Regular readers will know that we at BH Consulting are passionate advocates for digital privacy in all its forms. So for this week’s blog, we’re delighted to feature Zoë Rose, whose post, “A Guide to Digital Privacy for You and Your Family”, first appeared on Tripwire’s State of Security blog. It’s an excellent long read that clocks in at over 2,200 words, full of practical tips and links to useful sources. Here, we present the main points and we recommend you read the original too.

Zoë also happens to be the latest addition to the BH Consulting team. She’s a highly regarded cybersecurity specialist who combines deep technical expertise with skills in designing and executing cybersecurity awareness programmes.

In the post, Zoë starts by considering how to make conscious decisions before sharing information online and being aware of data aggregation. She explains how to limit information that online services collect about us. Then she covers starting a privacy and digital security plan and the controls to put in place.

Taking back control

The opening lines make the case for strong digital privacy in very personal terms. It feels intimidating when someone shares our private digital images without consent or accesses our social media or email accounts without permission. But there are steps we can take to regain control of our personal information.

“If you’re a technical person, remembering each and every piece of your online footprint can be an inconvenience… for non-technical persons, simply understanding the footprint we leave online, on our devices, and even in our daily interactions in life can be a nightmare,” Zoë writes.

Think before you share

Even an apparently harmless photo posted on a social network can contain details that someone else can use maliciously. As Zoë says: “When you share information online, consider what you’ve shared. Can it be used to access any of your accounts?”

She gives four useful questions to ask before sharing any information digitally:

• Take a moment to think who the audience is of this shared information?
• How sensitive is this information?
• Are you concerned about specific persons, groups, and/or the public finding out this information?
• Can this information be used to access any of your accounts?

Zoë gives examples of how data is collected and the value it can have. Sometimes, that’s a good thing when it gets us loyalty points or discounts, but it’s worth weighing up the benefits against the risks. If the scales tip towards risk, then you can limit the information you share with online services. For example, you can create false data within the input fields and then delete the account. Or, if you have to provide legitimate data for legal reasons, you can still restrict the information, such as using a hired postbox instead of your home address or use your initials instead of your full name.

The whole truth?

Another option is to provide alias information if the account you’re setting up doesn’t need accurate data. Zoë keeps track of this by recording the alias name, date of birth, email address, and occupation in her password manager under ‘Identities’. This lets her reuse that alias wherever there’s no legal requirement for legitimate information. And because she has a record of the alias, she doesn’t have to worry about remembering the details.

Six steps to a more secure mindset

Even for someone who’s already signed up for a slew of online services and subscriptions, it’s never too late to start being safer online. Zoë lists six simple steps to become more privacy-focused.

• Start by making a list of all social media, online banking, and digital loyalty programs you’re signed up for.
• Search for your name in the various search engines (Google, Bing, and DuckDuckGo) and see what comes up. Focus the search by adding terms like name, country or occupation.
• Set up digital alerts that will trigger if your name is mentioned on Google or Twitter.
• View your social media accounts from a public perspective. On some sites, you can select ‘View As’ others you can sign out to view. Further still, you might need an unconnected account to view. Another option is to ask a trusted friend to look at your accounts for you. See what information is displayed and to whom. Working together, your friend can search for you, and you can search for your friend.
• Think about separating emails; Zoë uses an everyday email, one for mailing lists, another for password resets, and others.
• When creating new accounts, consider the connection between them. Do you want to provide your real DOB? Do you want to use the same email address, or can you use an email that forwards to yours? Even if ‘sign in with your Facebook account’ is an option, why not select the separate login option?

Taking charge of your privacy

Once you’ve established your online footprint, here are eight controls to put in place to improve your security and privacy.

• Keep devices up to date
• Use strong passwords
• Consider a password manager. Some have family packages; consider sharing passwords through this or other physical solutions
• Enable multi-factor authentication. This can be done using SMS, application, or physical tokens
• Sign up to be notified when a breach happens on Have I Been Pwned?
• Use ad-blockers and limit tracking. This can be done via plugins or through specific browsers such as Brave. You can also view security and privacy settingsand verify that things align with your needs
• Use VPNs when connecting to unknown Wi-Fi or restrict to mobile data when traveling.
• Install anti-virus on devices that support this, including mobile devices.

The blog also has a useful model for understanding the threats, and also includes a section about how to discuss privacy and security with children.

Wrapping up the blog, Zoë stresses the importance of being aware of specific risks that concern you. “Build something that is proportionate to your risks, understanding, and capabilities,” she advises. It’s about striking a balance: if the rules are too strict, the solution won’t be usable, she warns. A striking phrase that applies to privacy and so much more is: “instead of perfection, strive for continuous improvement”.