Protecting Your Personal Information Online: Tips and Tricks
Nearly everyone uses the internet daily at work, while online shopping or banking, interacting on social media, or in many other contexts. Sharing information online has become so common that many people don’t even give it a second thought. However, despite efforts to make it safer to share personal information online, there are still many risks that internet users should be aware of.
Businesses can help keep personal information safe by utilizing up-to-date software and hardware and developing administrative controls, such as better policies. However, businesses must also educate employees on how to improve their online habits and data security practices.
Understanding The Threats
Before we can discuss how to protect your personal information online, it is essential to understand the current threats you may encounter online. Cybercriminals constantly modify their tactics to keep up with changing security measures and find new ways to deceive consumers. Cyberattacks are becoming more complex and often include multiple stages, which means businesses and consumers need multiple layers of protection.
- • Phishing attacks – The hacker sends an email or text message with a link to a website that closely resembles a real one. When the user enters their login credentials, the hacker can take that information and access whichever account they are mimicking.
- • Malware and ransomware – Malicious software that can delete and modify files, making your computer unusable. Ransomware is malware that can encrypt files until you pay a ransom to access them. Malware can come from email attachments, malicious websites, hacked or compromised websites, or many other sources.
- • Social engineering – The hacker tricks the user into divulging sensitive information. Hackers may do this via email, text, phone, or social media. They can often use this info to guess passwords and gain access to accounts.
- • Mobile apps – When you install a mobile app, you may choose to grant specific permissions. Many apps ask for excessive permission and gain access to data such as your exact location, photos, contacts, or other personal information, which they then sell to third parties.
- • Remote access – If unauthorized individuals gain remote access to your device, they can wreak havoc by installing malware, stealing data and login credentials, and compromising accounts.
Limit What You Share
The simplest way to protect your personal information online is by simply not sharing it. However, just like the world couldn’t continue quarantining forever to prevent the spread of Covid-19, everyone must choose the level of risk they are willing to accept and then take steps to mitigate that risk.
While it is necessary to share some level of personal information online to function in today’s society, you can make intelligent choices regarding how and who you share information with. Not all websites have equal security measures in place.
For example, most banks follow strict security protocols, so consumers can safely and confidently participate in online banking without concern. However, if a consumer wants to link their bank account to a third-party personal finance app, they should look closely at the company’s reputation and terms of service. A lesser-known app developer may not have the resources necessary to provide adequate data security. In the worst-case scenario, someone may have developed a deceptive app specifically to steal bank account information.
In addition to sharing data during online transactions, many people share a great deal of information via social media. Social media is a valuable tool but comes with some significant risks. Information you share on social media could help hackers guess your passwords or even give them gain insight to help carry out a phishing attempt. For example, suppose an employee posts information that is not publicly available about where they work, who they work with, and even details about projects they are working on. Hackers could easily use this information to impersonate a supervisor or colleague in a phishing attempt.
Businesses should conduct official risk assessments to understand how they share data online and identify any risks. Additionally, individual employees should learn to assess whether the information they share will likely stay private and consider the potential consequences if that information gets into the wrong hands. This “assessment” can be a quick mental check rather than a formal process. As employees gain awareness regarding data security, they will be more prepared to make informed decisions regarding online data security.
Secure Your Accounts
Creating strong passwords is the first step to securing your accounts. Long passwords with numbers and special characters can feel overwhelming to create and remember, so many people take shortcuts by reusing the same simple password across multiple websites. Cutting corners with internet security is never a good idea.
The best passwords are at least 12 characters and contain a mix of uppercase and lowercase letters, numbers, and special characters. You should not use personal information or common dictionary words in a password.
Fortunately, you do not need to worry about remembering these complex passwords if you utilize a third-party password manager. This tool is separate from browser-based password managers, which we don’t recommend for safely storing sensitive passwords.
Another tool to increase account security is multi-factor authentication, which often involves entering a code sent to your phone or email or answering a security question. Even if a hacker figures out your password, they can only access your account if they complete that additional step, which is usually unlikely.
Secure Your Network
Any company could become the target of a cyberattack. Once a hacker has access to your computer or network, they can easily access the information you enter or transmit online. Installing firewalls and antivirus software and updating them often is critical in preventing cyberattacks. Businesses should conduct regular threat scanning to identify and address vulnerabilities.
Remote work has become increasingly popular but comes with unique risks. In the past, businesses only had to worry about network security within the walls of their workplace. Now, employees may access company data from their home office, coffee shops, or even the beach. Public wifi networks leave the door wide open for hackers to access personal information. Remote employees can use a VPN to increase security, but they should still always log in through a secure, private wifi network.
Use Critical Thinking
Even if you lock the doors and windows to your home and install security cameras and alarms, you must still remain vigilant. Intruders could come disguised as a salesperson or a repairperson to trick you into inviting them into your home. The same is true with protecting your information online. Even when you do everything you can to secure your accounts and networks, people are still the weakest link in privacy and security. Would-be hackers and scammers have numerous tactics to deceive you and persuade you to share information you would not otherwise share.
Internet users should always be aware of potential dangers. Here are some things to be aware of:
- Verify the site is secure, especially before making a payment or entering financial or other sensitive information. There should be a small padlock on the lefthand side of the address bar, and the URL should begin with HTTPS rather than just HTTP, where the “S” stands for secure.
- Make sure you have the correct URL. Scam websites often closely mimic a genuine website, for example, using an “i” instead of “l” in welisfargo.com, which users may mistakenly believe is wellsfargo.com. They may also use .com instead of .edu or .gov to mimic an official site.
- Don’t click on links or download attachments in emails from unknown senders. This advice seems easy enough to follow, but when cybercriminals disguise phishing attempts as an email from someone you know, it takes a bit more attention to detail to realize it is a scam.
- Be skeptical of emotional or urgent messages. Scammers often use these tactics to trick users into taking action by sharing personal information or granting access to accounts immediately before they have time to think things through.
- Beware of requests for remote access. You may wonder why anyone would willingly permit a hacker to access their phone or computer remotely. Unfortunately, it is more common than you might think. Hackers may pose as tech support and offer to help you resolve a problem remotely if you give them access. With that access, they can access your data, stored passwords, and more. Only give remote access to a reputable tech support company or individual, and only if you’re the one who reached out to them for help. Legitimate companies will not contact you requesting remote access to your computer or phone.
Your Personal Information is Your Responsibility
Businesses can go to great lengths to install the latest antivirus software, implement protocols, and provide training for employees. While businesses must do their part, these measures will be most effective if employees also understand their role in protecting personal information online. As businesses create a culture that values internet security, they can prevent data breaches that cost money and resources and stifle growth.
uRISQ is a comprehensive privacy and security program that can help businesses stay up-to-date with data security. We provide tools to meet each business’s unique needs and the support necessary to educate and empower employees and improve overall data security.