For a number of years now, January 28 has been marked as “Data Privacy Day” (or, for our European friends, “Data Protection Day”), and it is often overlooked observed in the United States, Canada, India and many European countries.
According to StaySafeOnline.org, Data Privacy Day commemorates the January 28, 1981, signing of Convention 108, otherwise known the “Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data”. The Convention is summarized, in on the Council of Europe website as:
[T]he first binding international instrument which protects the individual against abuses which may accompany the collection and processing of personal data and which seeks to regulate at the same time the trans-frontier flow of personal data.
In addition to providing guarantees in relation to the collection and processing of personal data, it outlaws the processing of “sensitive” data on a person’s race, politics, health, religion, sexual life, criminal record, etc., in the absence of proper legal safeguards. The Convention also enshrines the individual’s right to know that information is stored on him or her and, if necessary, to have it corrected.
So in the spirit of Data Privacy Day, we offer these tips for protecting your personal and work-related data, courtesy of the United States Computer Emergency Readiness Team (US-CERT):
-
Use and maintain anti-virus software and a firewall – Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall. (See Understanding Anti-Virus Software and Understanding Firewalls for more information.) Make sure to keep your virus definitions up to date.
-
Regularly scan your computer for spyware – Spyware or adware hidden in software programs may affect the performance of your computer and give attackers access to your data. Use a legitimate anti-spyware program to scan your computer and remove any of these files. (See Recognizing and Avoiding Spyware for more information.) Many anti-virus products have incorporated spyware detection.
-
Keep software up to date – Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. (See Understanding Patches for more information.) Many operating systems offer automatic updates. If this option is available, you should turn it on.
-
Evaluate your software’s settings – The default settings of most software enable all available functionality. However, attackers may be able to take advantage of this functionality to access your computer. It is especially important to check the settings for software that connects to the internet (browsers, email clients, etc.). Apply the highest level of security available that still gives you the functionality you need.
-
Avoid unused software programs – Do not clutter your computer with unnecessary software programs. If you have programs on your computer that you do not use, consider uninstalling them. In addition to consuming system resources, these programs may contain vulnerabilities that, if not patched, may allow an attacker to access your computer.
-
Consider creating separate user accounts – If there are other people using your computer, you may be worried that someone else may accidentally access, modify, and/or delete your files. Most operating systems (including Windows XP and Vista, Mac OS X, and Linux) give you the option of creating a different user account for each user, and you can set the amount of access and privileges for each account. You may also choose to have separate accounts for your work and personal purposes. While this approach will not completely isolate each area, it does offer some additional protection. However, it will not protect your computer against vulnerabilities that give an attacker administrative privileges. Ideally, you will have separate computers for work and personal use; this will offer a different type of protection.
-
Establish guidelines for computer use – If there are multiple people using your computer, especially children, make sure they understand how to use the computer and internet safely. Setting boundaries and guidelines will help to protect your data. (See Keeping Children Safe Online for more information.)
-
Use passwords and encrypt sensitive files – Passwords and other security features add layers of protection if used appropriately. (See Choosing and Protecting Passwords and Supplementing Passwords for more information.) By encrypting files, you ensure that unauthorized people can’t view data even if they can physically access it. You may also want to consider options for full disk encryption, which prevents a thief from even starting your laptop without a passphrase. When you use encryption, it is important to remember your passwords and passphrases; if you forget or lose them, you may lose your data.
-
Follow corporate policies for handling and storing work-related information – If you use your computer for work-related purposes, make sure to follow any corporate policies for handling and storing the information. These policies were likely established to protect proprietary information and customer data, as well as to protect you and the company from liability. Even if it is not explicitly stated in your corporate policy, you should avoid allowing other people, including family members, to use a computer that contains corporate data.
-
Dispose of sensitive information properly – Simply deleting a file does not completely erase it. To ensure that an attacker cannot access these files, make sure that you adequately erase sensitive files. (See Effectively Erasing Files for more information.)
-
Follow good security habits – Review other security tips for ways to protect yourself and your data.
Finally, consider these additional US-CERT guidelines when you share your information online:
-
Do business with credible companies – Before supplying any information online, consider the answers to the following questions: Do you trust the business? Is it an established organization with a credible reputation? Does the information on the site suggest that there is a concern for the privacy of user information? Is legitimate contact information provided? If you answered “No” to any of these questions, avoid doing business online with these companies.
-
Do not use your primary email address in online submissions – Submitting your email address could result in spam. If you do not want your primary email account flooded with unwanted messages, consider opening an additional email account for use online. (See Reducing Spam for more information.) Make sure to log in to the account on a regular basis in case the vendor sends information about changes to policies.
-
Avoid submitting credit card information online – Some companies offer a phone number you can use to provide your credit card information. Although this does not guarantee that the information will not be compromised, it eliminates the possibility that attackers will be able to hijack it during the submission process.
-
Devote one credit card to online purchases – To minimize the potential damage of an attacker gaining access to your credit card information, consider opening a credit card account for use only online. Keep a minimum credit line on the account to limit the amount of charges an attacker can accumulate.
-
Avoid using debit cards for online purchases – Credit cards usually offer some protection against identity theft and may limit the monetary amount you will be responsible for paying. Debit cards, however, do not offer that protection. Because the charges are immediately deducted from your account, an attacker who obtains your account information may empty your bank account before you even realize it.
-
Take advantage of options to limit exposure of private information – Default options on certain websites may be chosen for convenience, not for security. For example, avoid allowing a website to remember your password. If your password is stored, your profile and any account information you have provided on that site is readily available if an attacker gains access to your computer. Also, evaluate your settings on websites used for social networking. The nature of those sites is to share information, but you can restrict access to limit who can see what. (See Staying Safe on Social Network Sites for more information.)
When it comes to protecting your privacy, it certainly is true that an ounce of prevention is worth a pound of cure. Stay tuned for further updates, and have a happy data privacy day.