02-12-2024
Take Care of Your Digital Identity
On Valentine’s Day, we go to great lengths to show love to those around us: spouses, significant others, parents, children, family, and friends. But we often don’t give ourselves the same level of care.
That’s particularly true when it comes to our online privacy, which is routinely neglected in favor of the way we want to present ourselves to the world. Case in point: a recent survey of more than 2,000 American adults asked them 17 true-or-false questions about how online services track and collect their personal information. More than 75% of the survey respondents failed the test, not even answering half the questions correctly. Only one person received an A grade, answering 16 of 17 questions correctly—and not a single person got all 17 answers right.
The survey, conducted by the Annenberg School for Communication at the University of Pennsylvania, tested consumer knowledge about the way that apps, websites, and digital devices stockpile private data. Nearly 50% of the audience answered “Don’t Know” to questions about email tracking, marketing opt-ins, HIPAA protections, and federal regulations about an individual’s right to digital privacy. Even more shocking, 73% of respondents said they simply didn’t have “the time to keep up with ways to control the information that companies” routinely collected from them.
These results shine a harsh light on consumers’ lack of knowledge about data tracking, which the Federal Trade Commission could soon restrict. Some regulators even consider data tracking to be “commercial surveillance” and have pressed Congress to pass a comprehensive data privacy bill similar to GDPR in the European Union or PIPEDA in Canada.
Cybersecurity experts point out that the traditional form of “notice and consent”—companies provide notification about data collection practices, and consumers then provide their consent by, say, accepting all cookies on a website—is woefully inadequate. As the Annenberg School report said, “consent requires that people have knowledge about commercial data-extraction practices as well as a belief they can do something about them. Americans have neither.”
One heartening result from the survey is that only 18% said they didn’t care what information companies could learn about them based on their online behavior. That demonstrates that 82% of consumers do, in fact, care.
So What Can You Do to Strengthen Your Online Privacy and Protect Your Digital Identity?CMIT Solutions has compiled the following eight tips that restore some measure of control over what kind of private information is collected online:
- Review all of your accounts. Yes, we all use a lot of different applications. And yes, reviewing them all on our laptops, desktops, and smartphones will take some time. But basic knowledge about our digital identity is a critical part of any cybersecurity plan. Cybercriminals will often target discarded or neglected accounts to try and steal stored information like birthdates, usernames, and credit card information. To prevent that from happening, make a list of all the apps and accounts associated with your online presence, then delete or deactivate any that you don’t use anymore.
- Lock down your login credentials. Old passwords are another valuable piece of information that hackers can leverage. If a password is more than three years old, chances are it’s not nearly as secure as today’s standards require. Any password that’s reused across multiple accounts should be changed immediately to a long, memorable phrase that mixes letters, numbers, and special characters.
- Turn on multi-factor authentication (MFA) for all apps and accounts. This requires something you know (your password) and something you have (a unique code sent via text message, email, or push notification). Think of it like visiting the DMV or another government office, where you have to present two forms of identification to prove who you are. Is it convenient? Maybe not. Is it an extra layer of security that will make you feel safer? Yes. Multi-factor authentication adds another barrier in the way of hackers who might otherwise be able to gain access to multiple accounts if old passwords are stolen.
- Protect your private information. Any request for private information like Social Security numbers, bank account details, phone numbers, or birthdates should be met with immediate suspicion. Legitimate businesses should never ask for such data via email, text, or phone. Keep a particularly watchful eye out for time-sensitive requests that try to capitalize on tax filing deadlines, news stories, or donation efforts to trick you into divulging such important information.
- Refresh your online presence. Some people do this regularly by updating social media accounts frequently. Other people dread it by avoiding their old posts, photos, or activity. Set a reminder to check things monthly: update profiles, review new privacy and security settings on commonly used applications, and look for any suspicious activity. This can often help you avoid common social engineering scams and phishing attempts that try to take advantage of the information you’ve divulged in the past.
- Back up your data regularly. Many people wait to check on this critical step until a data breach or ransomware infection occurs. But by then, it’s often too late to test data backups and recovery methods. Instead, make sure regular, redundant, encrypted, and automatic data backups execute often, providing you with peace of mind and a reliable point of recovery in case disaster does strike. At CMIT Solutions, we securely store our clients’ data backups in a variety of physical and cloud-based locations to mitigate the risk of total data loss. We also integrate data restoration and business continuity procedures into all backup plans, helping companies recover any lost information as quickly as possible to support a return to smooth business operations.
- Roll out updates and patches for every piece of hardware and software. Several performance and security issues can be caused by apps and operating systems that lag too far behind current versions and up-to-date security patches. This goes for any device connected to the Internet: PCs, smartphones, tablets, Wi-Fi routers, and even smart TVs. It also applies to cloud-based applications like Microsoft Office or Adobe Creative Cloud and web browsers like Google Chrome and Microsoft Edge. A trusted IT provider can help with automatic updates that roll out during off hours to minimize disruptions.
- Securely dispose of old electronic devices. You can’t just throw old computers or phones in the trash: it’s environmentally unsafe, and it can cause serious cybersecurity problems. Treat old electronic media like you would old paper documents, which should be shredded and securely disposed of. If it contained important business data—or even a single administrative password—it needs to be handled by a trusted IT services provider who can wipe and confirm the deletion of login credentials, company files, and other identifiable info. Digital privacy isn’t easy, but it’s time to show our online selves a little love. — CMIT Solutions