by Larry Magid
Sunday is “Data Privacy Day,” when a host of companies, nonprofits and government agencies remind people to take steps to protect their privacy. The event is sponsored by the National Cyber Security Alliance (NCSA)
Alliance executive director Russell Schrader said in a recent interview that “everyday should be Data Privacy Day,” and I agree. We need to think about our privacy regularly. Still, it’s a good time for industry and the government to concentrate on policies, procedures and their enforcement, and for the rest of us to focus on our personal privacy. On a similar note, Feb. 6 is “Safer Internet Day,” which is hosted by my nonprofit, ConnectSafely.org. We’ll be holding an event that day for middle and high school students in Austin, Texas, that will be live-streamed at SaferInternetDay.us/livestream.
Click below to listen to Larry Magid’s 3 minute conversation about data privacy with National Cyber Security Alliance Executive Director Russell Schrader
When I asked Schrader to share his top privacy tips, his answers seemed like a primer for security, which makes sense because privacy and security go hand-in-hand. “Always update your software,” was his main advice. “There are bugs that are constantly being fixed behind the scenes,” he said, “but they don’t do any good unless you install them.”
I agree, even though there are occasional updates that backfire, such as Intel’s much maligned “fix” to the recently disclosed security flaw in its processors. After rolling out the patches, Intel recommended that “OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior.” The company is working on another fix, which hopefully won’t cause machines to spontaneously reboot.
Despite this unfortunate situation with Intel, I continue to make sure my devices are updated with the latest versions of operating systems, browsers and other essential software because the risk of a bad fix is significantly lower than the risk from not applying these security updates.
Schrader’s second tip is to beef up your passwords. He recommends a “pass phrase” rather than simply a password. Such a phrase should be relatively long – perhaps 20 characters or so and consist of seemingly random words strung together along with numbers, symbols and upper and lower case letters. Think of something that you can remember but others couldn’t guess such as YellowChocolate#56CadillacFi$h.
Don’t use the same phrase for every service. They can be similar but slightly different by adding a word or letters that will remind you of the service associated with this particular variant of your pass phrase. Another trick is to come up with a phrase and use the first letter of each word such as I met my friend Sally Smith at a dance party at Lincoln High School in 1988. That would be “ImmfSSaadpaLHSi#1988,” which is both long and meaningless.
Schrader also advises people to “think before you share to own your online presence, and always be aware of what you’re posting.” He compares personal information to money: “you should value it, and you should protect it.”
I’ve also seen people post publicly on Facebook or Twitter when they meant to send a private message. Both services allow for private messaging, but you had better learn how to do it so it’s really private.
Another thing I’ve experienced is accidentally forwarding emails to the wrong person or having private information as part of a thread of a message that eventually gets shared with others. A number of years ago I got a slightly unpleasant email from an editor, which I forwarded to my wife with a comment but instead of hitting forward, I hit reply. Remarkably, my career at that newspaper didn’t end that day, but it could have.
There are tools we can use to protect our privacy and security, but we need to know their limits. Most browsers have a private or “incognito” mode which prevents the browser from keeping a history of what you do, but that doesn’t prevent the servers you interact with from recording your activities.
A virtual private network such as ExpressVPN or NordVPN can make your computer look as though it’s located in another city or country through a secure connection. VPNs go a long way toward protecting your privacy and security, but if your machine is infected with a keylogger, that data can still be captured. VPNs can sometimes affect performance, although my recent experience with ExpressVPN has been pretty good as long as I route my communications through a city in the U.S. When I routed through Europe, it got noticeably slower.
While some aspects of our privacy are under our direct control, some aren’t, which is why it’s important to try to deal only with reputable companies, know their privacy policies and hold them accountable. There are also privacy policy issues that individuals can weigh-in on but not control such as Congress’ recent act that gives internet service providers more rights to use our data. To influence those important privacy policy issues, we need to be vigilant and make our voices heard.