When California passed an online privacy law that will take effect on Jan. 1, 2020, it made me think about a user’s responsibility when it comes to how we engage online.
As online privacy starts to become a larger discussion, it’s important we take personal inventory of:
- How are we connecting online?
- How can we stay safe and keep our data private?
- How much of a digital footprint are we leaving behind?
These are some of the questions I helped tackle during our webinar “Security Beyond Your Website: Personal Online Privacy” and in a Twitter conversation (through the #Digiblogchat weekly forum) on this same topic.
Let’s focus on the first question: How are we connecting online?
Online Privacy Best Practices
Think about what you’re using to connect online everyday. To get to a website, you first need to connect through your WiFi router. Then, you get on your desktop or mobile device to spin up an interface.
Each of those are areas where your online privacy can be impacted.
WiFi Router Best Practices
- Change Your Router Admin Password
Take a look at your WiFi router and you might find the default gateway and login to access your router’s configuration panel. Most routers set the default admin’s username as “admin” and I’ve seen passwords as… “password.”
If you do not change your router admin password, you leave the door open for malicious users to exploit it. For example, an unprotected router can become part of a malicious botnet and be used in a DDoS attack.
- SSID Enhancements
Make sure you select a network name that doesn’t personally identify you, or draw unnecessary attention, especially in apartments where you can see a long list of WiFi names. If someone has an agenda, using your surname would certainly help them, not you.
Also, think about the number of laptops and phones expected in an office setting. If there are 20 employees working, only 20 phones and 20 desktops should be allowed to connect to the WiFi router. This is something that you can track within a “List of Connected Devices” found within your router’s access panel.
I think your points about employees and others, and about wanderers, etc. highlight that decisions on these issues require some thought about, and understanding of, the scenarios that one is protecting against. #DigiBlogChat
— John W Lewis (@JohnWLewis) October 1, 2019
As John alludes, this is not an approach that will suit every case. It may not be as practical at home, since you may have family who won’t understand the depth of your security efforts, but I definitely would recommend these practices in a professional environment.
- Stay up to Date
WiFi router’s firmware requires updates from time to time, much like anything else. These updates will include security-related improvements.
You don’t have to log in every day, but at least once a month or every couple of months. Keep checking in to make sure that your WiFi firmware is up to date to prevent exploits or attacks through these and other internet-connected devices
- Limit Access When Away
Most routers come with a scheduling option to shut down the network for a certain time period. It isn’t convenient to change this often, but if you know a certain day or time period when no one will be using the network, you may be able to use this to your benefit.
Don’t let people eat up your bandwidth. Trust me, in this age where streaming videos can use most of your bandwidth, you don’t want to see spikes during off hours.
Desktop & Mobile Device Best Practices
- Software Purge
You should remove all unused programs/software from your computer. Just like with unused plugins, modules, and themes on your site – if you don’t use it, lose it. The same principle applies here.
Kahill Insights actually helped break this down during the course of the #DigiBlogChat session I participated in. All of our laptops and mobile phones come pre-installed with software we often don’t require.
A5.
Bloatware – programs you find pre installed in your PC that you don’t need.
Junkware – are basically useless, eg if you have more than one download manager, choose one and delete the rest
Adware – provide nothing other than adverts
Programs you no longer use#digiblogchat https://t.co/0VlJ0wLnS6— Kahill Insights (@Kahillinsights) October 1, 2019
Beyond security, many of these programs have the potential to consume a lot of system resources, and a purge can also result in a good performance boost just by removing them. I freed up 5 GB worth of disk space on my phone by removing unused software just last month!
- Establishing Screen Timeout
Imagine that I set my phone down to go pick up a food order at my local coffee shop. I leave my phone near the counter, but I might have sensitive information or sensitive emails displayed. A bystander can walk past and read something really critical or important. If you’re handling PII / PAN data, that’s a death sentence.
Setting a timeout/screensaver within a minute is fair for a timeout period. It may sound inconvenient, but if you have a fingerprint unlock, like I do for my mobile device and laptop, it shouldn’t be a bother.
As Larry Mount explains:
A8. An “open” device is prone to any form or “sweep and search” activity. Best not to provide the opportunity #digiblogchat
— Larry Mount (@LazBlazter) October 1, 2019
Don’t open the door for a malicious bystander to take advantage when you’re least expecting!
More to the point: I have two young kids, and I tend to leave my phone everywhere all the time. It’s just human nature — do your best to avoid the worst!
- Cover up Your Webcam
This is more applicable if you’re using tablets or laptops. There is malware that is known to record video and take pictures without you ever knowing. The LED light will not turn on. It just records and you would never be the wiser if your webcam was running.
- Software Updates
We talk about this all the time for good measure. The same best practice applied to a website will apply to desktops and mobile phones. Keep up with core updates and app updates as well. As of this writing, I just pushed 21 new updates on my phone today! You most likely have them too.
You never know what security-specific updates are included to further help or prevent data breaches. The more up-to-date your software is, the better positioned you will be.
Conclusion
These are some of the main takeaways from the webinar on Online Privacy and the Digiblogchat. Feel free to watch the webinar and browse through the Twitter conversation for a deeper understanding and discussion on these practices. We are going to release another article on leveraging browser settings and add-ons to help you strengthen your privacy posture going into 2020. Subscribe to our blog so you don’t miss a thing.
During this National Cybersecurity Awareness month, we will be talking a lot about cybersecurity best practices. Follow the hashtag #NCSAM and follow us on @sucurisecurity. Stay safe online!
Victor Santoyo
Daniel Cid
Tony Perez & Daniel Cid
Denis Sinegubko
Juliana Lewis
Antony Garand
Luke Leal
Alycia Mitchell
Ben Martin