Back in 2019, I was designated to be the company's Data Protection Officer. While I was simultaneously working as a full-time web developer, the task was extremely challenging and, I must admit, daunting. I managed to get the Company registered to the National Privacy Commission, attended the Privacy Awareness Week 2019, and shared some online safety tips inside the organization that helped them elevate their cyber hygiene. Today, I realized that Data Privacy Awareness shouldn't be limited inside everyone's workplace. In this article, I'll share with you the same safety tips I shared with my colleagues back then, adding my personal insights on how I practice them myself. You can also check this list from the NPC Website.
Table of Contents
Tip #1: Create strong passwords.
Tip #2: Never use the same password on multiple accounts.
Tip #3: Lock your device.
Tip #4: Always log out of browsers.
Tip #5: Make sure there is an https in the browser address bar.
Tip #6: Do not log in on personal accounts on free or public wifi.
Tip #7: Install an Anti-Virus…and update it.
Tip #8: Don’t click on pop-ups or virus warnings.
Tip #9: Install an ad blocker to lessen browser pop-ups.
Tip #10: Have you been Pwned?
Tip #1: Create strong passwords.
Strong passwords are at least 12 characters long and contain a combination of upper and lower case letters, numbers, and if possible, symbols.
Whenever I signup on any website, be it a dummy account or not, I always use random generated passwords. I don't use my birthday, or use my username plus a sequence of numbers like `123`, or use something very obvious like `secretpassword`. Yeah, that's a silly move. So what I always do is use my browser's suggest password feature. After that, what I only need to remember is the account synced to my browser. That recently generated password will be synced in all of my devices instantly. Most major browsers have this feature. If for some reason you can't find it, then try online tools like LastPass Password Generator.
Note: Before you start this habit of generating random passwords, make sure the account connected to your browser is the most secured. Activate all multi-factor authentication. If you also use Google, quickly go to https://myaccount.google.com/security-checkup. If you are an Apple fan, go check that Two-factor authentication right away here: https://support.apple.com/en-gb/HT204915.
Tip #2: Never use the same password on multiple accounts.
Having different passwords on multiple accounts makes it harder for hackers to guess them.
I know that it's hard to think of a different password everytime and check your account one by one. But hey, it's better late than never, right? If you do the same habit like mine in Tip #1, you'll never have to remember hundreds of passwords again. If you're currently using Google Chrome and you have an account synced, go jump into chrome://settings/passwords/check?start=true . Ps: Screenshot not mine. Haha
Tip #3: Lock your device.
Leaving a laptop or cellphone unlocked is like leaving an open purse, which hackers are more than happy to take advantage of.
Even if you have that passcode always on but you left the lock screen timeout settings far too long, anyone can gain access to your device. So double check your phone's lock screen timeout now and change it to 1 minute at most or just 30 seconds if you can.
If you're on Windows, you can make sure it will ask for password everytime by going to the Settings > Sign-in options.
Did you also know there's this Dynamic Lock feature in Windows that you can activate when you're working outside like in coffee shop or any public place? If you connect your phone, it will help detect when you are out of range and will instantly lock your PC. Pretty cool right? Check it out here.
Tip #4: Always log out of browsers.
Google Chrome has a unified log in system, which logs you into the browser even if you only log in through the e-mail, so don’t forget to log out. Or better yet, use Incognito mode.
For this tip, it depends on your online activity. If you use your device almost everyday, then it might be annoying to logout your email or browser account every now and then. If you can and it won't hurt that much, why not right? The most important thing to remember here is to logout if it's not your own device. Like if you are sharing your workstation in the office, then best to logout everything most especially your personal accounts. If for some reason you use someone else's device, like in computer shops or incase of an emergency a stranger's phone, then by all means, USE INCOGNITO.
Tip #5: Make sure there is an https in the browser address bar.
The S after the HTTP stands for “Secure,” which means the data being sent between your browser and the site you are on is encrypted.
This tip is one of the most basic but also one of the most important. Like in our traffic lights, if you see red on the URL up top, then STOP.
