January 29, 2018

9 tips for reclaiming your privacy on Data Privacy Day.

As part of Data Privacy Day, the privacy community at large gets together to remind people about their rights as individuals to have their personal information protected by the organizations they share it with and to remember to take note and follow privacy best practices. This year, I worked with Jennifer Hoth, senior relationship marketing strategist at DEG, to come up with 9 tips for reclaiming your privacy on Data Privacy Day. 

Why is this year different than those before it? For starters, businesses around the globe are focused on GDPR’s upcoming enforcement date of May 25, 2018. GDPR focuses on protecting EU consumer data and empowering those consumers to take control of how businesses use their data. Any business from anywhere in the world collecting EU consumer data must confront the privacy rules associated with GDPR.

Secondly, phishing attacks leading to data breaches reached into the billions—yes, that’s a “B”—of accounts affected in 2017, and the attacks show no sign of slowing down. A recent study from the Anti-Phishing Working Group reported an average of 443 brands per month was targeted for phishing attacks in the first half of 2017, up from 413 per month during the same period in the previous year.

Here are 9 tips for reclaiming your privacy on Data Privacy Day:

1 — Subscribe to free services like Have I Been Pwned? (HIBP) to see if your email address and account information has been compromised on websites you use. HIBP is currently tracking more than 4.8 billion accounts impacted by various data breaches. Proactively staying aware of your data leaking via a breach can give you a chance to secure your account before any lasting damage is done. With the number of impacted accounts, do not be surprised to see your email address tied to a data breach, so make this analysis the first step in reclaiming your privacy.

2 — Use multiple passwords. Ideally, use a different password for your email account login (e.g., for Gmail, Yahoo, or Outlook) than the one you use for websites requiring an email address as your username. Passwords should be complicated yet easy enough to remember, or you should use a password vault to assist in maintaining a unique password for every site and service you interact with.

3 — Review and update your social media account permissions and authorizations. Many services are using social login these days, giving them access to account information. Now that you’ve taken the time to remove access to your accounts from applications and services you are no longer using, consider deleting old apps from your phone, computer, and tablets. Deleting the application later doesn’t necessarily mean they will delete your data.

4 — Enable Two-Factor Authentication (TFA) on accounts when available. All of the major email services offer TFA for consumers requiring both a password and a number that changes every time you try to log in. These secondary codes are typically sent at the time of login via a text message, an email, or via an app/key associated with your account (e.g., Google Authenticator).

5 — Commit to a regimented data backup plan for all the important documents, contacts, videos, and photos on your desktop PC, laptop, tablet, or phone. Create a calendar reminder to do this every month, or, better yet, automate a backup as frequently as possible. If you are using an external drive as your data backup, never leave the drive connected to the computer while not in use. Also, keep your backup drive in a protected, safe environment. Malwarebytes reported that ransomware was the most common type of malicious software distributed (more than 60% of cyber attacks in March 2017). As ransomware attacks increase, costing individuals and companies an estimated five-billion dollars in 2017 to have files unlocked, save yourself the pain and begin regularly backing up your data.

6 — Another common method bad actors use to access your personal data is combing through your mail and other documents you throw out with the garbage or recycling. Take precautions before disposing of old files and unwanted mail by using a paper shredder with a cross-shredding capability (P-4 security should be good for the home and office) and a privacy stamp to redact the most sensitive bits of personal information.

Business owners and IT staff take special note of these remaining items:

7 — Enable email authentication solutions for all your domains; Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting & Conformance (DMARC) on all of your domains, even those that don’t send email. If you’ve already enabled these solutions, be sure to periodically review your records for problems and old IP ranges or “includes” in your records.

8 — Become familiar with common social engineering tactics like:

  • Tailgating: An attacker seeking entry to a restricted area simply walks in behind a person who has legitimate access to a physical space.
  • Baiting: The real-world Trojan horse that uses physical media and relies on the curiosity or greed of the victim.
  • Spear Phishing: A technique that fraudulently obtains private information through sending highly customized and believable emails users respond to.

9 — For businesses, implement defenses against CEO Fraud. The US Federal Bureau of Investigation also calls this type of scam “Business Email Compromise (BEC)” and defines BEC as “a sophisticated scam targeting businesses working with foreign suppliers and businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.” Build safeguards into your process to require multiple authorizations or a secondary verification of these requests via a phone call between the requester and the individual that would execute the request.

Building on these personal safeguards and changing your behavior to clean up your social profiles can be completed in just a few short minutes, and could save you from a lifetime of regret.

Author: Matthew Vernhout

Matthew Vernhout is a digital messaging industry veteran and Certified International Privacy Professional (CIPP) with more than a decade of experience in email marketing. Matt is 250ok’s Director of Privacy, and he is currently the Vice Chair of the eec, after serving for several years as the Chair of their Advocacy Subcommittee.

You may also like...

The Year in Email 2019

It’s hard to believe we are nearing the end of yet another exciting year in email, and 2019 proved to be one of the most momentous and active years to date. Over the past year, the number of new technologies, mergers and acquisitions, mailbox provider (MBP) announcements, news, and highlights is evidence of the versatility […]

[Infographic] Global Privacy Relationship Status: It’s Complicated

I recently gave a presentation on global privacy regulations to a post-graduate marketing class and one of the things I noticed while preparing was that even within a single country, privacy is complicated. On a global scale, it is really complicated. For example, Canada has one federal private sector privacy law, three similar provincial laws, […]

The Year in Email 2018

*Update: This article was featured on email influencer Jordie van Rijn’s emailmonday blog! To see it in action, plus a great round-up of other articles and thought leadership looking forward to the future of email, click here.* The Black Friday emails are deleted, marketers’ email lists are checked twice, we pretty much know which senders […]

Ready to get started?