your social media profiles.

Indicate only the data that you are ready to share literally with the whole world, including thousands of people that you will never know.

If you receive an email with a link, open it only in case you know the recipient well. Spammers and organizers of phishing attacks might ask you to visit a certain page, to indicate your account data or financial credentials. Some ask you to confirm the receipt of a pre-approved credit card that you never ordered.

If you receive a similar email from your bank, get in touch with its support service, and ask if they indeed sent it.

Use Browser Security Tools

To get rid of the annoying ads for good, install AdBlock Plus. To block spying ads and invisible trackers, use Privacy Badger. To make your browser always redirect you to safer HTTPS versions of websites from the outdated HTTP ones, apply HTTPS Everywhere.

You can choose between dozens of free extensions that are compatible with nearly any browser and will efficiently protect your digital identity.

However, the protective software that you have installed might not be enough to stop tracking completely. To check how safe your browser is, use Panopticlick: it will measure your security level and analyze your system configurations. Relying on the impartial results of the analysis, you will be able to fine-tune your settings, delete or install certain add-ons, etc.

Monitor the News

If a bank, a governmental body, or an e-commerce institution falls prey to a data breach, it will be mentioned in the news. If it turns out that your confidential data might be compromised, change all your passwords immediately.

Conclusion

Hopefully, this article came in handy, and now you know how to protect your digital identity. Losing it might sometimes be just as troublesome as losing your real-life passport.

The above-listed recommendations can be applied to any device that you use to go online, be it a stationary computer, a laptop, a smartphone, or a tablet. As you see, you don’t need to be a geek to enhance your internet privacy and enjoy the time you spend online to the max.

Image Credit: cottonbro: pexels

The post How to Protect Your Digital Identity appeared first on ReadWrite.

Categories
ccpa cybersecurity Data and Security data privacy data protection GDPR Lead privacy privacy regulations Tech

Privacy Regulations — Are They Really Working to Protect Your Data?

protect your data

Data breaches are happening at an alarming rate. The first half of 2019 saw 4.1 billion compromised records, with the business sector accounting for 67% of the reported breaches and 84.6% of exposed records.

People are starting to take the protection of their own digital identities more seriously.

According to a recent privacy survey, 81% of consumers are more concerned about how companies use their data and 89% say companies should be clearer about how their products use data.

This is why more than 80 countries and regions have adopted comprehensive data protection laws and others will soon follow. But are these laws really working to keep the massive amounts of personal data from falling into the wrong hands?

Regulations like GDPR and the California Consumer Privacy Act (CCPA) are developed with the intent to protect the privacy of consumers in an age where social media and other digital footprints are making it harder to keep that personal information safe and secure.

There are two interesting factors in play that exempt companies from disclosing what they plan to do with the consumer data they collect in certain situations.

Exemptions

In section 1798.105(d), CCPA states, “a business or service provider shall not be required to comply with a consumer’s request to delete the consumer’s personal information if it is necessary for the business or service provider to maintain the customer’s personal data in order to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.�

The statement appears to exempt anyone in cybersecurity from the request if they can prove the data is required to meet one of those activities.

Items within certain security platforms that leverage the device and user identity for detection can operate under this exclusion, which is something both the security vendor and customer should, therefore, be cognizant of.

Services Provided

Additionally, section item 1798.105(3) of CCPA states that business shall not be required to comply with the act if they provide a service to “debug to identify and repair errors that impair existing intended functionality.�  

Read that statement again, please!

It opens another huge exception for businesses that debug or repair devices. It appears they are removed from any responsibility to destroy or delete the data after any period of time.

Another implication of this “law” ties into the consumer’s right to repair. Consider a consumer who has their private data stored on a personal device but modifies or repairs that device in some way that leaves the device susceptible to attack or breach.

Who is responsible? The manufacturer or the consumer?

CCPA does not provide guidance on this leaving ambiguity and potential loopholes.

While businesses may comply within these exemptions and services loopholes, that shouldn’t exclude them from the basic ethical obligation they have to inform their customers on what they plan to do with their data.

And these exemptions aren’t winning any favors with consumers, which is why nearly half of Americans don’t trust the government or social media sites to protect their data.

While governments are attempting to help by enacting privacy legislation, consumers must take the protection of their privacy into their own hands by following a few basic guidelines.

Don’t Open that Link

Phishing attempts have grown 65% in the last year and those attacks account for 90% of data breaches. And attackers are finding new ways to make their phishing scams even harder to detect.

An example shows how these attacks are now happening in real-time. The bad actor pretends to be known to the user who claims to have limited cellphone reception, so a confirmation call is not possible. The victim then helps, which then leads to handing over sensitive data to the attacker.

While phishing is getting harder to detect, there are ways to defend against them.

For instance, if there is a request to click on a link, CHECK to see if there any misspellings or weird characters in the URL.

In these cases, it’s a safe bet you can just delete the email (and link) right away.

Make it a habit to avoid clicking on links sent to you via email or social media solutions – especially those from your bank, utility companies, social networks, etc.

