Want to protect your data? Three University of Virginia experts tell us how in Part II of an article for International Privacy Day. Kelly Downey is Information Security Education & Awareness Senior Analyst in the Office of Information Security; Angela Orebaugh is Assistant Professor and Director of Cybersecurity and IT Programs in the School of Continuing and Professional Studies; and Jason Belford is Chief Information Security Officer in the Office of the Chief Information Officer.
On Monday, January 28th, the world celebrated Data Privacy Day. When asked, each of us probably has a different definition of privacy and varying privacy tolerances. However, we could probably all agree that we want the data about us to be secured so no harm comes to us. This is where the topics of privacy and security meet. Privacy includes the ability to know, and possibly control, what and how data is collected, shared, and protected. Security ensures that the collected data is protected from unauthorized use and access. Below we have covered some security topics that may help better protect your privacy.
How well do you protect sensitive information about yourself? Do you know how easy it is for someone to commit identity fraud if they simply have your name, social security number, and birthday? We recommend a 2-step approach.
First, you should protect your information, where possible. If a form asks for your social security number, do you give it to them? If so, start asking yourself why your social security number is needed. In most cases there is not a legitimate reason the number is needed. In addition, do you have documents that have your social security number on them? Do not just throw away these documents. Instead, shred them using a cross-cut shredder to prevent someone from re-assembling the pieces. Do you carry your social security card in your wallet? It’s a better idea to keep it in a safe deposit box or fireproof safe.
However, companies can have data breaches and expose this information. Therefore, it is important for you to protect your credit file. One way to do so is to freeze your credit with the three major credit reporting agencies: Experian, Equifax, or Transunion. Doing so should help you avoid credit being taken out in your name without you authorizing it.
Another important but often overlooked aspect of identity and sensitive data protection is in tax filing. If your social security number has been compromised and an attacker files your tax refund it can take years to clean up the mess. In addition to protecting your sensitive data, file your taxes as early as possible each year.
When you go to your favorite coffee shop, your favorite fast food restaurant, or your favorite clothing store, are you connecting to their WIFI network? If so, take some precautions:
1. Before connecting to the WIFI network, quit all applications on your device. This will help prevent data being transmitted over these networks, where it might be viewed by unauthorized users.
2. If you have a virtual private network (VPN) service available, immediately connect to this service after joining the WIFI network. This will ensure all of the data you transmit will be encrypted. UVA faculty, staff, and students can use the UVA Anywhere VPN.
3. If you do not have a VPN, non-encrypted data can easily be seen by others on the same WIFI network. Unfortunately, it is difficult to know if your application is transmitting non-encrypted data, so avoid sending personal data. Never log into your financial accounts or enter your credit card information while using a public WiFi.
4. A best practice is to disable WiFi services on your mobile device when you leave home so that it doesn’t automatically connect to unsecured WiFi networks.
While passwords are necessary to help secure your information, most people hate them. Proper password selection and management is one of the best ways to protect your privacy.
1. Do not re-use the same password on different websites. If one site was breached by an attacker, they may obtain your password and try to login to other sites.
2. Use long passwords and passphrases. Studies have shown that the longer the password, the harder it is to crack. If the website or application allows it, use a sentence (e.g. a phrase that means something to you, a quote that inspires you, or a line from your favorite poem or song).
3. Change your passwords regularly.
4. Don’t enable auto-login or the remember password features of browsers and other apps. This protects your information in the case of a lost or stolen device.
5. To lessen the number of passwords that you have to manage, and could potentially be compromised, close old and unused accounts. This can be a tedious task, but it is likely that you have hundreds of accounts, many of which you no longer use.
6. A password manager, like LastPass, can be used to help keep track of passwords. You will only have to remember one password to “unlock” the list of all passwords. The University has licensed LastPass for all faculty and staff. Students, alumni, and others can get a free license directly from LastPass.
7. Enable 2-step (i.e. multifactor, 2-factor, secondary) authentication, where available. Turning on this service will require you to use your password and another device (e.g. cell phone) when logging into a website. Using 2-step login, someone would have to have both your password and device to login. Most of the social media companies, banks, and UVA have this feature available.
By taking a couple of easy steps, you can secure a lot of your private data. Securing this data will help you keep it private. Keeping it private will help you avoid someone else using it to cause harm. So, celebrate International Data Privacy Day by securing your data.
This blog features Part II of the article “International Privacy Day Provides an Opportunity to Secure Your Data.” Please look for more information about data security in Part I of this article in Thoughts From the Lawn.