Personal Security Plan

Right now, lots of people are telling me how much more time they have.  No travelling, no tedious group meetings – we finally have time to think!  It’s a great time to review your personal approach to security.

What’s your personal security plan?

Your data is hugely valuable.  Before we think about better insights for your company.  Let’s take a few minutes to check on your personal security and privacy, then plan to improve it.

Do you accept cookies?

“Of course,” you say.  Most of us do.  Every time you click ok to cookies on a website you give them permission to have some of your data.  Things like how you use the site, which pages you visit, other websites you’ve visited.

Action:  Delete Cookies.

Most cookies are ok and just let the owner of the site know which pages are most popular.  Some do helpful things like remember your username from when you’ve visited before.  But a cookie can hang around for years and I’d think about backing away from any site you don’t trust.  If you don’t mind a little bit of hassle in the short term, just go ahead and delete them now.  Be aware that a cookie from an online advertising company can tell them all the sites you visit – this is how they show you the ad content.

Do you have accounts on multiple websites?

“You bet.”  If you are like me, you probably have loads of them.  The problem is, they get hacked all the time.  That valuable data you trusted them to look after is being sold right now.  If you want to know which sites have been hacked and when your data has been sold, look at https://haveibeenpwned.com/

Action:  Avoid signing up to accounts

Do you really need that free service?  If you do need it, think about when you use a Social Login provider like Facebook, Google or Microsoft Live.  Don’t use the Social Login option if the service is going to hold more sensitive personal information.  Don’t put sensitive personal information into a service you don’t trust.

Do you have complex password?

“Of course, I make them complex so hackers can’t guess it.”  Unfortunately, we can’t remember a complex password, so we use the same password everywhere.  Now when an attacker gets access to one site (and they most likely already have) they have your password for all your other sites.

Action:  Never use the same password

Complex passwords are a useful defence, but it’s hard to remember 100s of passwords.  On balance, it’s better to use a password service.  Yes, all passwords are in one place, but it’s usually better than our alternative approaches.  Be sure to enable 2 factor authentications (e.g. login plus txt message, or login plus authentication code) on that service and every other service where available.

Have you heard about Cambridge Analytica?

“Yeah, Facebook are doing terrible things with our data.”  Right, but most people still use Facebook.  The big worry here is not that Facebook will lose your data, but rather that they will use it in ways you don’t want or know things you don’t want to share.  Through GDPR, Policy Makers are trying to protect us from highly targeted content that makes us do things that are harmful to ourselves or others.

Action:  Delete Facebook and any unused accounts

Do you really need it?  I know this point is quite divisive, but I think I’m better off without it or any super aggregator of content.

Action:  Think twice about everything you reshare

Did you read that article all the way through?  I’d rather not be part of the problem, so my advice is to read the entire article and think twice about sharing articles.  Yes, even this one.

Do you buy things online?

“Sure.”  Have you ever bought things you didn’t really need?  “Yes, but that wasn’t even on the internet.“  We humans are easily influenced – evolutionary attraction to shiny things most likely!  So, One way is to aggregate our data without our knowledge.  A simple tactic is to offer you something for free, but then use your data for profit.

Action:  Remove unused App connections

Do you remember giving that company access to your profile, contacts and all emails?  Use the same Social Login every time if you can and delete all connections from the others.

Here are a few steps to check on the big social login providers and remove the connections you’ve let others have, but no longer want them to have.

Facebook

Disclaimer.  I deleted Facebook, so this information is from their website and I haven’t tried it recently.  https://www.facebook.com/help/942196655898243/?helpref=hc_fnav

To see and manage the apps and games you’ve added:

1. Click  from the top right of Facebook and click Settings.
2. Select Apps and Websites in the left side menu.

Google

To help you safely share your data, Google lets you give third-party sites and apps access to different parts of your account.  Full article here – https://support.google.com/accounts/answer/3466521?hl=en

1. Go to your Google Account.  https://myaccount.google.com/
2. On the left navigation panel, select Security.
3. On the Third-party apps with account access panel, select Manage third-party access.

Click this link to go straight to the right page:

https://myaccount.google.com/permissions

Microsoft

1. https://account.microsoft.com/privacy/
2. Scroll down, Apps and service that can access your data

https://account.live.com/consent/Manage?uaid=260e019f87b1418b9e1d47e835ef1d26&mkt=en-US&guat=1

LinkedIn

Microsoft acquired LinkedIn a couple of years ago now, but the data connections are still managed separately.

https://www.linkedin.com/psettings/permitted-services

1. Partners and Services
2. Remove all the unused connections.

I hope this slightly longer Byte Sized Insight has sparked your imagination.  Get it touch and let’s talk data!

Now, let’s think about your Corporate Security Plan.