Keeping your data safe isn't all that hard, but it is truly vital.
It's International Data Security Day, and many of you will have nodded off just reading the first four words of that sentence.
Data Security is one of those topics, like antivirus, backup and always going out in public in your best underwear that your mother probably droned on about when you were younger. Or maybe that was just my mum, but in any case, it's not an inherently exciting topic for most of us, right up until the point that something goes wrong.
That’s when the adrenaline starts pumping, because a breach in your personal data security will bring with it an entirely unwelcome sensation of unease, whether it's your private life or private bank account that's at risk.
Now, some issues around data security rest very much with the sites and services that hold that data, and there's only so much you can personally do if a big site suffers some kind of security incident.
While they're generally getting better – the introduction of the Notifiable Data Breaches scheme has no doubt helped there – there's still plenty to consider to maximise the security of your own data. That's true whether you're running a small business, working for a big business or just managing your own private affairs, too.
Encrypt with a VPN – but understand its limitations
At one time, VPNs were pretty much the exclusive province of the most tech-obsessed individuals (as well as plenty of businesses that use them everyday), but in more recent times, VPN providers have started to shift towards marketing themselves towards everyday consumers.
A VPN (Virtual Private Network) at its simplest offers an encrypted endpoint that you connect to in order to route your internet traffic from that source. It has the effect of somewhat anonymising your internet traffic, so they're a popular choice for folks dodging geoblock content restrictions, as well as a method to use certain services in countries where they're blocked.
China is a good example, as while VPNs sit (at best) in a legal grey area for Australian tourists to use while visiting China, I've had some luck using otherwise inaccessible services from there while visiting. Australia's metadata retention laws give an even stronger focus to using a VPN too.
However, there are limitations to the VPN approach that are worth keeping in mind. Google's heavy push into mandating HTTPS as a preferred platform for all websites by treating secure sites more preferentially in SEO terms has led to more encryption of data online generally, so the "value" of a VPN in that sense has been reduced.
Then there's the issues around what your VPN actually does with your data. Ideally, you want to ensure that as little of your data is logged by a VPN as possible, because any logged data is by definition tracked data. A VPN provider should provide security and privacy, but you're essentially trusting that your VPN provider won't instead capture your data for its own uses.
- Torrentfreak keeps a good eye on the logging and privacy implications of a range of VPNs; while its focus is obviously on torrenting pursuits it's a good primer on the basic policies of most of the bigger VPN players.
- We've got a guide to VPN technology to give you the full picture right here.
- If you're feeling in the DIY spirit, we've also got a guide to rolling your own personal VPN here.
Switch to a more secure email client
Gmail is great, and it's free – but it's free for a reason, and that reason is Google slurping up all sorts of details in order to more effectively serve you advertising.
If that leaves a sour taste in your mouth, consider flipping to a more secure email client to keep your private correspondence actually private.
Check your password hygiene
You should brush your teeth every day, because they'll get fuzzy and gross all too quickly. Passwords don't attract fuzz, except for the mental fuzz that still sees far too many people use the same passwords, and often insecure passwords across multiple sites.
I feel like I've been typing this sentence forever – and I've certainly written it more than one in my tech journalism career – but this is one of the most fundamentally basic and stupid mistakes that you can make. Using a single dictionary word as your password is essentially no security at all. No, "123456" isn't any better either.
In 2020, what you should be doing is using a password manager, and preferably every other security tool that your services offer, including multi-factor authentication for online services and biometric authentication for your physical hardware devices.
Yes, this does introduce a certain quantity of friction into your online experiences, but again it's much less severe than the chafing you'll feel if your accounts are hijacked.
No, this isn't a silver bullet that will keep you absolutely safe, because even multi-factor authentication can have holes in it depending on its implementation. But in the evolving world of online security, it's far better than leaving your entire online world open for anyone to peek at.
- Not sure if your email itself is secure? HaveIBeenPwned is the destination for you to check whether your email is listed in any known breaches. If it is, change that password ASAP.
- You might have great passwords, but does everyone you know? A password manager subscription makes an excellent gift that can protect friends and family members from their own worst instincts.
- Google has a good rundown of what you can do if your Google password — which you may well have used to log into countless other sites and services — is compromised here.
Check your browser hygiene
Most of what we do online is conducted via our browsers, and for the most part they tend to automatically check for updates in terms of keeping themselves secure.
That's not the same thing as them actually being secure when it comes to your personal data, because the moment you trawl the web, you're opening yourself up to a wide array of tracking methods, potential malware and keyloggers and much, much worse.
That's why it's a very good idea to keep the computer, phone or tablet you're using as clean as possible, with decent antivirus protection against keyloggers that could reveal your data all too easily.
It also means very carefully checking precisely what every extension you add to your browser actually does. It may be giving you some level of convenience, but is it enacting too high a price on your usage by tracking everything that you do online, and how comfortable are you with that premise?
If you're the type to always just click through the install screens, bear in mind that many may include an opt-in provision for data tracking that explicitly allows companies to collect and sell your data. They may do so under the guise of it being "anonymised", but if that data includes details like location data, or even in some cases the sites you're visiting, it may be easier than you think to be identified by what you've done online.
Now, you can always install extensions that explicitly block that kind of tracking and data collection, but again it's worth reading their privacy policies too. In order to block out many online tracking elements, a picture of your usage may be being collected by the very extension you're trusting to keep you private!
- Not sure how to check which extensions are installed on your browser? On Chrome, click on the three dot menu at the top right of the browser screen, then "More Tools" and then "extensions". If Firefox is your browser of choice, click the hamburger menu on the top right, then choose Add-ons. If you're a Safari user, click on Safari at the top Mac Menu, then Preferences and finally Extensions.
- Many Anti-Virus suites will include a browser extension that can help keep your data safe by warning you about sketchy web sites. However, as we've seen reportedly with Avast, you've got to know what kind of data those extensions are harvesting too.
- Google is the big player online for data, but did you know you can actually check all the data Google has on you? Here's how to see and change the way Google treats your online data.
Check the privacy settings for your online apps
Privacy policies and settings don't make for the most exciting reading, but they're not something you should set once and forget about.
Companies constantly change the way their privacy policies work, as well as the user interfaces that accompany them. Now, strictly speaking they should inform you of changes to their privacy policies, but again way too many folks skip through those screens or emails without checking the precise details.
Equally, changes to the privacy user interface of online services may change the way some selections actually work.
It's especially true for the big players in this space that absolutely rely on trading your privacy for their services.
Google can do what it does because you allow it to track and store your location data and browsing history. Facebook's data scrapers can track you from site to site – because you allow it. Now, for some that's a tradeoff that they're very comfortable with, but that too can change over time.
- Again, checking what Google knows about you and how it collects it can be seen online. It's a little bit of work to toggle everything to your tastes — but it's well worth considering.
- Facebook has changed its security profile settings a number of times over the years, so if you haven't checked your security settings recently, it's well worth doing so. While it may change by the time you read it, right now you'll find it from a computer-based browser by clicking on the triangle menu icon at the top right of any Facebook page, then clicking on settings and finally privacy. One quick trap here to avoid is to only look at the Privacy settings. It's worth also making sure you're happy with how Facebook handles matters such as facial recognition, tagging you into posts and location tracking as well.
- Sites such as TOS;DR collect and rate site and software EULAs, giving you a simple guide to many hidden traps that lie behind the kinds of legalese that you probably click through without thinking twice about.