7 steps you can take this weekend to protect your data and boost your privacy
++It’s not our devices that are our most valuable assets — it’s the data we create and store on them.
Laptops can be repurchased and operating systems can always be reinstalled, but the user-created data — the photos we take, the stories we write, the records we keep — that’s the stuff that can never be replaced.
Thankfully, personal data protection isn’t rocket science. In this blog post, we’ll show you seven simple things you can do to reduce the risk of data theft and protect your online privacy.
Note: The following advice is up to date and relevant for the sophisticated threats circulating in 2020. The products mentioned below are not paid advertisements or officially endorsed by Emsisoft. They’re just good, reliable products that are personally used or highly rated by our own malware analysts.
Step 1: Update your software
- Time required: It depends on the speed of your Internet connection and the last time you updated.
- Cost: Free.
Many threats rely on exploiting known security flaws. To prevent this from happening, software developers regularly release updates to fix these vulnerabilities and keep their applications more secure.
As a user, it’s important that you always update your operating system, antivirus software and other applications when prompted and enable automatic updates wherever possible.
To see if your version of Windows is up to date, press Windows key + I > Update & Security > Check for updates.
To see if your version of macOS is up to date, click on the Apple icon at the top-left area of your screen, select About This Mac, then select Software Updates.
Step 2: Invest in good antivirus software
- Time required: 10 minutes.
- Cost: $2.50/month.
Hundreds of thousands of new malware strains are released into the world every single day.
Windows Defender provides a rudimentary layer of security against these threats, but for more reliable data protection you might want to consider investing in a proven antivirus solution.
There are a number of good candidates to choose from and a lot of things to consider when weighing up your options. Depending on your needs, factors such as detection rates, usability, impact on system performance, price, customer support and the company’s approach to data privacy may form the basis of your decision.
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trialIf you’re in the market for a privacy-conscious antivirus solution that won’t slow down your system, download a free 30-day trial of Emsisoft Anti-Malware and see if we’ll be a good fit.
Step 3: Take control of your passwords
- Time required: 2 hours.
- Cost: Freeware and freemium options available, ~$3/month for a premium password manager.
A weak password is an easy access point for cybercriminals. Strengthening all your passwords can take some time, but it’s absolutely worth the effort.
If you suspect that you’ve used weak passwords in the past or think that you might have used the same password for multiple accounts, you’ll need to go back and change them. If you can’t remember all of the services you’ve signed up for over the years, there are a few ways to track down the various accounts linked to your email address:
- Email inbox: Search your email inbox for sign-up confirmation messages. Search for common subject lines that services send you when you sign-up for a new account, such as “subject: verify” or “subject: welcome”.
- Browser: When you fill out form fields on the web, your browser gives you the option to save your input to make your life easier the next time you need to enter that information. This also applies to your usernames and passwords, and can be useful for tracking down online accounts you may have forgotten about. In your browser settings, you can view all of the login credentials your browser has saved.
- Chrome: Settings > Autofill > Passwords
- Firefox: Settings > Privacy & Security > Logins and Passwords > Saved Logins
- Edge: Settings > View advanced settings > Manage passwords
We do not recommend using automated tools such as EmailExport and Deseat, as these services require permission to read your inbox in order to function.
We also do not recommend using in-browser password managers. While they can be useful for tracking down old accounts, they can be easily viewed with some very basic workarounds, so be sure to delete or disable them as soon as you’ve obtained the information you need.
Once you’ve found an online account, you’ll need to create a new password for it. Each password you make should be:
- Long: We recommend making your passwords at least 16 characters long.
- Unique: Each password should be unique and only used for one account.
- Random: Use a password generator to generate random strings of characters. Do not use personally meaningful names or dates.
Remembering hundreds of long, unique, random passwords is going to be tough, so make your life easier by using a password manager. KeePass is a reputable, free, open-source password manager, but if you want something a bit easier on the eyes, you could consider Dashlane, Bitwarden or RoboForm.
Step 4: Improve browser privacy
- Time required: 15 minutes.
- Cost: Free.
While it’s more or less impossible to be completely anonymous online, there are a number of things you can do to boost your privacy:
- Install an ad-blocker: An ad-blocker is typically a browser extension that filters out HTML elements that contain advertising and blocks communication with advertising servers. An ad-blocker not only makes your browsing experience more pleasant, but it can also help protect you against malvertising and potentially unwanted programs, and block tracking cookies. We recommend uBlock Origin.
- Install a privacy-conscious browser: From your search history to your login credentials and autofill information, your browser knows an awful lot about you, so it’s important to use a browser that respects your privacy. Open source browsers such as Mozilla Firefox, as well as lesser-known Chromium-based browsers like Iridium and Ungoogled Chromium are good options.
- Stay private on social media: You inevitably surrender some level of privacy when you use social media, but most platforms have various privacy settings that allow you to configure who can see your posts, activity and contact information. Be mindful of the information you share, don’t accept friend requests from strangers and think twice before clicking on any links.
