Five ways you might be sabotaging your data privacy
It’s increasingly arcane to talk about our online and offline lives as two separate entities. Nowadays, they’re more intertwined than ever and the lines will only get blurrer in the future.
As such, it’s important to safeguard our personal data. After all, failing to do so could very well be the reason why you’re pestered by ads and spam messages in your email and SMS inbox. And it could even lead to far graver consequences such as social engineering attacks, where hackers use information about you to trick you into compromising your cybersecurity.
As we observe Data Privacy Day on January 28, there’s no better time to learn about how to protect your personal information by avoiding the actions – which many of us carry out unthinkingly – listed below.
Five ways you might be sabotaging your data privacy:
- Clicking “accept all cookies”
- Not checking if the website is secured
- Ignoring “password compromised” prompts
- Sharing anything and everything online
- Allowing all app permissions
1. Clicking “accept all cookies”
It seems like every website you visit has this nowadays – a popup asking for permission to track cookies. It happens so often that it becomes second nature to just click “ok”, “yes”, or some variation of consent. If everyone’s doing it, surely it can’t be that bad, right?
Wrong. Cookies contain your information, including what sites you browse, where you’re located and even your login information. In the wrong hands, this information can be used for nefarious purposes.
While it’s generally safe to accept cookies from trusted sites like your bank’s portal, you should still make it a habit to review the privacy statements every time a “request for permission” pops out. Be extra careful of third-party cookies and cookies from unsecured sites.
Some of these pop-ups also have “reject all optional cookies” or “accept only required cookies” options so that you can easily block all unnecessary cookies.
It might seem like a chore to review your permissions every time you click on an inane listicle, but it’ll be a shame to have your data compromised because you wanted to read an inane listicle and accepted cookies on an unsecured site.
2. Not checking if the website is secured
Speaking of unsecured sites, always keep a lookout for the lock icon next to the URL address in the box where you type the webpage address in, which indicates that the site is secured by a digital certificate.
Another good indication of a secure and legitimate website is the URL starting with “https” instead of merely “http”.
Still, scammers are always upping their game and have started to purchase digital certificates for their spoofed sites as they know people are likely to trust a site with the lock icon. The result – there are plenty of fake sites out there with the lock icon too.
So do take care to scrutinise the name of the site in the address bar, especially when you are about to perform sensitive actions like make a payment online. Be especially wary of misspelling like ocdc.com or shoppee.com that might look legitimate at first glance.
3. Ignoring “password compromised” prompts
There are plenty of tools today to help save your passwords so that you don’t have to remember all of them. Browsers can also save your passwords and auto-enter them the next time you revisit the website.
Another added benefit is that such password managers often notify you when your saved credentials have been part of a data leak from the website in question, or if your credentials have been spotted being put up for sale to malicious actors.
It’s easy to ignore these notifications, especially when you think to yourself, “I’m nobody, who would bother to hack me?” Still, it wouldn’t hurt to investigate further and simply change your password for peace of mind.
What’s more, password managers can automatically generate new, complex passwords so that you don’t have to crack your brains coming up with yet another password. (Also, you won’t fall into the trap of adding “1” behind your password thinking that makes your password “new”.
4. Sharing anything and everything online
We’re in the age of “living for the gram” and documenting every aspect of our lives online, however mundane and routine.
This leaves a rich trail of information for bad actors to learn about you and glean your personally identifiable information. Say you record and post a video of you leaving your home and getting to the airport, boarding your flight to Tokyo, and enjoying your first day at Disneyland. If you’re not careful, you’ve just given away your home address, the fact that you’re in Japan, and details of your itinerary.
Scammers may use this information to impersonate you, approaching your friends to say “you” lost your passport and money overseas, and need their help in the form of some cash transfers. Your home could become a ripe target for housebreaking, since no one would be there for a few days at least.
Yes, social media can be fun, but review your posts before publishing them and scrub them of any clues to your personal data. And those lovely vacation snaps can wait till after you’re home to be posted.
5. Allowing all app permissions
We often get prompts when downloading new apps to allow the app access to different parts of our device, such as its camera, its location, and the saved contacts. While some of these are necessary – the Singpass app needs access to your camera so it can scan QR codes and enable QR code logins – apps could also request for access that’s not needed.
Take a moment to think if the access request makes sense. You may end up having photos and videos taken of your surroundings and your conversations recorded if you allow dubious apps to access your microphone and camera.
Better yet, set a regular routine, say once a month, to go through all your app permissions and disable those you deem unnecessary. Another good practice is to uninstall apps that you haven’t been using. They’re just sitting there, vacuuming up your data. There’s no need to hoard apps, you can always reinstall them if you really miss them.
It’s not paranoia if they’re really after you
Protecting your personal data can feel a bit like paranoia these days, having to be on guard against any and everything on your device. But there really are various entities out there vying to gain access to your information. So some healthy paranoia is definitely called for as we continue to live an increasing part of our lives online.
The bottom line: you’re doing yourself a favour by staying vigilant and protecting yourself from being compromised.