Instead, go to the source and type out the URL in the browser and login there.

Multi-Factor Authentication

Multi-factor authentication is one of the easiest ways to protect one’s information, yet many consumers don’t know this capability exists. With multi-factor authentication, a user is asked to provide two or more pieces of information for logging into his/her devices.

For example, along with providing a password, an individual can arrange to have a code sent to their device before access is granted. When you login this way, if an unauthorized third-party somehow steals the password, they still can’t log into the account because they won’t receive the follow up mobile text code.

Many consumer services like Google and Facebook support this capability and individuals are well-advised to use this extra security.

Multiple Passwords

People still fall victim to bad password habits despite the incentives to avoid them.

Using unique passwords for all accounts helps ensure hackers only gain access to the one system associated with that password.

You can check sites like haveibeenpwned.com to determine if your information was lost in a breach.

Please use different passwords for every account — whether it’s for business or personal use.

I know it’s a pain in the butt — however, the longer the password, the better. Password manager applications can then help you store all of these passwords securely and protect them with multi-factor authentication.

There is no one sure-fire way to ensure that the billions of global data records remain protected.

Privacy regulations are a first (and much needed) step in the right direction. However, it’s up to everyone – including consumers – to do their part in protecting their personal identities online.

The post Privacy Regulations — Are They Really Working to Protect Your Data? appeared first on ReadWrite.

Categories
cybersecurity Data and Security data security privacy ReadWrite Web

10 Security Tips for ‘Work From Home’ Enterprises During COVID-19

security tips for work at home

Millions of companies have shifted office work to work from home in this pandemic time. It’s crucial to consider the consequences of access to internal IT infrastructure, systems access, data repatriation, and bandwidth costs.

Essentially, what this means is that when the employee remotely accesses the data, the risk to that data increases.

Most of the time, the risk is only between the internal network, server, and end-user device. While external working contributes to the risks that include local networks, public internet, and consumer-grade security systems.

The following are some of the strategies to minimize these data security risks.

  1. Run a password audit

Your company needs to audit passcodes for all employees. This does not mean demanding personal information from users, but it helps in redefining and resetting passcodes that are used to access specific business services in accordance with the strict security policy.

Alphanumeric codes, the use of two-factor authentication, should become obligatory. Moreover, you should ask your team members to protect all the devices with the toughest protection possible. You should also ensure that all of your business-critical passwords are stored securely.

2. Share basic security knowledge with employees

Employees working from home must be provided with essential safety advice. This knowledge sharing activity will help all employees to guard against any type of cyberattacks, phishing emails, public Wi-Fi, to ensure that home Wi-Fi networks are adequately secured and to verify the safety of the devices they use to get work done.

Employees should be particularly advised to avoid clicking links in the emails from people they don’t know and to stay safe from the cyberattacks carried out by other countries.

They also need to know basic security advice, and it’s also vital to have an emergency response team in place at your business. People need to know who to contact in the event they detect a security anomaly.

3. Encourage the use of secured cloud services

One way to secure the endpoints for the employee is to ensure that the sensitive information is not stored locally. Data storage should be cloud-based wherever possible. Not only that, but employees should be encouraged to use cloud-based apps as well. It’s also essential that any third-party cloud storage services must be verified by the network and security team.

4. Mandatory backups

Make sure to use backup tools, where appropriate, would be helpful. Otherwise, you should encourage employees to use external drives to back up computers. If you are using a mobile device management (MDM) or enterprise mobility management (EMM) software, automatic backups can be initiated through the management console of your system.

5. Use an MDM/EMM solution

It may be sensible to install an EMM or MDM system. It will make the provision and management of your device fleet much easier, while also separating corporate data from personal data. These solutions also provide better control of device and Mac security.

6. Provide VPN access to employees

One way to secure data is to use a VPN that will help employees to keep their data encrypted. It also helps in masking and hiding the IP address.

7. Provision security protection

Make sure that the state-of-the-art security protection is installed and active on any devices that are used for work. That means there should be firewalls, virus checkers, and device encryption in the palace.

8. Update software

Encourage the employees to update their applications to the new version that the company’s security strategy supports. (Some companies lag behind the Apple software release schedule, however, most don’t.) Also, activate automatic updates on all of your devices.

9. Develop contingency plans

Trip your teams by ensuring that the operational roles are shared between teams. Also, ensure that you are implementing contingency plans now in case key staff get sick. Assign and duplicate all security management, tech support, passwords, failsafe roles, and essential codes.

10. Reset Wi-Fi router passwords

Not every employee will have their Wi-Fi router reset to the default password. If you have an IT support team, then it should become a priority to provide telephone guidance to secure home routers. You don’t want to subject your information to a man in the center, data sniffing, or some other form of assault.

You may also need to make payment arrangements for any excess bandwidth used, as not all broadband connections are equal. In the current crisis, some (most recently, AT&T) are making positive sounds about enhancing available data packages.

The post 10 Security Tips for ‘Work From Home’ Enterprises During COVID-19 appeared first on ReadWrite.