Private sign

5 practical things you can do to protect your personal data

Tim Collingwood - 12 April 2018

Recent news stories have highlighted the responsibilities organisations have in looking after your personal data. When you provide your personal data to an organisation you are implicitly placing your trust in that organisation to use your data ethically as well as keeping your personal data secure.

It’s worth bearing in mind that an organisation may be responsible with your personal data and try to keep it secure but this will not mean they are immune from attack which could result in your personal data being leaked.

I think a good analogy is the Hatton Garden Safe Deposit burglary that occurred in 2015. Customers of the Hatton Garden Safe Deposit Company entrusted them to keep personal items of high value secure. Whilst the intentions of the company were to keep these physical items secure, it still wasn’t immune to being burgled, and unfortunately as of January 2017 two thirds of the items stolen remained unrecovered.

I think that you can consider the high value items the same as personal data, and the likelihood is that if your personal data is stolen it’s never likely to be back in your possession.

However, it’s not just the organisation’s you give your personal data to who are responsible. You can also do things to try and keep your personal data protected. Here are 5 practical things you can do to protect your personal data.

1. Don’t use the same password for multiple logins

Think of your personal data as a Venn diagram, with each circle representing a website where you have provided some kind of personal information. There will be some websites which will hold the same personal data about you, as other websites. There will also be some websites that hold additional personal data about you that other websites don’t hold.

If you start to imagine all of the websites you have provided personal data to you might be imagining a rather large Venn diagram containing a large amount of your personal data.

One thing you can do is ensure you use different passwords for all of the different websites you use. Remember, you are trusting these websites with your data so anything you can do yourself to help protect your data you should.

Why does this help?

Using different passwords for each website protects you should the worst happen. If one website is compromised, you are protecting data on all of the other websites. If you use the same password for all of your website logins, if one is compromised all of your personal data across all your websites is at risk.

2. Don’t use real data if you don’t have to

This might seem like an obvious one, but don’t provide real personal data if you don’t have to.

You obviously have to be careful with this to a degree, but it’s not unknown for people to provide their bank with a false date-of-birth for security purposes.

It’s also not uncommon to be asked to provide a set of answers to a number of questions for a login process e.g. first school you went to, first car, maiden name. A quick scour of your social media profile will probably provide most of this information so it’s worth making this information up.

Why does this help? 

Using fake or obfuscated data can help protect your personal data in two ways. Firstly, if your data does make it into the public domain then it’s not real data so it doesn’t matter. Secondly, those sites that use personal data as part of the login process will be much harder for somebody to guess.

3. Use two-factor or two-step Authentication

I’m not going to get into the difference between two-factor authentication or two-step authentication, you can read about that here. Either way, if you are not using two-factor or two-step and the website you use provides it you should get it enabled.

Why does this help?

Using two-factor or two-step authentication helps because it provides an extra layer of security to your website login. As well as a username and password you will be required to enter a unique code that is provided to you by some pre-authorised method. This means that an attacker would not only need your username and password to access your personal data but they would also need to have some way of obtaining the code. This makes the process much more difficult for an attacker to gain access to one of your accounts.

4. Cover up

Much was made of Mark Zuckerberg’s choice to cover up his laptop microphone and webcam. However, this isn’t as silly as it can seem and there are now a plethora of webcam and microphone covers that you can buy to stop somebody snooping on you.

Why does this help?

If for some reason you fall victim to malware, the last thing you want is to be blackmailed with a picture of you sitting in your pants (…or worse). Covering your webcam is a physical step you can take to ensure that if somebody did maliciously take control of your webcam then they won’t be able to see anything. Similarly, covering your microphone could stop somebody listening in on your conversations.

5. Use a VPN when connecting to public WiFi hotspots

It’s easy to assume that once you connect to a WiFi hotspot then your browsing will be secure. How many times have you been to a busy coffee shop that appears to have multiple open WiFi networks for you to join, so you pick one and forget about it. What if the WiFi network you joined, isn’t as secure as you thought it was.

It’s possible that the network you have joined is a WiFi honeypot, a network setup by an attacker, or the WiFi network provided by the coffee shop has been compromised. In both instances an attacker might be able read the data passing between your laptop and the websites that you are passing data to.

An easy, but in some cases less practical solution is to stay off of public WiFi hotspots altogether and use mobile data. However, if you do need to use a public hotspot then look into using a VPN. Just Google ‘VPN Service’ to find a number of VPN providers that are now available.

Why does this help?

Using a VPN will add a layer of encryption to your browsing data. Assuming you are connected to a untrustworthy WiFi network, this layer of encryption will probably be seen as too much effort for an attacker to try and get access to your data.