Cybersecurity Awareness Month 2020: Data Privacy, Security, and You

It’s Cybersecurity Awareness Month 2020 here in the United States and we’re doing our part to help elevate the importance of protecting your information and data.

The NPR Life Kit podcast recently had a discussion of what data privacy is, how it differs from data security, cybersecurity, and some steps you can take to shore up the [walls] around your personal information. (Most of the information below comes from that podcast.)

Most of us already do the basics to protect our information, belongings, and financial information: we lock our doors and cars when we’re not home or in the vehicle, we don’t share our passwords (well, streaming services excepted, or so I hear), and we’re quite practiced about credit card numbers and so on.

Cybersecurity vs. data privacy

Even though we tend to use the words “security” and “privacy” somewhat interchangeably, they really address different portions of the confidentiality spectrum. Security is about keeping someone from gaining access to your belongings or information such as bank accounts, doing our best to fight against the growing risk of ransomware. Privacy is generally about shielding your movements or activities from the eyes of others.

When implementing basic cybersecurity practices, we know (do we?) that we need to choose strong passwords for our accounts and not write them down on a sticky note attached to your computer screen. (Given that many are working from home these days, this may not be quite as important, but still…) Create unique passwords or passphrases and use a password manager. Period.

Enable two-factor authentication in which a secondary code is sent to you via text message, email, or an app such as Authy.

Be aware of phishing attempts aimed at you via email or phone calls. You may choose to never answer calls if you don’t recognize the number. These attempts to get personal information from you are becoming more sophisticated.

Data privacy isn’t only about managing cookies

That leads us to privacy—the more that someone (or something in the case of AI) can learn about you, the easier it is to breach your cybersecurity efforts. You may not care if someone knows what brand of running shoes you buy, but everything you do online is being tracked. Take a look at the cookies implanted in your browser sometime. Chocolate chip they ain’t. All of those names you’ve never heard of are there to feed your browsing activity back to data aggregators who in turn sell your information to marketers—or worse.

All those apps on your phone? Yup. They’re tracking your movements and activity whether you’re using them or not. Go turn off the location services for the ones that truly don’t need it, or better yet, delete the apps you don’t use.

Ads are shown to you based on your activity and perceived interests. Prices change. Try this sometime: go to your favorite Seattle-based mega online retailer and search for a product. Ask a friend to do the same. Chances are you’re going to see different prices for the same product. If you keep shopping without buying, you’ll see the price change, too.

Okay, it’s not that big a deal if you end up paying a few cents more for those dog treats than your friend, but activity-based information can be more insidious than that. Think about disinformation campaigns and how easily those are started and propagated. If I want you to think a certain way about someone or something, it’d be helpful if I could tailor my message in a way that you’d be more inclined to pay attention to. And that’s easier if I understand more about you.

Our privacy laws in the United States don’t have much in the way of safeguards when it comes to your personal information. While California has implemented legislation similar to the European Union’s General Data Protection Regulation (GDPR), it’s a small step toward protections that would benefit us all.

Practicing good cybersecurity hygiene

The podcast concludes with these takeaways:

• Takeaway one:
  • Practice good cybersecurity hygiene. Use strong passphrases and two-factor authentication on your accounts. 

• Takeaway two:
  • Beware of phishing. Big companies are not going to call you and ask for your account information. And look out for weird URLs before you go clicking on them.

• Takeaway three:
  • Delete the apps you don’t need from your phone. Apps can collect a lot of information on you, so use a browser instead if you can. And for the apps you keep, limit what they can access.

• Takeaway four:
  • Be thoughtful about what you back up to the cloud. Those encrypted chats you have aren’t going to stay encrypted when they’re moved to iCloud or Google Drive.

• Takeaway five:
  • The United States doesn’t have strong online privacy laws. So while you can take steps to protect your privacy, it’s going to be tough to keep yourself from being tracked online.

And finally, you can start small and take these steps one by one. Focus on protecting what matters most to you.