The Everyday Person’s Guide to Privacy & Security: Avoid Identity Theft, Hackers and Data Breaches

Privacy is a hot topic in the 21st century… from Facebook’s blunders in Congress to Tom Brady destroying his cell phone after the Superbowl, everyone knows an ever-connected world means less anonymity.

First off, let’s be positive… I’m sure you have nothing to hide!!

It’s not all bad–airlines are becoming more secure, criminals are easier to track, and anyone can check if their kid’s teacher is a sex offender.  This is fantastic news–we are living in a safer, more peaceful world. If governments do their jobs properly and do not misuse this information, the world will improve. And, you can do your own part by making sure you’re using the best VPN you can find.

Unfortunately, criminals, corporations, and governments can use this information in harmful ways too. Identity theft is on the rise and people have become incredibly careless with their personal information online, opening the door to misuse of this information.  Do you really want Apple, Google, and Facebook to know everything about you?  Yes, they are literally watching your every move.  If you have your phone in your pocket and Location Services on, they know! According to Home Security Heroes, some of the largest data breaches happened in recent years and on social media platforms like Facebook and Twitter.

This article isn’t about “big brother” or scare tactics.  It’s my guess that if you are a reasonable person, you’ll probably want to take steps to protect your own privacy and security… Especially when it comes to your family and finances.

Disclaimer: Consult your IT professional or lawyer for expert advice.  Consult the police if you are in danger.

Basics Guide to Privacy & Security

• Use a VPN Blocker.  Hide your IP address, so you can’t be tracked.  VPN Blockers aren’t just for watching Netflix abroad.  All the information your pass over the web will be encrypted.  This is critical if you are using public wifi to avoid “man in the middle” interceptions.  Do not make a transaction online without a VPN Blocker.
• Use a wireless hotspot instead of public wifi.  If you are banking or making a purchase, tether your “Personal Hotspot” from your iPhone or 4G device.  Small-time thieves sit in cafes and create their own wireless accounts like @freewifi or @thenameofyourcafe–you connect unknowingly and they intercept your data.

Passwords

• Create complicated passwords. Did you know your Gmail password can be 60 characters? Password cracking programs literally try every combination of characters starting with words in the English language. Don’t use real words in any language and make them long.  60 character passwords nearly take a supercomputer to decode.
• Use a password manager. There is no chance you’ll remember that 60 character password so invests in LastPass or 1Password.  Google Chrome and Apple Safari now have similar features.  Use a good password and don’t worry–if you are locked out of your password vault, you can still reset your individual accounts via email.
• Use Two Factor Authentication.  Even if a hacker gets your password, if you are using 2FA you’ll still be safe.  Use the Authenticator App, VIP Access, or RSA Token so when you log in you’ll have to verify it’s you with a code on your phone.  Don’t use 2FA via text message because thieves can call your cell phone company, pretend to be you, and forwarded the messages to a new phone!  Plus, you may not be able to receive your SMS if you are abroad. Keep your backup codes in your password manager and in a safe at home.
• Have a personal and/or junk email address.  Meet someone you aren’t sure about?  Give them the junk mail address where they can’t bother you.  If a company has a data breach, only your junk mail address will be leaked, lowering your chances of being a target of phishing scams.

Social Media Security Basics

• Delete Facebook or know the Privacy Policy.  After Facebook’s slew of privacy problems including leaking personal info and publishing things that were supposed to be private, people are wary.  Turns out they were reading people’s text messages without asking, too!
• Run Facebook Privacy Checkup and lock down your account for maximum privacy and security.  It’s better you don’t log in via Facebook all over the web.  You are giving Facebook and other sites much more information than necessary.
• Run your Google Privacy Checkup to do the same.  Best not to log in everywhere via Google either.  If someone has your Google password, then they’ll have access to all your accounts you log in to via Google.
• Use Facebook Secret Conversations. If you are going to use Facebook Messenger use the new encrypted “secret conversation” feature.
• Use an encrypted messenger. For sensitive conversations, passing addresses, dates of birth, or credit card information use the encrypted WhatsApp (owned by Facebook) or other encrypted programs like Telegram or Signal.
• Accountkiller.com has instructions on how to remove your info from all sites across the web.

Phone Security Basics

• Turn Off Location Services.  There is no sense telling all these companies your exact location, especially if it fell into the wrong hands.  For practical purposes, you can allow Uber, Lyft, Google Maps, and Waze see your location only when using the app.
• Download a VPN Blocker for your phone too.  NordVPN and Hotspot Shield are two cheap options.
• Don’t make transactions over WiFi. Use your cellular data to ensure you are connected to a more secure network.  Be sure your VPN Blocker is on to encrypt the information sent via your cell phone carrier.
• Don’t allow access to your camera or microphone.  Apparently, there are backdoors built into a lot of these apps that will make you think twice about texting in the shower.  Why not put a piece of tape over your webcam?
• Delete any unused apps.  The more apps you have, the more vulnerable code there is.  Think about it like home security–a huge house with lots of windows will be difficult to secure.
• Make sure your wifi doesn’t connect to random networks.  Keep the wifi off on your phone if you aren’t using it.  You should delete networks named things like “Public Wifi” or “AT&T” or “Starbucks” after you are done with them.  Hackers create networks with the same names and your phone will automatically connect to them.
• Have a Google Voice number to give to strangers and companies.  You can have it forwarded to your cell phone so you still receive the calls and texts if you want.

