5 Steps to Protect Your Data and Yourself
Practical steps that you should take to keep your data private in our modern digital landscape1. A password alone is no longer enough
This has been the case for a while, but now it is more relevant than ever. A password alone, even a very secure password, is no longer enough to protect your data. Because of this a lot of companies are now offering “Two-Factor Authentication” in addition to passwords.
What this means is that you type your username and password to log into a website like you have always done, but then an additional code is required to complete the login process. Some companies will call or text you this code, other companies allow you to use third party apps such as Google Authenticator.
A non-exhaustive list of companies that support this technology are:
While I previously only recommended this to my clients with sensitive data such as lawyers and medical professionals, I now recommend it for everyone.
Important: Each service gives you the ability to download backup codes which you should save to your computer. If you lose access to your mobile phone, you will not be able to log into anything that uses Two-Factor Authentication until you either regain access to your mobile phone or use a backup code.
Authy App
Free, widely supported, cross-platform, rich in features (Lifehacker article on it)
2. Encrypt your data
Passwords on computers and mobile devices can be cracked. And even if they can’t be, the data can still be recovered with the correct tools. That is where data encryption comes in. Even if your data is acquired by a hacker or hostile government, they cannot easily read the data if it is encrypted, keeping your private information secure.
Data encryption translates data into another form, or code, so that only people with access to a secret key (formally called a decryption key) or password can read it. Encrypted data is commonly referred to as ciphertext, while unencrypted data is called plaintext. Currently, encryption is one of the most popular and effective data security methods used by organizations. Two main types of data encryption exist – asymmetric encryption, also known as public-key encryption, and symmetric encryption. (Digital Guardian)
I recommend encrypting the data on your mobile phone, on your tablet and on your computer.
- On iOS devices, your data is encrypted by default and you can set your passcode settings to wipe your device if the password is entered wrong 10 times (read more here).
- On Android devices, you can encrypt your data by going to Settings > Security > Encrypt phone (read more here).
- On an Apple computer running the current version of MacOS, you can encrypt your startup disk under System Preferences > Security & Privacy > File Vault (read more here).
- On a computer running Microsoft Windows 8.1 or later, you can encrypt your disk using several different methods which you can read more about here.
Important: No encryption is 100% unbreakable, but it makes it very difficult and time consuming to get to your data, deterring anyone who doesn’t have a really good reason to need access to it.
3. Host your data outside of the United States when possible
With the currently uncertain and frequently changing political landscape in the United States, I recommend hosting your data outside of the U.S. if possible. I host my own websites and my clients’ websites on servers based in Canada, providing another layer of protection.
There is affordable web hosting available in Canada, India and Europe to consider. Hosting outside of the U.S will result in slightly slower load times since the data is traveling a longer distance, but in most cases it is so minimal that it can hardly be noticed.
4. Avoid taking any sensitive data on international flights or over land borders
The best advice I’ve found on this topic is from the article “Want to protect your data at the border? Delete it” from The Verge. While unreasonable search and seizure is technically unconstitutional in the United States, it is has become more of a suggestion than a right since the 9/11 terrorist attacks, especially within 100 miles of a coast or border.
What that means is that CBP Agents can demand access to your mobile devices and make you very sorry if you do not cooperate.
- If you are not an American Citizen, they can deny you entry or deport you.
- If you are an American Citizen, they can detain you and/or seize the device.
Because of this, the best thing to do is to simply not carry any data with you that you wouldn’t want them to have access to. That way you can comply with their request but also safeguard your data.
5. Use social media privacy settings
Facebook provides a lot of privacy settings to help keep your content visible only to friends or family. Use these settings, especially for anything politically sensitive. That way even if government agents find your social media accounts, they won’t be able to see content you’ve posted, without your login information, which you do not have to supply to them.
Use the Facebook Privacy Checkup tool to make sure that your personal information is being protected.
For public social media platforms such as Youtube, Twitter and Instagram, simply avoid posting anything that could be deemed politically sensitive.