Privacy Protection: What a tech expert does to protect their data online
In today's perilous digital environment, the importance of keeping personal data secure cannot be overstated. With the rise of cybercrime and data breaches, it is more crucial than ever to take steps to protect your sensitive information.
To help you navigate the complex world of online security, I am sharing the key steps I take to protect my privacy and data.
Why does my opinion matter you ask? As a technology expert with over two decades of experience, I have helped numerous businesses build and implement systems to protect their privacy, data, and employee devices. I helped some of Australia's largest corporations defend against cyber attacks and some of the processes and controls I implemented for those businesses; I replicate in my own online interactions.
Protecting your personal data should not require a degree in cyber security, the strategies I use are simple and straightforward but have enormous potential for protecting your privacy and personal information.
1. Email address trick “catch all”
I never provide my real email address when creating online accounts, subscribing to newsletters or interacting with websites when asked for my contact details. Instead, I have my own private email domain and provide a unique email address to each.
I don’t need to create a new account each time, because I’ve configured my domain as a catch-all so any email sent to any address at my domain name will arrive in my inbox. For example, if you own the domain emaildomain.com, you can create email address variations by adding characters and names combined with the at sign (''@'') before the domain name and you will receive those emails.
Say you need to provide an email address for booking an appointment at Smile Dentist, you can provide the email address [email protected] or [email protected] and you will receive emails sent to that address. I do this for every site and every business. I use the name of the business or site in the email variation and this helps me filter out spam and prevents my real email from being shared or sold to third parties.
More importantly, as I create unique email addresses and use the organisation or website name in the address, I can track if a specific one gets sold or leaked and then easily block the compromised email address.
In cases where an organisation is not meeting its legal requirements to protect my data, I can report them to the authorities.
Many hosted services including Microsoft Exchange Online allow businesses to achieve the same outcome with sibling email addresses by using a plus sign ("+") in the email address.
For example, [email protected]. This may need to be switched on by your system administrator at work, however many personal email providers allow this by default.
2. Password manager
I use a password manager to generate and store passwords for all my accounts. This eliminates the need to remember multiple passwords and ensures each account has a unique and strong password.
While this takes some time to get used to and changes the way you manage your passwords, once you are using a password manager on all your devices and for all your accounts, it makes logging in and signing up for services much easier and more efficient. At the same time, a password manager provides tremendous security benefits that will help protect you against some of the most common account takeover cyber-attacks happening in the world right now.
Whenever you sign up for a new service, ensure you use the password manager to generate a strong and unique password, then save those details to the password manager. The only password you will need to remember is the one for the password manager as it saves all your login details for all other services, sites and accounts.
When you buy a new device, installing your password manager should be one of the first things you do as this will allow you to easily set up all the software and web services you need and use.
Many password manager solutions also provide two-factor authentication. It can also be used for securely storing credit card details and other contact details, which is incredibly helpful and efficient when needing to fill out forms or provide that information over the internet.
Another benefit of using a password manager is they provide insights and recommendations on how to improve your security. This includes notifying you when a website is breached and prompting you to update your password, notifying you if your password becomes compromised and notifying you if you are using the same password for multiple accounts and logins.
Using a password manager also removes the need to use an in-browser or operating system password manager, which are do not work on all browsers or all devices, making them much harder to adopt.
Once you have purchased and set up a password manager, I recommend disabling any in-built or browser vaults.
I also do not create accounts or logins on websites that do not allow for complex passwords or do not allow me to use my password manager.
3. Never use a phone number for verification
I never use my phone number for verification or two-factor authentication. This is because phone numbers can be spoofed or stolen, leading to unauthorised access to my accounts.
Instead, I use my password manager or other software authenticators for two-factor authentication.
If services and sites allow authenticator tokens, use this as your preference. If this is not available, use email. Only use SMS authentication as a last resort as it’s still better than nothing.
Businesses should also follow this authentication method and level of control; it is not enough to use SMS as your only method of two-factor authentication.
5. Avoid using real names, birthdays, and ages unless legally required
Never give your real age or birthday unless legally required as this information can be exploited by cybercriminals and used to identify you.
Instead, I create fake birthdays and store this information in my password manager.
I also strongly advise against sharing your birthday on social media because, again, this can be used by cybercriminals.
