9 tips for reclaiming your privacy on Data Privacy Day.

As part of Data Privacy Day, the privacy community at large gets together to remind people about their rights as individuals to have their personal information protected by the organizations they share it with and to remember to take note and follow privacy best practices. This year, I worked with Jennifer Hoth, senior relationship marketing strategist at DEG, to come up with 9 tips for reclaiming your privacy on Data Privacy Day. 

Why is this year different than those before it? For starters, businesses around the globe are focused on GDPR’s upcoming enforcement date of May 25, 2018. GDPR focuses on protecting EU consumer data and empowering those consumers to take control of how businesses use their data. Any business from anywhere in the world collecting EU consumer data must confront the privacy rules associated with GDPR.

Secondly, phishing attacks leading to data breaches reached into the billions—yes, that’s a “B”—of accounts affected in 2017, and the attacks show no sign of slowing down. A recent study from the Anti-Phishing Working Group reported an average of 443 brands per month was targeted for phishing attacks in the first half of 2017, up from 413 per month during the same period in the previous year.

Here are 9 tips for reclaiming your privacy on Data Privacy Day:

1 — Subscribe to free services like Have I Been Pwned? (HIBP) to see if your email address and account information has been compromised on websites you use. HIBP is currently tracking more than 4.8 billion accounts impacted by various data breaches. Proactively staying aware of your data leaking via a breach can give you a chance to secure your account before any lasting damage is done. With the number of impacted accounts, do not be surprised to see your email address tied to a data breach, so make this analysis the first step in reclaiming your privacy.

2 — Use multiple passwords. Ideally, use a different password for your email account login (e.g., for Gmail, Yahoo, or Outlook) than the one you use for websites requiring an email address as your username. Passwords should be complicated yet easy enough to remember, or you should use a password vault to assist in maintaining a unique password for every site and service you interact with.

3 — Review and update your social media account permissions and authorizations. Many services are using social login these days, giving them access to account information. Now that you’ve taken the time to remove access to your accounts from applications and services you are no longer using, consider deleting old apps from your phone, computer, and tablets. Deleting the application later doesn’t necessarily mean they will delete your data.

4 — Enable Two-Factor Authentication (TFA) on accounts when available. All of the major email services offer TFA for consumers requiring both a password and a number that changes every time you try to log in. These secondary codes are typically sent at the time of login via a text message, an email, or via an app/key associated with your account (e.g., Google Authenticator).

5 — Commit to a regimented data backup plan for all the important documents, contacts, videos, and photos on your desktop PC, laptop, tablet, or phone. Create a calendar reminder to do this every month, or, better yet, automate a backup as frequently as possible. If you are using an external drive as your data backup, never leave the drive connected to the computer while not in use. Also, keep your backup drive in a protected, safe environment. Malwarebytes reported that ransomware was the most common type of malicious software distributed (more than 60% of cyber attacks in March 2017). As ransomware attacks increase, costing individuals and companies an estimated five-billion dollars in 2017 to have files unlocked, save yourself the pain and begin regularly backing up your data.

6 — Another common method bad actors use to access your personal data is combing through your mail and other documents you throw out with the garbage or recycling. Take precautions before disposing of old files and unwanted mail by using a paper shredder with a cross-shredding capability (P-4 security should be good for the home and office) and a privacy stamp to redact the most sensitive bits of personal information.

Business owners and IT staff take special note of these remaining items:

7 — Enable email authentication solutions for all your domains; Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting & Conformance (DMARC) on all of your domains, even those that don’t send email. If you’ve already enabled these solutions, be sure to periodically review your records for problems and old IP ranges or “includes” in your records.

8 — Become familiar with common social engineering tactics like:

  • Tailgating: An attacker seeking entry to a restricted area simply walks in behind a person who has legitimate access to a physical space.
  • Baiting: The real-world Trojan horse that uses physical media and relies on the curiosity or greed of the victim.
  • Spear Phishing: A technique that fraudulently obtains private information through sending highly customized and believable emails users respond to.

9 — For businesses, implement defenses against CEO Fraud. The US Federal Bureau of Investigation also calls this type of scam “Business Email Compromise (BEC)” and defines BEC as “a sophisticated scam targeting businesses working with foreign suppliers and businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.” Build safeguards into your process to require multiple authorizations or a secondary verification of these requests via a phone call between the requester and the individual that would execute the request.

Building on these personal safeguards and changing your behavior to clean up your social profiles can be completed in just a few short minutes, and could save you from a lifetime of regret.

minute read

Popular stories

Products

BriteVerify

BriteVerify email verification ensures that an email address actually exists in real-time

DemandTools

The #1 global data quality tool used by thousands of Salesforce admins

Everest

Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality

Solutions

Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time