Online privacy and personal security – how far should you go?

In these COVID-affected times we are doing more than ever online both for work and in our personal lives, and blurring the two more than ever. this brings certain questions sharply into focus. How do we keep our data secure both from corporations wanting to monetise it, and from criminals looking to steal information or worse? How much trouble is it worth going to? How much should we care?

For me, the extreme reactions are illustrated by Kevin Mitnick, who was once the world’s most notorious hacker but, having served time in prison, now earns a much easier and more lucrative living as an information security consultant. He wrote an entertaining and fascinating book called “Ghost in the Wires” which documented his career as a hacker (spoiler alert – he mostly accessed systems via ‘social engineering’, tricking people into giving him information, rather than technology weaknesses). He then followed this up with “The Art of Invisibility”, dispensing advice on how to protect your data. I found this one a bit wearing – always use a VPN, upgrade your router every year, buy a Chromebook which you only use for online banking…It was enough to make you decide a bit of surveillance wasn’t really that bad.

So is there a way to avoid the paranoia that makes normal life impossible on one hand, and fatalistically accepting surveillance and risk on the other? Everyone has to consider what is workable and necessary – clearly if you are an investigative journalist it’s worth investing a lot in this area - but below are some basic tips that I think are worth considering by anyone, expert or not, who values their online security and privacy:

  • Use a password manager for personal and work-related - essential. This is a much better option than the alternatives, which are basically to write down your passwords, use the same password everywhere or constantly reset it. Browsers have this built-in nowadays, but the security isn’t the best and you can’t then use your passwords in apps or when using other browsers. I use LastPass which I think is excellent but other reputable ones include Dashlane and Keeper. They have free plans and good value premium ones. Please don’t put this one off any more. Poor password habits put your company’s data at risk as well as your own.
  • An easy one – remember that whatever you do over work email or on a work device is never totally private. For legitimate reasons, your IT team can gain access if they need to. Don’t do anything on your work systems (especially email) that you want kept completely private.
  • Modern browsers give you the ability to control the extent to which you are tracked across the Web (you know, you browse for printers and then are followed around with adverts for them), so have a look at your settings and don’t just accept defaults. If you don’t trust big tech companies, consider using Firefox, developed by the not-for-profit Mozilla Corporation or Brave, which blocks everything by default, unless you opt in. You can also make your browsing more private very easily on certain browsers by installing Privacy Badger, developed by the US-based campaign group Electronic Frontier Foundation to block unwanted trackers.
  • Google is of course the most powerful search engine on the planet. But the price is that they know everything you have ever searched on, which is a pretty scary thought. Many of our searches really don’t need all that power so for simple searches you could try DuckDuckGo, who promise never to collect or share your search history.
  • Public wifi is far more risky than your personal wifi or mobile network. You don’t know who else is on it, how the people running it are using your data, or even, sometimes whether it is legitimate. If you have personal or corporate VPN, use that, otherwise tether your device to your phone and use your network instead.
  • Some aspects of privacy and security are matters of ethics and law, as is recognised by ICAEW research in this area. The cause of online privacy isn’t always a fashionable one, but Open Rights Group do good work on this point. They bring together technologists, lawyers and other experts to ensure that law is enforced and campaign for changes. Have a look and see if you want to be part of this.

We all need to find the right balance between security and convenience for us, but these are easy ways to make improvements. Why not share below your top tips for privacy and security?

Anonymous