Over the past few years, there has been a massive cultural and legal shift in the way consumers view and secure their personal data online, in line with the rise of advanced technologies like artificial intelligence.
Europe’s General Data Protection Regulation (GDPR), the landmark privacy legislation that went into effect in May 2018, was the first large-scale effort to offer consumers more legal protections. Since then, many high-profile investigations and fines for violating the privacy regulations have made it to the headlines (Marriott, Google, British Airlines). Given the absence of comprehensive federal privacy law, the California Consumer Privacy Act (CCPA), which has come into force on 1 January 2020, and it marks the first similar step in the U.S. Similar laws are being pursued in a handful of other states.
“We still need more time to see if the GDPR protection is adequate in practice, and the more cases that will emerge the better we will test the applicable provisions.” In addition to GDPR, the EU is currently revising the ePrivacy Directive, with the scope of further enhancing online protection by ensuring a high level of privacy when citizens are using electronic communications. Chelioudakis highlights that “the new ePrivacy rules should be adopted swiftly to strengthen privacy and security of electronic communications in the online environment, especially in the wake of repeated scandals and practices that undermine citizens’ right to privacy and the trust on online services.”
Legislation alone is not enough to strengthen our privacy. It requires personal proactive behavior and accountability. The complexity of personal data privacy is enhanced by the extensive use of always-connected devices. These devices make it easy to connect to the world around us, but they can also pack a lot of info about our friends and family, such as our contacts, photos, videos, location and health and financial data.
Here are a few simple bits of advice that you may consider in order to manage your privacy in the always-on world.
1. Use strong passwords and multi-factor authentication.
If you want to secure your online presence and your devices, strong passwords are a one-way road. In addition, use unique passwords for unique websites, services or apps. I understand that it will be difficult to remember all these passwords, but don’t be discouraged, there are plenty of great password managers out there to use! If you want to create an extra layer of difficulty – which is not a suggestion, rather a necessity – I strongly encourage you to use multi-factor authentication.
Multi-factor authentication is the combination of “something you know”, such as a password or a PIN, and “something you are or have”. “Something you are” is biometric data, such as your fingerprint, and “something you have” is your device, usually your smartphone. By using multi-factor authentication, you will increase the level of protection you offer to the privacy of your data.
2. Be aware of public WiFi hotspots.
We all enjoy drinking coffee with friends in cafes or having a tasteful glass of red wine in a cozy restaurant. As part of their services, cafeterias and restaurants, as well as airports and railway stations, offer free WiFi connectivity. Although this is convenient, it comes with a security and privacy cost. Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your mobile device while you are connected.
Free WiFi networks are a favorite attack vector for cyber criminals. They can set up a rogue WiFi network which looks like the legitimate one, seeking to eavesdrop your communications, steal your credentials and, ultimately, got hold of your banking account. Next time you enjoy your meal, think about it and turn off the WiFi connectivity of your smartphone. In fact, you should always turn it off when you are on the move. And if there is a need to connect to the internet using a free WiFi service, connect using a Virtual Private Network (VPN) service. VPNs create encrypted, secure tunnels that prevent malicious actors from manipulating your private communications.
3. Keep your software and applications always updated.
Cyber criminals try to exploit known and less known vulnerabilities that exist in operating systems, such as Windows or Android, applications, and device firmware. Exploiting these vulnerabilities, criminals may install malware, such as ransomware, which will “seize” both your device and your data. What is worse, they can also “listen” to your keyboard (keylogger malware) and steal your banking and credit card credentials.
Software and smartphone vendors frequently release updates to their products that aim at “closing” these vulnerability holes. Having the most up-to-date security software, web browser, operating system and apps is the best defense against viruses, malware and other online threats. I, therefore, urge you to activate auto-update features both in your computer and smartphone to allow the automated installation of the updates and to fortify your device and your personal data.
4. Secure your home network, secure your wireless router.
A protected home network means your family can use the internet more safely and securely. Most households have many devices connected to the internet, including computers, gaming systems, TVs, tablets, smartphones and wearable devices that access your home’s wireless network. Your single point of vulnerability is your wireless router.
Going wireless is a convenient way to allow multiple devices to connect to the internet from different areas of your home. However, unless you secure your router, you’re vulnerable to people accessing information on your computer, using your internet service for free and potentially using your network to commit cybercrimes. There are simple steps that you can follow in order to secure your wireless home router, such as:
- Change the default name (SSID) of your router to a name that is unique to you and won’t be easily guessed by others.
- Change as soon as possible the preset password on your router. Leaving a default passphrase unchanged makes it much easier for hackers to access your network.
- Review security options and make sure that you are using WPA2 security protocol. (Login to your router, under security settings you can choose which protocol to use. Users should opt-in for WPA2.) The WEP option is obsolete and does not offer any security.
- Create a guest passphrase to share with your guests.
5. Social media.
Social media platforms have become an integral part of our online lives. Social networks are a great way to stay connected with others, but you should be wary about how much personal information you post. You should protect your reputation on social networks. What you post online stays online. Therefore, think twice before posting pictures you wouldn’t want your parents or future employers to see. Recent research found that 70 percent of job recruiters rejected candidates based on information they found online.
In addition, you should be cautious about how much personal information you provide on social networking sites. The more information you post, the easier it may be for a hacker or someone else to use that information to steal your identity, access your data or commit other crimes such as stalking.
6. Privacy Settings.
Finally, check your privacy settings. They exist for a reason. As Justin Sherman, Cybersecurity Policy Fellow at New America and Fellow at Duke Center on Law and Technology, comments:
“It’s virtually impossible to use mainstream social media platforms without having your data collected by tech companies, but you can limit what you share with other users on those platforms. Going into your settings and turning on any offered privacy restrictions is a way to do just that. Check out if automatic location-tagging is enabled on your posts, for instance. See if anyone can see your friends list or where you grew up, or if that’s restricted to just a pre-approved group. If you can prevent strangers from seeing all of your social media posts or your intimate biographical information on your profile, you should! It’s just about going into settings and turning on privacy features.”
I will end this post with the thoughts of my friend Constantinos Tsiourtos, Public Policy Advisor and Cybersecurity & Privacy expert:
“Imagine… A guy who always leaves his door unlocked and goes to work. Who places his family album in Times Square for everyone to see and allows his 7yo kid to visit and spend time with friends he never met or talked to. He allows a total stranger in the street, to take a photo of his hand and capture his fingerprints and he drives his car without using a safety belt for him or his child, ignoring every warning sign in the street and breaking every rule possible.
Then imagine that… he is You. Because this is who you are and how you behave online, most of the times.
Privacy is not just about protecting your rights. It’s about protecting much more, including your well-being and safety. If you would not do all of the above in the physical world, then wonder why you do it online. Be as proactive, vigilant and rational you would be in real life. Because our digital life can get very real, very fast.”