How to Prevent your Personal Information from Leaking and Spreading Online
This is the third part of our five-part series on Preventing Identity Theft & Doxing.
One of the best ways to keep your personal information private and prevent it from ending up online is to stop sharing it in the first place. That may sounds obvious, but most people are failing to take even the most basic preventative steps.
Below we have outlined the practical steps you should take to keep your personal information from becoming public and helping it fall into the hands of identity thieves. Implement as many of these concrete measures as you can to protect yourself from identity theft and doxing attacks.
- Overall, be stingy about giving out any personal information. If pressed to do so, provide disinformation (see Step #4 in this series).
- Follow good practices online such as not blindly opening files, clicking on links, or downloading unknown apps, especially when from strangers or unknown sources. These techniques are commonly used for “phishing”, a surprisingly successful technique used by identity thieves and malware attacks.
- When using a public Wi-Fi network (also known as “hotspots”), do not log into any password-protected accounts or do anything sensitive. To make sure you are not accidentally logged into an account (as can happen when doing something as simple as reading Google News) use your web browser in incognito mode.
Top Tip – If you need to rely on Wi-Fi “hotpots”– for example if you travel a lot – sign up for a VPN (virtual private network). These services keep your Internet traffic encrypted and protected even on public Wi-Fi hotspots. There are free VPNs (good only for hotspot use), but a full-fledged premium VPN with 10+ privacy & security uses is worth every penny of its low cost.
In fact, using a reliable VPN all the time, even at home, will obscure your web browsing activities and make it hard for third parties to track and profile you.
- Use trustworthy web browser plugins that block or cut down on online tracking, such as EFF’s Privacy Badger.
- When your webcam is not in use, cover it with a Post-it note or use special webcam security stickers that are specially designed for this purpose and won’t damage your lens.
Top Tip – Hackers can activate webcams without you knowing (without the light coming on). Websites exist that share (or even sell) details of hacked webcams. If you are like most people, you hardly ever use your webcam, so cover it when not in use.
- Consider subscribing to an identity theft monitoring service such as IdentityForce to be alerted as early as possible to possible identity theft breaches or suspicious activity so you can react before any serious damage is done.
- Because your web browser is often the weakest link between you and hackers or malware attacks, don’t let your web browser store your passwords. It is much safer to use an app specializing in managing passwords. There are plenty of reliable, free and time-tested apps including Dashlane and Lastpass which can create, save and manage strong passwords for each and every one of your accounts. These apps can even easily and automatically change all of your passwords in the event of data breaches.
Top Tip – Remember, all it takes is a single poor password for hackers to breach one of your accounts which helps them breach many more. Up to 80% (yes, eighty percent) of security incidents are due to weak passwords.
- Enable the lock and password features on all of your computers, laptops, smartphones, tablets and other devices. An astonishing 40% of people do not use a password or PIN to lock their smartphones!
Top Tip – If you don’t lock your device and it is ever stolen, the thief can access any accounts you are still logged into and change your passwords. The hacker can successfully hijack your accounts and lock you out of them.
- Use difficult security questions to protect your accounts. Do not use questions that can be answered simply by Googling you or checking your social media profiles, such as your pet’s name.
- Carefully check your privacy settings in Facebook.
- see our detailed guide to Facebook’s privacy settings but in a nutshell: set privacy to “friends only”, remove your birthdate and other personally-identifiable information in your profile or insert false information (see Step #4 in this series), regularly cull your list of friends, minimize your use of single sign-ons (SSOs) and unlink & disassociate accounts and apps.
- Change your social media profile photos to something non-personally identifiable such as a cartoon character. Facial recognition is growing and will soon be a ubiquitous form of tracking and profiling us, online and offline.
- Scrutinize your current list of friends and accept new friend requests sparingly. Scraper bots are always looking for unaware or lazy people who will blindly accept any friend requests that they receive.
- Remove old, unused Facebook apps and connected accounts.
- Scrub your photos of GPS and other metadata before posting them online.
- Turn off location sharing and check-in settings, especially on any smartphone or tablet you tend to always carry around with you.
- Enable double-factor authentication (DFA) on accounts that support it. In most cases, this means receiving a confirmation code by SMS text message that you have to enter as part of the account logon process. Sure, this extra step is a pain, but this is hardly onerous and can save you from a whole lot of misery. DFA is highly recommended for your online banking and any other accounts which have your credit card or banking card details on file.
- Cancel your inactive online accounts (use resources such as as AccountKiller.com and DeleteMe).
- Never sign in to an online account on someone else’s computer or device. That includes at hotels, Internet cafes, airport lounges, public libraries and restaurants, but also (sorry to say) those of friends or family.
