Data Privacy Week – 20 Data Privacy Tips by Lynn Terwoerds

Lynn Terwoerds is the former EWF Executive Director, a founding member, and on the Advisory Board. After over 25 years in cybersecurity working at Microsoft, Oracle and Barclays, Lynn now spends her time between nonprofit board work and as an advisor and investor to a secure cloud builder startup called Containn. In her spare time, she does cybersecurity consulting for minority-owned businesses. Connect with Lynn on LinkedIn here.

10 Personal Privacy Tips

1. Protect your password and even your user ID.
   • Better yet, take advantage of any opportunity to use two factor authentication.
   • Your username is more useful to hackers than you think.
   • Think about using a secure password keeper. If this helps you change your passwords more often, it’s worth it.
2. Be careful what you share with unvetted third parties
   • Social media quizzes are great opportunities for data mining, or worse.
   • Think about how many applications have access to your contacts, whether it’s on your phone or computer. How much data is there? What did you agree to in the terms and conditions?
   • What about pictures and data privacy? Today it’s commonplace to take a picture of your driver’s license, vaccination card, passport, and medical insurance card. Again, how many mobile phone apps ask for permission to your photos and what information is then exposed?
   • How about that camera and microphone? Consider turning them off and only using them when needed.
3. Vicariously clicking on links and files is still dangerous, however hackers have become better and more sophisticated.
   • Mark suspicious emails as spam. At the same time, look at your junk folder to make sure legitimate emails aren’t being marked as spam.
   • Use this same approach to social media. Don’t click on suspicious links, files, requests or advertisements unless you’re sure they are legitimate.
   • Only download software and applications that you know are reputable and that you’re downloading them from a legitimate site.
4. Make the time to do a quarterly social media review
   • Review all your privacy settings across platforms such as FB, Twitter, LinkedIn, Instagram, TikTok.
   • Think about what you share on every social media platform, from posts to your personal profile. Consider that you may want to also update your information.
   • Take the time to delete unwanted or potentially inappropriate posts
   • If you’re not using a social media platform, consider closing your account so that it cannot be hijacked by someone else.
5. Update all your applications regularly. Security fixes are commonplace, and vendors update their applications often.
6. Invest in good anti-virus, anti-malware for devices. Don’t ever assume your platform or vendor isn’t hackable or doesn’t have viruses and malware.
7. Hackers cannot attack services, applications and protocols that are shut down.
   • Consider removing old software.
   • Turn off services such as Bluetooth, GPS and wireless when not needed.
   • Close accounts that you don’t use anymore.
   • Look at your credit report at least once a year and exercise your right to remove closed accounts or correct erroneous information.
8. Avoid public Wi-Fi if possible. Use a VPN on both your mobile device and your computer, especially when you are on a public network.
9. Don’t forget to do secure backups (encrypted and password protected). It’s terrible when you are responsible for your own data loss. And don’t forget to encrypt your computer and mobile device to guard your data if it’s stolen.
10. Social engineering is still effective. Be careful of phone scams or anyone asking you for PII (personally identifiable information), whether that’s on over phone, email, on social media or even in person.

10 Enterprise Privacy Tips

1. Don’t collect more data than you need.
2. If you collect it, protect it. Use enterprise grade solutions to protect your data to show your company used commercially reasonable steps to avoid a breach.
3. Have a strong data privacy policy that’s easy to understand. Communicate it appropriately inside and outside of your company.
4. Privacy and security aware employees are your company’s strongest line of defense. Make sure they know what to do in the event of an incident.
5. Have a strong third-party vendor vetting and due diligence process. Your reputation and customer’s data could rely on the robustness of your vendor’s data protection measures.
6. Encrypt your data. And then do secure backups.
   • If a 3^rd party does your backups, make sure they meet your data protection standards.
   • Backups are useless if you never tried to restore data.
7. Deploy reliable antivirus/antimalware to all systems. Don’t allow employees to opt out.
8. Secure all your networks (LAN, WAN, wireless) and be on the lookout for ad hoc networks and unsanctioned devices. Do this on a regular basis.
9. Two factor authentication should be mandatory for access to any high value or sensitive system. It should be understood that any admin or super user accounts must have multi-factor enabled by default.
10. Have a well-rehearsed and updated incident response plan.