In our work, we've noticed a trend: people are diligent about digital hygiene during office hours but tend to let it slide in their everyday lives. Let's explore what personal digital hygiene entails and what steps are necessary to maintain it.
- Understanding Digital Hygiene
- Ensuring Data Security
- What To Do?
- Mobile Apps
- Social Engineering
- Publishing Data Online
- How To Secure Your Data
Understanding Digital Hygiene
Digital hygiene entails adhering to a set of guidelines to responsibly manage our online presence, ensuring the protection of our mental well-being, financial security, and personal identity.
Ensuring Data Security
Individuals frequently share their data without realizing the potential risks, often neglecting fundamental security measures like robust passwords and using two-factor authentication. Additionally, global occurrences of data breaches and covert surveillance highlight the vulnerability of personal information such as account details and contact information.
Despite perceptions that seemingly innocuous details like login credentials or delivery addresses may not pose significant threats, they can provide valuable insights into an individual's life. Advertising agencies exploit such information for targeted marketing, while experts can utilize it to trace an individual's digital footprint.
Based on this information, they can estimate what your income level is, who you communicate with, and other personal information. Typically, such data is used by various advertising companies that call potential clients. By the way, thanks to this leak, specialists can find the necessary personal data online. After the leakage of personal data, it can be bought on the darknet rather cheaply, regardless of its relevance.
What To Do?
According to statistics, the number of leaks in the world has increased 3.5 times. Perhaps this dynamic is due to the political situation, but everything is going to the point that information can become public at any moment.
We recommend you do the following for personal data protection:
- avoid writing your exact address;
- get a separate phone number for various services;
- use different names for registration (if possible).
With different names, you can find out from which service the personal data was leaked.
Mobile Apps
Personal data can be obtained not only through shadow internet databases. There are different apps that collect information about us. They only need a few permissions to do this.
For example, during installation, the application may ask for access to contacts in order to advertise itself to your friends in the future. Also, most applications “follow” users and collect information about what they are interested in. This is necessary in order to produce higher quality content. But not always: data helps to distribute targeted advertising. It seems that there is nothing wrong with this, but this information also leaks online.
On the other hand, some malicious apps are capable of downloading personal photos, notes, and other information that can be used against you.
Some developers use the fact that people don’t read the privacy policy while installing the app. Although you can find out from it what data you provide access to. This may be your first name, last name, email, phone number, a list of your contacts, and other information. So, you can remove information about yourself from such apps to increase your security online.
Recommendations
Don't underestimate the information that apps collect. Below are ways to check what an application has access to.
- For iOS. Go to settings, under Privacy and Security. You can see which apps have access to contacts, photos, and other sections and disable unnecessary permissions. You can find out which apps can track your activity on websites and other apps in the Tracking section. Check which applications can track your movements and locations in location services.
- For Android. Open Settings, Security & Privacy, Privacy, and go to Permission Manager. One of the popular information collectors is public VPNs, and not only free ones. They usually gather information about website visits, preferences, and so on. All this data can also leak, so the most reliable option is to use your own properly configured VPN server.
Social Engineering
This is a set of methods of influencing a person to make you give confidential information, spend money, and do almost anything at all.
Social engineering methods are varied. One of them looks like this: you receive a message from a friend or stranger asking you to log in to a third-party site. The site design is identical to the original one, but the link looks strange, although it is similar to the original. The page has fully loaded, you have entered your password and login, you submit and the data is compromised. The attacker has gained access to the account and can do whatever they want with it.
It’s possible to organize sending messages to all contacts with a request to transfer money to a card or collect incriminating evidence on you for further extortion.
You can receive an offer to take part in some event that is significant to you or to buy an item at a big discount. There are many scenarios to break down your protection.
Similar offers can also be received by work email. Attackers usually introduce themselves as external relations employees and talk about special offers. You need to follow the link, fill out a form, or log in to the site from your work account to use them. The result is the same: the data is compromised.
Social engineers usually prepare for conversations in advance, while looking for information about you in order to make a good first impression. Social networks help them with this.
Recommendations
Unfortunately, there are no specific methods to protect against social engineering. You can only train your own attentiveness and punctuality in order to keep information confidential in front of your interlocutor.
Sometimes attackers send letters saying that you have supposedly subscribed to the newsletter and put their link on the “unsubscribe” button. So, the victim clicks on it and is taken to a site with malware.
Publishing Data Online
Attackers collect data about you from open sources. We often publish a lot of information about ourselves – for example, about our place of work, study, hobbies, favorite books, films, etc. You can solve this problem if you do not publish personal data or close access to your page.
How To Secure Your Data
It is important to maintain a balance between safety and convenience. So, here is a small checklist and divided it into three levels:
- Basic are those actions that everyone should do.
- Medium – for relatively advanced users who understand how important security is.
- Advanced – for people with a bit of paranoia.
Basic Level
- Do not use the same password on different sites.
- Use only complex passwords – from 15 characters with capital letters and special characters.
- Change passwords on important resources at least once every two months, and on unimportant ones at least once a year. This will allow you to avoid password guessing.
- Set up two-factor authentication to access important resources and sites.
- Limit access to your social media pages or leave only information that is not important to you.
- Get a separate card for online payments and do not store money on it. Set limits on payments and transfers, and carefully look at which sites you enter your payment information on.
- If you receive a call with a request to do something urgently, take your time. It’s better to call a known number back to clarify the information.
- Change the default password for your router. Otherwise, anyone connected to your Wi-Fi network will be able to monitor traffic. So use WPA2 and create a strong password.
- Update your device.
- Do not discuss intimate things and do not exchange explicit photographs in correspondence. Moreover, you cannot send any payment information.
- Try not to use free Wi-Fi and VPN. They can collect and view all the traffic you send. In some cases, even encrypted.
Average Level
- Check the list of connections to your social networks, mail, and device applications. Remove those you don't use. Do it at least once a month.
- Don't save passwords in your browser.
- Think about how you will store passwords. Install a password manager.
- Check to see if you are included in databases with data leaks, and sign up for notifications when you appear in such databases. There are several free services that can help you know whether your account is compromised.
- Do not leave data on sites that are not protected by the HTTPS protocol.
- Regularly clean cookies, session data, and caches.
- Use pseudonymous addresses to protect your real email address from spam and phishing.
- Review the permissions apps ask for and read user agreements to understand what data they can collect, use, and share. This will help reduce the number of your data leaks.
- Use incognito mode and VPN.
- Use different e-mails for correspondence, work, registration on entertainment resources, registration on government portals and banks. This method will help you minimize accounting and subsequent hacking of your e-mail through weakly protected sites, and it’s just convenient.
Advanced level
- When ordering delivery, do not indicate the apartment number. It is better to go out and meet the courier in person.
- Try to search for your phone number, full name, and photos. If you are not satisfied with the information about you on the internet, you can contact the owner of the resource and ask to remove it.
- Use virtual mailboxes and SIM cards to register on resources that are not important to you.
- Before posting or sending photos, remember to clear the metadata. They may contain information about the geolocation, device, and time when the photo was taken.
Attackers will not spend much time searching for information about you if you are an ordinary person. But if you are a media personality or hold a high position in a company, you should think about your digital security.
Interested in more insights and expertise? Subscribe to our newsletter and follow us on social media: LinkedIn, Facebook, Instagram.