- Use a privacy-conscious search engine: Google is the best search engine in the biz, but using the best comes at a price: your privacy. Google collects and stores a lot of your personal data, including your IP address, location history, web activity, video viewing habits, everything you’ve ever said to the Google Assistant and more. Thankfully, there are a few privacy-oriented alternatives such as DuckDuckGo, Startpage and Swisscows. If you’re curious about how much information Google has collected about you, you can download a copy of the data at Google Account > Data & Personalization > Download, delete or make a plan for your data > Download your data.
Step 5: Enable multi-factor authentication
- Time required: 2 minutes per account.
- Cost: Free.
Multi-factor authentication (MFA) is an authentication system that requires you to provide multiple pieces of evidence that prove you are who you say you are. For example, your bank may require you to input a token-generated one-time use password to login to your account, or your email provider might require you to enter a verification code sent to your phone in order to log in.
While MFA is not an infallible solution and can be vulnerable to phishing and man-in-the-middle attacks, it does provide an extra layer of security to your online accounts and can stop many low-effort attacks. If a service supports MFA, you’ll usually be able to enable it in the security settings.
Step 6: Secure your phone
- Time required: 30 minutes.
- Cost: Mostly free.
Your phone is a treasure trove of personal information, so it’s important to take the time to make it as secure as possible. Here are a few tips to get you started:
- Disable lock-screen notifications: Being able to see notifications on your lock screen might be convenient, but it also means anyone who picks up your phone can get a glimpse of your recent messages, emails and other activity. Both iOS and Android allow you to disable lock-screen notifications.
- Android: The location of the settings can vary, but have a look in Settings > Privacy > Lock screen.
- iOS: Settings > Notification Center.
- Set passwords: Hopefully it goes without saying that you should lock your phone. When choosing a locking method, it’s a balancing game between security and convenience. In terms of data security, PINs and passwords are better than swipe patterns, which are better than biometric mechanisms.
- Password-protect specific apps: You might also want to password-protect individual apps that contain sensitive information such as email and messaging apps.
- Android: There’s no native app-locking functionality on Android, but certain manufacturers include app-locking tools on their tools like Samsung’s Secure Folder. Third-party apps are also available on the Play Store.
- iOS: Also doesn’t have a system-level app-locking feature, but there are a few workarounds that deliver similar results.
- Install an antivirus app: Mobile malware is on the rise as cybercriminals increasingly turn their attention to smartphones. As with antivirus software for your PC, premium apps are usually your best bet as they tend to provide better protection and won’t inundate you with pesky ads. If you’re looking for an efficient, unobtrusive solution for your Android device, feel free to download a 30-day free trial of Emsisoft Mobile Security.
- Use disposable contact information: Don’t want to give away your personal email address for every online service you sign up for? Services like Guerilla Mail and 10 Minute Mail allow you to create temporary email addresses to keep your real inbox clear of spam. On a similar note, if you’re into online dating or buying and selling second-hand goods, you might be interested in apps like Burner and Hushed, which allow you to generate temporary numbers for an extra layer of privacy.
- Check app permissions: It’s a good idea to occasionally audit your apps to check if any of them collect more data about you than they really need. A crossword puzzle app, for example, probably doesn’t need permission to access your camera and microphone.
- Android: Settings > Privacy > Permission manager and tap on the available entries to see which apps have been granted permissions..
- iOS: Settings > Privacy and tap on the available entries to see which apps have been granted permissions.
- Disable location tracking: If left unchecked, apps in both iPhones and Androids can track your location and keep a record of where you go (even if you’re not using location-dependent apps). Location tracking is necessary for some apps to function properly but some users find it overly invasive. To disable location tracking:
- Android: Settings > Privacy > Permission manager > Location and tap an app to view and modify its location permissions. You can also manage and delete Google’s Location History in your Google account settings.
- iOS: Settings > Privacy > Location Services and tap an app to view and modify its location permissions. You can also delete your location history (which Apple says is encrypted) by navigating to Settings > Privacy > Location Services > System Services > Significant Locations > Toggle Significant Locations.
Step 7: Use HTTPS Everywhere
- Time required: 5 minutes.
- Cost: Free.
Hypertext transfer protocol secure (HTTPS) is a protocol used to securely send data between your browser and a website.
Unlike regular old HTTP, which transmits data in clear text that can easily be intercepted and read by an eavesdropper, HTTPS establishes an encrypted link between your browser and the web server using the Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocol.
This verifies the connection between your browser and the web server and encrypts your data, reducing the risk of an attacker intercepting your data and ensuring that any data that is intercepted cannot be read or modified.
More and more websites are moving to HTTPS, but some sites make it difficult to use by defaulting to HTTP or linking to unencrypted versions of the site, which can impact your security and privacy. The browser extension HTTPS Everywhere fixes this issue by automatically enabling HTTPS encryption on all sites that support HTTPS, and can be configured to block all non-HTTPS connections.
HTTPS Everywhere is available on all the major browsers. Download and install it here.
Conclusion
Everybody has the right to privacy online. While many services play fast and loose with their privacy policies, there are many things you can do as a user to protect your privacy and increase data security without spending a single dollar.
If you do want to take things to the next level, splashing out on a premium antivirus solution and a password manager will only cost you a total of about $10 per month and can have a dramatic impact on your online safety, privacy and security.