X

Celebrate Data Privacy Day by Locking Down Your Info

Data miners and cybercriminals are after you. Here are easy ways to fight back.

Bree Fowler Senior Writer
Bree Fowler writes about cybersecurity and digital privacy. Before joining CNET she reported for The Associated Press and Consumer Reports. A Michigan native, she's a long-suffering Detroit sports fan, world traveler, wannabe runner and champion baker of over-the-top birthday cakes and all-things sourdough.
Expertise cybersecurity, digital privacy, IoT, consumer tech, smartphones, wearables
Bree Fowler
5 min read
Data Privacy Day logo

It's time to take a look at where your data is and who has access.

Getty

The old saying goes, "Time is money." These days, so is data.

Now more than ever, your personal information is being collected, bought, sold and shared by the likes of data miners, seemingly harmless apps and maybe even your favorite grocery store. Even worse, it can be stolen by cybercriminals. 

Data Privacy Day, admittedly a completely made-up holiday that happens to fall on Sunday, is as good a time as any to take a hard look at your online life, figure out where your personal data is and who has access to it, and shore up your own efforts to protect your privacy. 

The annual occasion, feted by cybersecurity and digital privacy enthusiasts worldwide, began in the US and Canada in 2008. It's an extension of a European commemoration marking 1981's Convention 108, the first legally binding international treaty on protecting privacy and data.

For many people, keeping their personal data private is a never-ending struggle that only continues to get harder, says Tony Amaral-Cinotto, a staff product manager at Mozilla who's worked on many of the nonprofit's privacy protecting products, including its Firefox browser.

While many consumers want to keep their data private, many tech companies will make them jump through countless hoops to make that happen, he says. More often than not, the average person will just give up.

And that's exactly what those tech companies want.

"The more data that they can get from you, the more valuable it is to them," Amaral-Cinotto said. "It's their own kind of currency. They buy it, they sell it, they trade it, so they want to make it as hard as possible for you to protect yourself."

That may seem daunting, but a little bit of effort can go a long way toward keeping your private information out of the hands of those who might misuse it.

Here are a few easy ways to safeguard your data and privacy.

Set good passwords. Long, random and unique passwords are best. Don't be tempted to recycle an old one, even if it's great. Yes, that can be a lot to deal with. That's where password managers come in. They'll do the remembering for you.

From there, you can take a largely hands-off approach. Gone are the days when security experts would recommend they be changed every 90 days. Now, the emphasis is on length. Unless they're compromised, you can largely set them and forget them.

That's still a big pain for a lot of people. But Amaral-Cinotto says he has great hope for passkeys, a more secure and increasingly popular authentication method, which could ultimately replace passwords in many instances. Companies like Apple and Google already use them. 

Turn on two-factor authentication. This technique requires using a second identifier -- like your fingerprint, a code via an app notification, or a physical key -- in addition to your password. This will go a long way toward protecting you if your password gets compromised. 

Note: Avoid using SMS messages for two-factor authentication. Why? SIM swapping, in which cybercriminals steal your phone number by calling your wireless provider and having it switch your number to a new phone and SIM card. It does happen, and if criminals take over your phone number, they'll get that text message too.

While this is rare, it does happen. The Securities and Exchange Commission's account on X, formerly Twitter, was recently hacked. Officials said the takeover of the account stemmed from a SIM-swapping attack

Think before you share. Many people don't think twice before handing over their birth date or mailing address when they sign up for an online account or a store's rewards program, but Amaral-Cinotto and other security professionals say you should.

That's because you just never know where it might end up, he says. It could be stolen in a data breach, or sold to data brokers that could theoretically make it available to anyone.

John Shier, field chief technology officer of threat intelligence at the cybersecurity company Sophos, says there's nothing wrong with using fake personal data when it comes to things like online shopping accounts and rewards programs.

"It's amazing how many people in our industry were born on Jan. 1," he joked.

In addition, consumers can limit their data exposure while online shopping by checking out as a guest, Shier says. It may take a few more minutes to type in your shipping and payment information each time, but it'll keep that information from being saved in company systems.

And when you're done with an online service, ask that your account and related data be permanently deleted, if possible, Shier says. The company may not actually do it, but data that no longer exists can't be stolen or sold.

Think about a VPN. With the vast majority of websites, especially those that deal with financial or personal information, now encrypted, security experts aren't as wild about recommending the everyday use of virtual private networks for the average person. 

But Amaral-Cinotto says they can be useful for people who are away from their usual networks, especially those traveling abroad. That said, consumers need to be cautious when choosing one, he says, adding that free VPNs are generally a bad idea because they're more likely to be using their customers' data to make money. 

Keep an eye on your accounts. Monitor your bank and credit accounts for potentially fraudulent charges. If you don't expect to be applying for credit anytime soon, freeze your credit reports. If a company offers you free credit monitoring because of a data breach or for any other reason, sign up for it.

Lock down your social media accounts. Make sure the only "friends" you're sharing your information with are your actual friends. Even then, be careful what you disclose, especially when it comes to social media quizzes and other games. Seemly innocuous bits of information like the make and model of your first car or the elementary school you attended could be used to hack your passwords down the road, because those facts are often used in security checks.

Audit your logins and apps. Using Facebook or Google to automatically log in to your apps and websites gives them access to more of your data. Think twice before you do it. Not using an app anymore? Delete it and take away its access to the data you agreed to share when you first downloaded it.

Update everything. This doesn't just apply to your operating systems and antivirus software. Your router, apps and all of those "internet of things" devices also need to be up to date. Patches to fix bugs and security problems can't help you if you don't install them. If you don't know how to update your router, call your ISP or check online.