New technologies and artificial intelligence have increased the risk of security breaches and have the ability to capture sensitive information like never before. Luckily, there are steps you can proactively take to ensure optimal protection and help to prevent the mining of your personal and organisational information.
In this article
- Phase 1: Understand basic data privacy practices
- Pahse 2: Prepare for common data protection cases
- Phase 3: Focus on your defence for security and privacy
Starting at home with your own personal devices is a good first step, but you can also apply these practices within your place of work to ensure the optimal protection of employees and customers alike. While your business might already be UK GDPR compliant, it is important to consistently assess your personal and professional data protection to reduce the risk of additional expenses and data breaches, among others.
Phase 1: Understand basic data privacy practices
Implementing appropriate privacy practices for personal and business purposes does not have to be daunting. The first step to optimally understand the basics. To start with, avoid being a sitting duck for scammers and data breaches by utilising the tools that are already available to avoid common mistakes and to be proactive.
Here are 6 easy steps to start:
- Always lock your devices: Fingerprint, facial recognition or even PIN entry take less than 3 seconds and protect your device from unauthorised access right away
- Disable GPS: This prevents your device from being used to create detailed movement profiles of you
- Activate Antivirus: Many programs that come with your operating system offer reliable protection against viruses and other malware
- Surf in incognito mode: It is a misconception that surfing incognito offers total privacy - however, cookies and your search history are automatically deleted when you end the session
- Enable automatic updates: Each firmware update will close new security gaps on your device, so you should make sure to update your antivirus program in order to detect new types of viruses
- Use alternative search engines: Low-data search engines like DuckDuckGo or Startpage deliver good results without collecting data on your preferences or search behaviour
Phase 2: Prepare for common data protection cases
Secure browser settings
Understanding the most common data protection issues and securing knowledge of fundamental data protection practices should be your next priority in leveling up in data protection knowledge. To prevent the storage of browsing behavior and its disclosure to third parties, block or only allow selected cookies. This can be done through the following:
- For Chrome: settings > privacy and security > site settings > cookies and other site data > select block third party cookies and clear cookies and site data when you quit Chrome
- For Firefox: Menu > preferences>privacy&security > select cookies and site data when Firefox is closed
- For Safari: Preferences > privacy > select prevent cross-site tracking and block all cookies
To prevent unencrypted storage on your device, the next step is to deactivate password saving and password autofills. Many users do notunderstand that when these settings are enabled, they run the risk of their information being leaked.
This happens through the following: third party applications that run in the background might create fake logins and password boxes that the user cannot see, leaving the user particularly vulnerable. Invisible logins and password boxes will then capture the user’s login credentials.
Another privacy practice is to ensure that the browser history is regularly cleared. Clearing browser history avoids the creation of detailed activity logs. Blocking pop-ups is another important factor to be considered, as this will help avoid the installation of unwanted add-ons. Pop-up ads can also be used by hackers to steal personal information, which can also lead to a computer virus infiltrating your device.
Securing your browser settings will ultimately reduce the risks of attackers taking control of your device and stealing your information. By consistently evaluating your knowledge, you are less likely to experience problems on your device and be better prepared to protect yourself from potentially dangerous parties.
Define or check app permissions
App permissions are a requirement for every app in the Apple Store or Google Play Store. Permissions give the user a choice to decide what information the app can access on their device, including personal data.
Before you download any app, carefully consider whether the app really needs the indicated permissions or if you can find an alternative that gets along with fewer permissions while offering the same quality
During installation, you will be asked for certain permissions (e.g. camera, contacts or location). Before you accept them, consider whether the app really needs these permissions. Also consider denying some permissions, as some functions do not need to be enabled for the app to fully run. Android and Apple, for example, offer the option to only allow apps to use your location while in use.
Following installation, make sure to double-check permissions of already-installed apps to ensure that all of the proper settings are in place.
Create bulletproof passwords
Use a passphrase to create secure and complex passwords that are easy to remember at the same time. For example:
Just think of a sentence like “I do have a car, but 50% of the time I get to work 5 minutes faster by bike!”
|
For home wireless networks, ensure that you to use a passphrase for your private router to protect your wireless network. This can be done online by accessing the settings options of your provider. While this is being done, you can also check if your home network supports WPA3 or at least WPA2 encryption and make sure it is activated.
You can also set up a dedicated wireless guest network, a completely detached option that will help minimise risks. It can normally be done by simply checking a box.
Phase 3: Focus on your Defence for security and privacy
Recognize fake shops
In general, websites that are not trustworthy often focus on their appearance, such as an appealing layout. If you are looking for weaknesses and red flags, you will usually find them in the website’s privacy policy.
A solid privacy policy should not require pages-long UK GDPR references. A good privacy policy includes:
- The controller’s contact details
- The name of the respective Data Protection Officer (DPO)
- A transparent and comprehensive description of the intended use of your personal data
- The recipients and categories of recipients that will be receiving your personal data - for example, whether your personal data be forwarded to a recipient in a third country
Manage smart home devices
As functional and handy as smart home devices might be, the price for this extra bit of convenience will almost always be your personal data. Many manufacturers violate common privacy principles by, for instance, collecting unnecessary data on your location or by tracking your individual behaviour, or by recording background sounds during voice commands.
If you want a sophisticated smart home system, you do not have any serious alternatives. Options such as Mycroft do meet data minimisation concepts and transparency criteria but are unfortunately not compatible with all IoT devices yet. Therefore, they might pose some limitations to users who do not possess any programming skills.
The most common devices have the possibility to make more data protection-friendly settings. These are usually deactivated by default. For example, you can switch on the immediate deletion of data recorded after any voice command or switch off location tracking completely
It’s important to take some time to familiarise yourself with new devices and their settings – in many cases there are a lot of options that improve data protection and security without limiting the function of your device.
Minimise the use of your data
Set up your computer or smartphone to minimise the use of your data is easy. Tthe most common operating system for computers, Windows 10 comes with some default settings that gather your personal data to send it to Microsoft, however, you can prevent this quite easily. Start with the most obvious setting, Data Sharing and Analytics. When moving into general settings, you can edit or deactivate any option without repercussions.
For speech settings, we recommend completely deactivating this function if it is not needed. For your activity history, there should also be an option to completely uncheck all of the boxes to ensure your activity is not stored for use and the sharing of your activities. Finally, check in your app permissions settings. Make sure to only grant access to your location, camera, microphone, voice activation and notifications to the apps that really need it and that you use on a regular basis. There should also be an option to only grant access to these functions while you are using the app.
Share your knowledge
It is important to continue to improve your data security knowledge, especially as technologies evolve. Consider reading blogs and online news outlets to consistently stay informed. You can also speak with a network security specialist or hire a professional to keep your personal and company data safe from unauthorised access.
Many people unknowingly disclose personal and sensitive information. Striving to increase your privacy awareness should not stop within your own home or workplace. Share your findings with friends, family members and colleagues to ensure they stay informed about cybersecurity threats as well. Help educate others about cyber risks and how to keep their personal information private. The simplest protections and safeguards will save time, money and adverse impact in the long- run by reducing threats and vulnerability.
Explore the six most common UK GDPR mistakes - and how you can avoid them in this free whitepaper.
