Oh boy, it’s been a bad year for privacy.
According to a recent RiskBased Security report, the first half of 2019 saw nearly 4,000 publicly disclosed breaches, exposing an inconceivable 4.1 billion compromised records. And most of those exposed records were from just eight breaches.
And the problem is getting worse: Three of those breaches have made the list for the 10 largest data breaches of all time.
You might not think there’s anything you can do to reduce the odds of being a victim of a large-scale data breach, but, in fact, there are a few precautions you can take – and you don’t need a degree in computer science to implement them. Much of it is identifying common online privacy myths.
The following are four such misconceptions, the truth and what to do about it.
Myth No. 1: Using a private browser keeps my information private.
Truth: Whatever your browser calls it – Private Browsing, Incognito Window or In-Private Mode – it’s meant to let you browse without leaving behind a local trail of history, passwords, cookies and other assorted bits of revealing information.
Sure, whenever you leave a private session, the browser is supposed to scrub your information, but your online activity is still visible, saved and could be shared or sold to third parties.
In other words, while private browsing prevents information from being automatically stored on your device, like browsing history or downloaded cookies, your activity is still visible to the internet service provider, as well as to the organization that provides the internet connection (such as a school or company). Also, the websites you visit may be able to view the session, too.
What to do: Just remember a “private browsing” mode may not be as private as it suggests. Those who are concerned about privacy could install a reputable virtual private network (VPN), which provides anonymity when browsing online. An up-to-date security suite should also help you keep away from prying eyes.
Myth No. 2: It’s safe to use public Wi-Fi, because, well, everyone does it.
Truth: Sure, Wi-Fi hotspots are a popular way to get online. They’re free, easy to use and available in many places – from coffee shops, restaurants and bars to airports, hotels, sports arenas and schools.
But there are risks in using them. One is you may not be joining the network you think you’re joining – even though it may be called PopeyesWiFi, for example – as it could be a fake, “rogue” network setup by someone nearby who’s trying access your info. Secondly, even if it’s a legitimate Wi-Fi hotspot, there are still risks in using the same one as everyone else, as malicious types can use tools to hack your device; it’s not common, but technically possible. Third, those who provide free Wi-Fi can (and often) collect and sell data about your browsing habits.
Another misconception is a public Wi-Fi hotspot is safe if there’s a password required, often given out by the establishment. But this isn’t much safer than not having a password if it’s freely given out to everyone indiscriminately.
What to do: If you can avoid them altogether, don’t use public Wi-Fi. Instead, consider your smartphone’s cellular connection by creating a personal hotspot. If you want to use free public Wi-Fi, use a VPN (per above) to browse anonymously.
And once you’re in a Wi-Fi hotspot, refrain from inputting personal information, such as passwords and usernames (yes, this means don’t read email or access social media). And of course, never conduct financial transactions, such as paying bills, shopping online, day trading or filing taxes.
If you want to read the news or check sports scores, have at it.
One last tip: don’t let devices automatically log onto free networks, which is sometimes an option (depending on the device), and if prompted, always say “no” to allowing your device to be visible on the network for sharing purposes (a common Windows prompt).
Myth No. 3: My personal data is gone once I delete it from a device.
Truth: Deleting files, emptying the Recycling Bin and even formatting a computer’s hard drive, USB thumb drive or memory card can still leave your personal files buried among those 0s and 1s. Yes, it’s true. Cybercriminals can still retrieve your documents, images and other files using easily accessible “recovery” tools found online.
Unless you take the necessary steps to properly wipe the hard drive or Flash drives clean, don’t sell, donate, trade-in, or recycle your computer.
What to do: There is downloadable software that can properly erase your hard drive. Sometimes referred to as “shredding” a drive, these tools, like Eraser and CBL Data Shredder, can comb through every sector to clear all your data. The process can take a while, so wait it out.
If your wiping software asks you to identify the number of passes you would like it to run, three is a sufficient number.
Some people physically destroy hard drives before recycling an old computer, such as taking a drill or hammer to it, but you don’t want to physically hurt yourself in the process. Good software should do the trick.
As for smartphones and tablets, the good news is newer iOS and Android devices support encryption, therefore opting for a “restore” or “factory reset” should be fine (it will say something like “Erase All Content and Settings?)” Or use reliable third-party software to do the job on an Android device.
Myth No. 4: I can use the same password for everything because it’s not easy to guess.
Truth: Never use the same password for all your online activity, because if a service is hacked and your password is exposed, cybercriminals will likely try it on another account. Even if your password is super-long and complicated, once it’s known, the bad guys have the keys to the kingdom.
A related myth is you have nothing of interest to hackers. Perhaps you think you’re not wealthy or famous, so you’re safe.
Wrong. Everyone’s data is valuable.
What to do: Not only should you use different passwords for all accounts – and reputable password manager apps can be a handy way to remember them all – try to use a passphrase instead of a password – a sequence of words and other characters including numbers, symbols and a combination of upper- and lower-case letters.
What’s more, make it harder for malicious types to access your data by adding a second layer of defense. With two-factor authentication (2FA), you not only need a password or passcode (or biometrics logon, like a fingerprint or facial scan) to confirm only you can access your accounts, but you also receive a one-time code to your mobile phone to type in.
Follow Marc on Twitter: @marc_saltzman. Email him or subscribe to his Tech It Out podcast at www.marcsaltzman.com.