Identity Security Basics

• Stop giving out your home address.  This is just common sense not to tell the whole world where they can find you sleeping.  Get a P.O. Box or a Personal Mail Box at a UPS Store.
• Check your credit regularly with the three major credit bureaus Experian, Transunion, and Equifax.  Check to see if there were changes to your credit that weren’t you.  Correct them now, so there are no surprises when you apply for a loan, mortgage, or credit card.
• Freeze your credit.  It’s a pain, but it might be the most important thing you can do to prevent identity theft.  Call the three bureaus and tell them to put a freeze your credit. This way nobody can open up a credit card or use your identity. You’ll have to call and give permission each time someone wants to check your credit.
• Google yourself and see what pops up. Manage your reputation with a tool from my friends at Brand Yourself.  DeleteMe will unlist your information from creepy background check sites like Intellius, Whitepages, BeenVerified, PublicRecords.com, etc.

Other Basics

• Run a background check on yourself on the above sites and prepared to be freaked out.  If you don’t want to pay for DeleteMe, you can fill out forms on each website where you find your name, address, phone number, names of family members, property, etc., and ask them to remove you.
• Register for the Do Not Call List.  Stop pesky telemarketers from calling you, register your phone number at the US Government’s donotcall.gov.  Legit telemarketers will not risk calling you, so if you do receive a call from someone phishing you can be assured it’s a scam.
• Register for the Do Not Call List of Junk Mail.  An old-school way for crooks to steal your identity is to steal your mail or sign you up for credit card offers.  The Data & Marketing Association offers a service so you stop getting junk mail. Saves time and the environment. There is also one for email.
• Register to stop credit card offers.  Enroll to stop getting pre-screened credit card offers.  You can do it online and giving your social security number is not mandatory.
• Use an identity monitoring site.  Sites like Life Lock will monitor your credit and online reputation for you.  It’s expensive, but a good idea for people who aren’t careful online and don’t want to take extra steps like freezing their credit.
• Haveibeenpwned.com will tell you if your personal information has been exposed in a data breach.  Also, the companies are legally obligated to email you depending on your state. Marriott just leaked 500 million customers’ information.  Ouch!

Business Security Basics

• • Have a business address.  It’s always a good idea to keep your personal and work life separated.  Co-working spaces, post office boxes, UPS Store Personal Mail Boxes, or mail forwarding services offer addresses you can use.
  • Utilize access card systems. Brick and mortar establishments can enhance security by utilizing access card systems to secure company data and devices. These platforms monitor, track, and grant authorized users access to restricted areas, dramatically reducing the risk of theft.
  • Share passwords via a password manager.  Don’t create easy passwords and don’t copy and paste them to send across unsecured networks.  Share them securely via LastPass or 1Password.
  • Pay for extra users and don’t make them administrators.  If your whole company shares one login account, you are asking for trouble. When your company has turnover, you can simply delete editor accounts.  Don’t expose yourself to disgruntled employees or ones who now work for competitors.
  • Change Passwords Regularly.  If you are sharing logins, change passwords often, especially when someone leaves the company.  Even if you don’t share logins, change passwords at least every three months, especially on accounts that don’t have 2FA.

• Other Options

  • Require your employees to use Two Factor Authentication.  Take the time to explain that a company’s security is only as strong as itstheir weakest link.
  • Have a data breach plan in place. Consult your attorney and understand local laws in case you do leak customer data. Be prepared to email customers if their information is compromised.  Look into cyber liability insurance.
  • Have a GDPR compliant Privacy Policy and Terms of Service.  Europe has attempted to get serious about data protection and violators face big fines.  There is a good chance your American attorney won’t understand the issue, so find an expert or start by doing the research yourself.
  • Make Your Domain Names Private.  Did you know anyone can see your personal details if you own a domain name?  GoDaddy allows you to block the WHOIS Lookup and hide this information for about $10-$20/year per domain.  So, if you don’t want competitors to know about other websites you own, this is important.

Computer and Browsing Security Basics

• Have a password on your machine and be sure it pops up each time you log out or walk away from the computer.  Duh!
• Keep your computer updated.  Many of those annoying updates are patches for holes hackers have found in your operating system.  When Apple or Microsoft tells you there is an update there is most likely a vulnerability that needs to be fixed.
• Encrypt your hard drive.   FileVault 2 is standard on Macs.  It’s an extremely easy option in your settings. If someone steals your computer or hacks into it, they’ll see encrypted files instead of real data.
• Use your firewall.  It’s extremely easy to turn on with a Mac. Also, it is your first line of defense against scams and attacks.
• Use the HTTPS Everywhere plugin.  This makes sure your browser only uses the secure “https” connection.  This is a very easy and important internet security solution!
• Use private browsing.  If you don’t want to be shown embarrassing ads for whatever you were just looking at online, use an “incognito window” or private browsing so you aren’t served cookies or have a search history. Airlines know you were looking at a flight and will raise the price on you next time you go to buy unless you use a private window. Use this for privacy.

Additional Basics

• Delete tracking cookies.  If you are tired of targeted ads and having a history everywhere you’ve ever been online, delete them with CCleaner. It also detects spyware or adware.
• Install an antivirus program like Bitdefender, Norton, or MacAfee just to be sure there isn’t malware on your machine.  This is especially advisable if you have a Windows machine.
• Use secure email. Chances are, your existing email doesn’t use ARC protocol and other email safety authentication measures. But, if you’ve never heard of ARC for privacy and aren’t sure why you need to up your authentication game, here’s an article with ARC email explained.
• Use a reloadable prepaid visa card. Still wary about giving your credit card online or to a waiter in a crowded restaurant?  Use a rechargeable card and put a couple hundred dollars on it at a time.