How to protect your online privacy: 11 simple tips to protect you and your business

By on Nov 2, 2013 in Blog

Online privacy has been pretty hot topic for some time now – from the latest NSA allegations over systematic public monitoring, to concerns over sharing of user activity data, to natural human concerns about what happens to their personal information.

As security experts, we are often tasked to help improve privacy protection and secure access to personally identifiable information. In fact there are a lot of regulations that govern such actions like HIPAA, PCI-DSS etc.

Accordingly we’ve put together this list of 11 simple privacy protection actions that anyone can use. A more advanced version of this guide will be published later for those who want to take their privacy protection to another level entirely.

Disclaimer: mention of specific products, services, or companies should not be taken as endorsements or recommendations by SCWOA. These are provided as a starting point for readers only.

 

1. Use the privacy settings on your web browser

Web browsers generally do not come with their privacy settings preconfigured. This means that you may be inadvertently sharing your personal details without even knowing it.

If you’re curious to see what kind of information your browser is dropping about you – check out BrowserSpy.dk to put your computer to the test.

Without using some protections, it’s pretty actually easy to get someone’s email address or contact information – whether you are a legitimate business or scam artist waiting in the wings. In either case, changing the default settings in your browser is a simple way of improving your privacy protection.

  • To set this up – go to the Setup / Options / Preferences menu in your favorite browser – and you will find a number of options related to privacy and sharing / storing of data in the browser.
  • Enable / disable the settings of your choice (each browser is different) – a good one to select is the “Do Not Track” option for example (reputable businesses will follow this, others will not).
  • Remove or anonymize any personal data stored directly in the browser. This information will get sent to any site that asks for it, and you should only send this info using secure forms on sites you trust.
  • If you are unsure of what any options do or mean – use the supplied support links to gain a proper understanding of how the browser handles your information.

Important: browser settings can revert back to default settings when you install a new version. Make sure to check these settings whenever there is a major upgrade e.g. from version 2 to version 3.

 

2. Take control of your cookies

Cookies are another hot topic where many new government regulations are being considered – and you may have already seen their effects in action (such as new notifications). Cookies are basically small bits of information that websites store on your computer for any number of reasons.

Most cookies are harmless and rather useful – for example remembering your login details during a session or processing your purchases. Other cookies can be used for data mining and tracking your activities – and there are more than a few advertising companies that are little more than cookie sharing rings. There are also such things as “supercookies” which give advertisers even more advanced tracking abilities.

Here you can see a demonstration of how cookies work.

  • Upgrade to the latest browser version you can. Newer browsers have introduced more sophisticated cookie management tools, and you’ll need those to control cookies on your computer.
  • Go back to the Setup / Options / Preferences menu in your favorite browser – and look for the settings that let you manage your cookies.
  • Turn on “Cookie Warning” or the equivalent option. This lets you see (via an alert box) when a site attempts to send you a cookie, and then you’ll have the option to allow or prevent access. The idea of course is to only allow cookies when you absolutely need them – for example to complete an order.
  • Try using a browser plugin to better manage your cookies – for example DoNotTrackMe, Ghostery, and CCleaner are available for all major browsers.

Important: You should not turn off cookies entirely, as this will drastically affect your online experience. For example most ecommerce stores and internet streaming services depend on cookies to function. If you choose to use management software you can usually whitelist your favorite sites which go around this issue.

 

3. Stop scripts running automatically on your browser

Auto-scripts are nice in theory but usually annoying in practice. Some sites like to run JavaScript, Java, Flash etc. as soon as you visit their page – which can be nice on a trusted site (say your web bank) but that does not mean you should allow this to happen with ANY site you visit.

It’s simply way too easy for someone to abuse that level of access, since such scripts can easily be used to track your activities.

You can download NoScript for FireFox and NotScript for Chrome to take care of that for you.

 

4. Forget about privacy at work – keep your personal life separate

It is a false assumption to believe that your workplace is protecting your privacy. In fact in most US states and likely many countries – you have no reasonable expectation of privacy. Most of the time is this due to very real liability issues, which may even be offered up as protection to your benefit e.g. harassment or negligence cases.

The point is, the boss is not your enemy (at least for the most part) – because there are valid legal reasons for monitoring employees – but this still means you should keep your personal details away from work computers because employers are legally allowed to monitor you. This means your banking passwords and personal emails etc. are all fair game. It is none of your workplace’s business what you get up to on your personal time – so keep it that way by keeping it off your work computers.