- Even if the person is not evil, hackers could have taken advantage of lax security settings, installed a keylogger or otherwise infiltrated the computer or device
- Don’t use Google for everything. Diversify your online accounts and services so that no single provider – whether Google, Apple, Microsoft, Facebook or Amazon – has access to all of your personal information or too much of it. If you consolidate all of your online activities with a single provider and they are hacked, the hackers could have access to your e-mail, photos, documents, cloud storage, voice phone number, contacts and even your credit card and payment information.
- Use different email addresses for different major online accounts. You can always set up email forwarding to your primary email account to reduce inconvenience.
- Minimize linked accounts and unlink any unnecessary account associations.
- Don’t be tempted to log into accounts using single sign-ons (SSOs). An example of SSO is when you use Facebook to log in into other accounts. If you use SSO, the two associated sites will share information about you. To prevent this sneaky sharing of your information, use a software app to manage your account passwords
- Enable ‘block images’ or similar features in your email settings to curtail email tracking. This disables bugs, beacons and other tracking elements hidden in emails that monitor when you open or how you interact with your emails (you can easily “white list” trusted email addresses over time).
- Use temporary email addresses or set up an alternative email address to keep your primary personal email account private.
- Make good use of encryption especially for sensitive email attachments or anything you save in the cloud. You can also set up and use a separate secure email account from your day-to-day email account.
- Never email scans of your official identity documents such as passports, driving licenses or credit cards. Unencrypted emails are insecure and easily intercepted. If a hacker gets their hands on these types of documents, you could be in store for real problems. Instead, phone with the necessary details or fax it (ironically, fax is more secure than email).
Offline & Other Tips
- Apply sparingly for loyalty cards and discount cards as these companies usually share your personal data far and wide. And if/when you do apply to such programs, use disinformation (see Step #4 in this series).
- Before disposing, selling or donating your old computers and devices, first make sure to completely “wipe” all of the data from them – there are plenty of free wiping software apps available such as CCleaner.
- Stop entering surveys, contents and draws, not only online but offline too, such as those held at shopping malls, fairs and events.
- Don’t overshare information in job applications, whether online or in hard copy. For example, a potential employer has no good reason to ask for your social insurance or driving license number. If they do insist, use false information (again, see Step #4 in this series).
- Be aware of “shoulder surfing” and make sure people are not looking over your shoulder when you are entering passwords on your computer or other devices or when using ATMs.
- Use resources such as Stop Data Mining Me to “opt-out” of databases and stop data brokers from collecting information about you from your online and offline activities.
- Keep your personal phone number private by using an online virtual phone number such as those offered by Google Voice and Skype Number. To avoid any inconvenience, calls to this number can be forwarded directly to your “real” personal phone number or sent to voicemail (these messages can then be forwarded to your email as digital attachments).
- If you are at serious risk for stalking or you fear for your personal safety, keep your residential address private by using an online mail forwarding service such as EarthClassMail or Traveling Mailbox, or a good ol’ postal PO box.
What to Do for Data Breaches
- The moment you learn about a website or business being hacked which has your information on file (especially payment details), immediately change all passwords associated with that account.
Top Tip – If you use a password management app, you may be able to change all your passwords in a single click or tap.
- Change your passwords even if the hacked site or company says that you’re safe, because they may wait too long to admit the extent of the hack, they may lie or be in denial about it, or they may simply take ages to fully understand how badly they were hacked.
- Massive attacks on large corporate customer databases are becoming commonplace. And these are just the breaches that are reported and we hear about. It is almost certain that there are many more breaches we never even hear about.
Your Computer or Device is Stolen
- You should also change your passwords in the unfortunate event that your computer or device is stolen (or lost). Free apps like Dashlane can help. Otherwise, manually change the passwords for all of the accounts linked to the computer or device that was stolen – in many cases, this may mean all of your accounts.
Top Tip – Anti-theft apps such as Prey won’t prevent your device from being stolen, but can help you recover it or help catch the thief.
Monitor your Credit Cards and Financial Accounts
- It is always a good idea to keep an eye on your credit card and bank statements, especially after a major data breach affecting your accounts or after the theft of a computer or device. Don’t wait to receive paper statements in the post, periodically check your online statements in the aftermath of a breach or theft.
- You may also wish to contact your credit card companies and banks and tell them about what happened as they may be able to place your accounts under a special kind of alert status.
- Consider putting in place a credit freeze which is usually straightforward, often free, and can be lifted relatively easily when you apply for new credit.
Stop Sharing Personal Information Wrap-Up
So how many of these prevention measures were you taking to cut down on sharing your personal information?
If you think we are missing any good identity theft prevention tips, please let us know.
- on to Step #4: Use Disinformation to Protect your Personal Information
- or back to Step #2: Search Yourself Online to see how much of your Personal Information is Already Public