Is Your Data Privacy on Life Support?

Personal data privacy IS a part of our everyday life

Last month, I started shopping for a new refrigerator. Why? Because my kids slam the doors on our current one, causing one or both to bounce back open slightly.  This has led to prematurely spoiled milk and a freezer full of semi-defrosted food on more than one occasion. Ugh.

As I was browsing online, I was impressed by how far home appliance technology has come.

Your fridge can pretty much replace your iPad. Who couldn’t use a giant Tesla-sized touchscreen built right into the door? What about an integrated webcam that allows you to peek inside your fridge from the grocery store aisle?

It got me thinking about what other kinds of internet-connected tech the average family has in their home. How much sensitive data do those devices collect, store and share about themselves–and your loved ones? And what do companies do with your information?

Today, January 28th is Data Privacy Day, a day dedicated to raising awareness amongst business owners and promoting privacy and data protection best practices. Since it started in 2007, the focus of DPD has also expanded to include education for families and consumers about how to protect their personally identifiable information online and in social networking.

A topic of hot discussion lately is how tech giants like Facebook, Google, and Apple protect our PII–and how they are monetizing that sensitive and private data for their benefit (but not ours). New privacy regulations are likely on the horizon, but it may be a very long time before we see any meaningful reforms.

So we wait. But not idly.

Unfortunately, our personal data is less private than we think. We can and should take steps to minimize what others can find about us online. By taking action now, we can stop the bleeding of private data to 3rd parties, and even begin to clean-up what is already out there about us.

Follow the steps later in this guide to fairly quickly and easily:

• Lockdown your sensitive data
• Secure your internet communications 
• Limit what information is collected about you online
• Limit the sharing of personal data with 3rd parties
• Opt-out of targeted advertising
• Remove personally identifiable information (PII) from public records

You may also likeThe Top 5 IT Concerns of Small Business

If you don’t take these actions to secure your data privacy, you’re at an increased risk of identity theft, surveillance, and eavesdropping. Nowadays, private conversations can be recorded by voice assistants. Webcams can be hacked and used as spies or for blackmail. And emails and login details can be leaked in data breaches and reused by 3rd party attackers.

You might be wondering, if the security and data privacy risks are so great if we get this wrong, then why isn’t all of our secure data locked down by default?   

And the answer is that as a society, we’ve traded our privacy for convenience. Today’s cloud-enabled apps, voice assistants, and smart homes all present an irresistible value proposition. The promise of speed, convenience, and easy access to information. The automation of mundane tasks and getting fast answers to complex questions.

But to make these services work effectively, they need to know a lot about us so they can tailor our experience. For example, how to distinguish your voice from that of your significant other, or kids. Where you live, work, eat and shop so it can make intelligent recommendations. What’s your schedule, habits, and preferences so it can predict what you might need. All down to the details like how warm you like to keep your house. How cold you like to keep your milk, and so on.

The more cloud services and websites know about you, and other users like you, the better they get at predicting new behaviors. Predictive AI is an advertiser’s gold mine. If they know what you like, and can predict what you might do (click an ad, start a trial), they know exactly what to serve you to trigger a purchase. Facebook ads are a great example. The reason they’re so effective and powerful is that they’re so finely tuned and targeted based on hoards of personal data.

In our daily lives, each of us has to decide where to strike the right balance between convenience and privacy. It’s a personal decision. The best advice we can give is to carefully consider the tradeoffs before you hand over any personal information. Make sure the juice is worth the squeeze.

Where to start with data privacy

It’s smart to take a good long look at what you’re doing today that might be unknowingly sabotaging your privacy. For my action-oriented friends out there, does this sound like you?

• You breeze through the setup menu when installing new software, clicking ‘Accept’ on every screen.
• You install new mobile apps often, without a 2nd thought about the permissions the app asks for (e.g. location, contacts, microphone access, or the ability to “read and change data privacy settings on your screen”). 
• You’ve got tons of old accounts with websites you don’t use anymore.
• Speed, convenience, and ease are paramount. Your focus is on getting things done right now, and you don’t worry much about what may or may not happen later.

If you said yes to any of these, start with the following:

1. When installing software, if given an option, DON’T grant permission to “send anonymous [device, user and/or performance] personal data to help us improve our products and services”. This is often a step in the software installation wizard, or an admin setting you can disable from the app’s settings menu once installed. 
2. Remember that anonymous data isn’t ever totally anonymous.  Even though a company may claim that the data they gather about you is de-personalized or anonymized, with enough attention and skill, it can usually be cross-matched with other data sets such as location, IP address, etc. to infer who you are. 
3. Review app permissions before downloading. Ensure they are reasonable, and limited to the lowest level possible that allows the app to function. For example, if a mobile restaurant app needs your current location to show you nearby restaurants, can you limit the access to “Share my location only while using the app”? Or deny location data access altogether, and instead type in your zip code or pinch & zoom on a map to find nearby restaurants? Be very careful with apps that need to access your device’s storage, microphone, camera, or need the ability to “read and change data on your screen”.
4. When you no longer use a website or service, close your account and request that they delete your personal data. This can be a bit tedious to do day-to-day, but it’s a good idea to work this into a semi-annual review of your passwords and websites. For any sites you’re no longer using, take the opportunity to clean up and request the removal of your data. There is sometimes find the equivalent of a “Forget Me” button under your Account Settings, but if not, you can usually find instructions in the site’s privacy policy.