Even most of my friends wouldn’t realise they don’t know my actual birthday, and I typically just celebrate it whenever I feel like it.
6. Assume secret questions are not so secret
When it comes to secret questions like providing your mother's maiden name, do not give that information out!
Things like your mother's maiden name, your first pet, the address of the first house you lived in or the high school you attended.
These types of questions ask for sensitive information and deliberately ask for information only you would know. If an organisation or website storing this information was breached or your responses were leaked, cybercriminals could use that information to access some of the most sensitive services you use including your bank account.
This is why I do not accurately respond to secret questions and instead use my password manager to generate and store unique answers and passcodes for these fields. In the event my responses become leaked, they would have no value and would not disclose any personal information.
For example, I can add the mother's maiden name as cEqp*.QP9mwvVfsb!W and I provide a different answer to every site that asks for this information. And, as I save everything in my password manager, I don't need to remember the different responses.
7. Avoid online personality tests and IQ tests
I do not undertake personality tests, IQ tests, or any other survey online, particularly with unreputable sources.
The value of this information is often misunderstood and it could be used to exploit your privacy.
These are tools for gathering very rich information about you. Information that could be sold to other parties and used to build reasonably accurate online profiles about you, which may not work in your best interests. For example, the information you provide in such tests could be used to determine your buyer behaviour or susceptibility to being defrauded.
When it comes to using the internet and what is private and unique about who you are, make sure you only provide that information to reliable services.
8. It is never too early to educate your kids
Teaching children about online privacy and safety from a young age is essential.
At the same time, do not give your children unsupervised internet access until they are mature enough to handle the responsibility of being online.
Do not allow your children to learn about the internet and the dangers of the internet from direct exposure. We do not want our children to be in a situation where they can make mistakes, we want them to have the education and resources needed to understand, recognise, and avoid online dangers.
When it comes to the internet, the entire world is at your children's doorstep and there are no safety mechanisms, there is nothing built into the structure of the internet that prevents them from being exposed to things that could be dangerous and traumatising.
Introduce your children to the internet carefully and responsibly so they can understand appropriate use and behaviour. You will not be able to monitor your children's internet use 24/7 so you want to ensure they can keep themselves safe.
As with internet use, do not allow your children to use social media unless they are old enough and mature enough to understand and manage the dangers. This includes only accepting friend requests from people they know and understanding and managing online bullying and harassment.
It is equally important to educate your kids about not sharing personal information, photos or their location online and particularly how to avoid any interaction with strangers. For example, friend or chat requests from kids they do not know are things your children should immediately decline and report.
10. Read, and I mean read privacy policies
I thoroughly read every privacy policy as they detail extensive information about the specific business, their intentions, why their business model exists and how they intend to interact with me or my information.
People tend to engage with different sites or create accounts without reading privacy policies. My advice is to read them, do not just accept them without fully understanding what you are accepting or the intentions of that site or business.
What you will find from reading privacy policies is that some organisations will not align with your best interests, but some will.
There are some key things to look out for when reading privacy policies, including if it is stated your information will be sold to third parties and what kind of third parties. Make sure you understand what information they intend on sharing, understand why and only proceed if you are comfortable with that information being shared or sold.
Look for clarity and transparency regarding the types of organisations or parties the business intends to share your information with and ensure it is clearly stated for what purposes. It is a red flag if the privacy policy is unclear or obscured, particularly about sharing your personal information.
There are also online resources like Terms of Service Didn’t Read, which rates and scores privacy policies.
Are you ready to protect your privacy?
These are the strategies I use for safeguarding my personal data and privacy. While the steps and approaches are repetitious, these measures allow me to minimise the risk of having my personal information exposed.
By following these tips, you can reduce the risk of identity theft, financial fraud, and other online security threats, and enjoy greater peace of mind in your digital life.
Martin McGregor
Privacy Protection: What a tech expert does to protect their data online
By following these expert tips, you can reduce the risk of identity theft, financial fraud, and other online security threats, and enjoy greater peace of mind in your digital life.
Glyn Geoghegan
Three core privacy mantras for Aussie businesses to live by
In recognition of Privacy Awareness Week, Glyn Geoghegan shares three core privacy mantras for Australian businesses to live by. This comes at a time when consumers are pulling back from sharing personal data and have increased concerns about their privacy.