 

5. Be wary of sites offering rewards or prizes for your information

Too often it turns out – the actual prize on offer is YOU i.e. your email address and other personal details. That shiny new iPad may seem tempting, but it is only there to entice you to give up your much more valuable personal information. Reputable offers and promotions do exist, but your information is almost always sold later (read the terms and conditions to find out).

For business users there are reputable sites will also offer specialized information or some other service in exchange for your information. In many cases this information is recorded for the company’s use only e.g. as part of a campaign, and will not be sold to another party later (as this diminishes its value – you are “their lead” after all). You will have to weigh the value received for the value provided in order to make the right judgment call.

 

6. Start using a throwaway email address

Sometimes you will come across a website or service that demands an email address from you before allowing access – or worse they want you to connect your social media accounts to their service. Occasionally you come across a site that looks a little sketchy, but they still offer something you want or are willing to take a risk on.

Regardless of the case – you should sign up for a free email account (say Yahoo, Gmail, or Hotmail) – and keep your “real” addresses only for family, friends, and work colleagues. Whenever your throwaway inbox gets too full of spam messages – simply kill it off and start a new one. Easy peasey.

 

7. Do not reply to spammers – EVER

Likely you are already familiar with spam and rather tired of it. When you receive an unsolicited email however – under no circumstances should you reply to this message!

The reason for this is simple. Spammers usually have no idea whether an email address is being checked or not – which means most spam emails are quite literally shots in the dark.

If you reply to their message – even if it’s to use their rather ironically included “unsubscribe” option – all you are really doing is confirming that THIS email address is being actively used. Therefore you can quickly expect many more spam messages to follow.

 

8. Always use secure connections when submitting your information

Never submit a credit card number or any other form of sensitive information, without first checking that your connection is secure. You can check this on the address / URL bar of your browser – for example a closed lock icon on Windows, or an unbroken key icon on Macs.

Alternately you can check the address itself. Most web addresses will start with the “http://” to indicate an unsecured connection. You will always want to see the additional “S” (for secure) so it looks like “https://”.

If you do NOT see this additional “S” then take your business elsewhere. It is as simple as that, because this company obviously cares so little about your security that they won’t even take the basic precautions!

 

9. Install an Adware / Spyware blocker

Fed up of annoying ads? Get rid of them forever with Adblock Plus. Remember to white list your favorite sites though so you can still support them.

For more advanced Malware protection:

Note that newer Windows machines will come with Windows Defender already enabled. This is a free service from Microsoft and does a pretty good job of malware protection for the most part – though some people may prefer the more advanced tools available from other applications. Mac and Linux users will need to install their own separate malware protection.

 

10. Examine privacy policies, seals, and other clues

Before you decide to do business with a website, take a look around to see for signs of legitimacy:

  • Is there offline contact information available? Including a postal address?
  • Do they have a clearly visible privacy policy? If so, what does it say? Some policies are little more than disclaimers that say you have no privacy and they can do what they like with your info!
  • Examine their trust marks if available. For example seal programs such as VeriSign, BBBonline, TRUSTe, and some business registrars can be very helpful (even if sometimes imperfect) – and you should be able to confirm the authenticity of a website through those means i.e. not all seal-issuing sites are real!
  • Is there some way to verify the authenticity of this site? Some web searching can help. What is their reputation? Do you know anyone who has dealt with them before? Are they a registered business?

 

11. Use a password manager

Before we get biometric scans rolled out on a wide scale, you likely are using several to a dozen passwords and PIN numbers for all your various accounts – and if you’re not – then you really should be. If you really only have one password for all your accounts, then someone can essentially gain access to your whole life in one swoop!

Password managers let you balance security with convenience. Use the most complicated passwords you can think of, and you can use a service like LastPass, Password Genie, SplashID Safe, or KeePass to remember them for you. Overall this is a very easy way to keep more secure as long as you don’t forget your master password!

 

Final Thoughts

We’ve gone over a number of topics today, and yet there is still a lot more you can do to ensure your privacy. Encryption, Firewalls, and VPNs are good examples of more advanced privacy protection techniques which were not discussed here, but will certainly be included in our advanced guide (to be published later).

Privacy is a serious issue that everyone should be concerned about, so we hope that you’ve learned something valuable today about taking control over what information you choose to reveal – and more importantly when.

Post a Reply