You may also likeBusinesses, Steer Away from Free Backup Services

The less information is stored about you online, including on sites you no longer use, the lower your chances are of having data privacy exposed in a breach or sold to sensitive data brokers or advertisers.

When installing apps, make sure any high-risk permissions requested are required and reasonable for the app to work; and that the app fulfills an important enough role for you that it’s worth the extra privacy and security risks.  

But what if I already do all that?

Now, if you’re like me and consider yourself a fairly careful and detail-oriented person, you might be thinking you’re less at risk because:

• You actually read contracts before signing them.
• You also read the fine print, even though it’s sometimes confusing and full of jargon.
• You’re cautious about what you say and do online, because you know digital is forever, and don’t want to be a front-page headline.
• You care about the ethics and morality of the companies you do business with.

But we can ALWAYS step up our game. Here are a few examples to take it to the next level:

1. Never blindly accept cookies on websites. Always see which you can opt-out of (ex: advertising or performance cookies) by clicking to learn more and unchecking available options.  
2. Take security and privacy checkups on key sites that offer them. According to Financial Times, less than 10% of Google users, and probably closer to 1%, actually change their privacy settings. If you have a Google account, I recommend their Privacy Checkup Wizard and would encourage you to use it. Facebook, LinkedIn, Dropbox, Microsoft, and others also offer simple guides that walk you through privacy settings and make it easy to toggle them on and off. 
3. Remember that software is created by humans, and humans are not perfect.  Even if a site claims to not sell or share your personal data, or use it for any purpose other than delivering the products and services you requested—there can be human errors, software bugs, or hacks that allow private data to inadvertently be shared with outside parties. It’s why it’s a good idea not to store payment information or other sensitive data on a website, but instead to keep it handy by storing that data securely in a password manager.
4. A partial truth is as good as a lie. A surprising number of websites will ask you for your birthdate. But unless it’s a government website, most don’t really need to know this personal data. Even if you need to supply a birthdate to verify your age or to receive birthday coupons and promotions, there’s no reason why you need to provide your full and accurate personal details. Consider changing the month, date, or year to preserve a little anonymity online (so long as it doesn’t violate the website’s terms of use of course). 

This all sounds complicated. How do I make protecting data privacy easy?

Most of what we’ve covered so far are behavioral changes that can help you limit what private data is gathered or shared about you, and minimize the potential harm or hassle it can cause. But all of these require an investment of time and effort on your part and let’s face it, we’re all really busy. Here are a few quick actions and simple tools that will help secure your communications.

First and foremost, use common sense.

If you’re worried about whether your Alexa device is spying on you, mute your microphone and cover the camera. Invest in a couple of laptop webcam covers (or comment below and we’ll mail you some!), and don’t be afraid to unplug or power down devices if you even suspect they might be compromised. When you install new devices like a network router, always change default passwords and review the security settings menu to dial up your protections.

Use a Personal VPN service.

A VPN is a virtual private network that encrypts all internet communication to and from your devices and the online services you use. VPNs prevent hackers and 3rd parties from spying on you while connected to public or untrusted Wi-Fi and ensure your web traffic can’t be intercepted or manipulated by others. While we don’t resell VPN services directly, we do have a relationship with ExpressVPN, and you can learn more about their services and pricing here.

Protect all your internet-connected devices with a smart firewall and WiFi mesh system.

Today’s homes are full of dumb “smart” things. Unlike computers which run very sophisticated operating systems, voice assistants, doorbell cameras, and internet-connected appliances are all comparatively “dumb”. There’s often a very basic user interface, and no capacity to run any kind of antivirus software or manage data privacy, data collection, or user permissions.

These devices generally function by receiving and relaying commands to and from the vendor’s central cloud servers. And because they can be remotely told what do to, they are highly susceptible to remote takeover attempts by rogue devices on the internet.

You may also likeSmall Businesses, Have No Fear: Time Traveling is Here

Your best approach to keep them clean and safe is to put them behind a network firewall that can screen and block rogue connection requests. A smart firewall from eSilo is one way to get this type of protection for everything inside your home, with a simple plug-n-play setup. Each device also comes with a subscription for remote security monitoring services. 

Lastly, train your family and staff on good data security practices.

It’s easy to forget how critical our “human firewall” is to avoiding cyberattacks and privacy breaches. The more they know, the smarter they’ll be. It’s always a good idea to do annual security awareness training, and then reinforce that learning with short explainer videos. We’re offering free access to eSilo’s video training platform, where you can find over 20 1-minute videos on a variety of security, privacy, and online safety topics. You can create an account for FREE here.

In summary

Looking back over the past 5 to 10 years, it’s amazing how much new technology we’ve added into our homes and can now carry around in our pockets. But it’s also a little worrisome. The average person knows so little about how to protect their personal data security, and what the companies who provide this tech do to protect their privacy.

Every time we create an online account, download an app or install a piece of software, we’re giving away little bits of information about ourselves. Those bits add up over time and can be stitched together to create a frighteningly accurate picture of who we are, what we do, why we buy, and how we think and act. This is why data brokers make so much money gathering and selling our personal data.

But the good news is that the situation is far from hopeless. The more we collectively understand how our private data is gathered and used, and consciously decide what we are and aren’t comfortable with, the easier it becomes to lockdown the things we don’t like, and to walk away from vendors who can’t, or choose not to, handle our data securely.  

P.S. – If you’d like a steady stream of our data privacy-focused tips in your social feed, join my Tech Tips for Business group on LinkedIn, or sign-up for our email list at www.esilo.com.