Most major browsers nowadays automatically prevent us from visiting a non-https website. End users can still override this by clicking Advanced > Proceed. If you're still not convinced how important this part is, let me give you a short explanation. When you visit an HTTP website, you send and receive the data as is, that also includes your passwords or any private data like bank records. On an HTTPS website, it tells the browser to ask for an SSL Certificate, which verify that a particular server is who they say they are. The browser will encrypt any outgoing and incoming data using an Encryption Key also called a Public Key. This encrypted data can only be decrypted using a Private Key that lives on the originating Web Server, hence the name Private. This means there will be no way for hackers to sniff or peek on your data.
Tip #6: Do not log in on personal accounts on free or public wifi.
Open networks make it very easy for people to peek into your activity and accounts, and the people you share the network with may also be using compromised devices.
With added explanation on Tips #4 and #5, Free and Public Wifi is not safe at all. First, a hacker may connect to the same free network and inject scripts on the router giving him access to anyone connected to it. Second, a remote hacker may have comprised someone else's device that recently connected to the network, and that may expose you too. Last but not the least, you as one of the receiving clients of the network may have exposed everyone else because of the same reason.
But that doesn't mean you should give up free Wi-Fi in favor of confining yourself to a desk at home. The great majority of hackers are merely looking for easy targets, and following a few simple steps should keep your data safe.
Use a VPN
Use SSL Connections
Turn Off Sharing
Keep Wi-Fi Off When You Don't Need It
Install an Anti-virus and keep it updated. Always.
That's not all of it, so continue reading please :)
Tip #7: Install an Anti-Virus…and update it.
New viruses are being created all the time, so simply installing an anti-virus program doesn’t cut it. It is important to update the programs to keep up with new and emerging threats.
For Windows users, we are very familiar with this one. Since it is the most commonly infected operating system, installing anti-virus is a must have. However, with little understanding about how it works, we don't bother updating it. Did you know that, Love Bug Virus, one of the most major computer virus outbreak, was spread through an email (and it came from the Philippines)? Today ofcourse that threat has already been taken care of, but how sure are you that there will never be a new one of an unknown variant. That is an enough reason for you to keep your virus database updated, and it will also help everyone worldwide.
On the other hand, Apple users have this misconception that they are immune to malwares and threats. While I agree that Apple has a very strong layer of defense and detection, I also believe that it's not impossible to be infected. Maybe not so easy today, but sooner or later there will be someone that can keep up. Softwares are made by humans anyway.
Tip #8: Don’t click on pop-ups or virus warnings.
These warnings are now called “scareware,” which are fake security alerts telling you to click a link to download software to remove the virus in your computer. The links, however, contain viruses.
Also one of the basics but not everyone can distinguish the difference of what to click and what not to, especially when the pop-up is properly designed to trick you that it is an actual part of the website you're trying to access.
One tip that I can give you, if you're visiting a website and it says virus detected, close it immediately. Browsers, most of the time, does not give websites the capability to detect remotely if your device has a virus or malware. So another rule of thumb, DON'T click pop-ups.
Tip #9: Install an ad blocker to lessen browser pop-ups.
Extensions like AdBlock Plus, available on Google Chrome and Mozilla Firefox, prevent pop- ups from appearing and notify you if these seem malicious while you browse.
Tip #8 already explained the cause so this tip gives you the prevention. You know it's too late, if you're looking for the cure. Install right away: https://adblockplus.org/
Tip #10: Have you been Powned?
Check out https://haveibeenpwned.com/PwnedWebsites to see if you’ve availed of compromised services online. If, by any chance, you have, change your passwords immediately.
I am so amazed with this one. By checking on this site, it will tell you whether your email or phone has been detected in past breaches. I tried mine and it's pretty accurate. You can also check your passwords here to see if they were exposed before, so the more reason for you to change them immediately. Did you know that the password `secret` has been detected 356,668 times already, and that's only from the known leaks?
Next Article
In the next article of this 3-part series, we will talk about the other 10 tips of Personal Data Privacy. Stay tuned!
Jump to Part 2 of 3