How should people brought up on digital sharing protect their privacy? Is it more important to protect the device or the data? When a cashier asks for your email address, mobile phone number, and zip code, do you provide it without hesitation? People are passive about credit card theft and fraud because the card brands take on the responsibility of hunting down and correcting fraudulent activity. Many of the digital demographic share their personal info just as easily, even though this is personal information without any protections that should be guarded for security and privacy reasons.
The US Census Bureau projects that by 2020 more than 52% of the population will be less than 40-years-old. This demographic have high digital literacy, have never known a world without computers, and use their smartphones and tablets constantly. They get all of their information and most of their socialization on the Web, and have few reservations about sharing their recommendations, opinions, locations, habits, and other personal information in real-time.
All of this activity is taking place in various clouds, making the data more valuable and more vulnerable than the device. To confirm this, think about what you do when you upgrade or replace your phone. You just sign in to the appropriate service and all of your settings, apps, and data show up on the new device. So the best place to spend your security $1 is on software and cloud services to protect your data. Encryption is the first step, and is now readily available for almost every device and operating system. Just make sure it is turned on, and that you use an encryption key or passcode of a reasonable length and complexity. It does not have to be something you cannot remember, like U!#VQz7tr6vEiuQk, but should not be 1234, 0000, or any of the other commonly used ones.
Next up is a good backup and recovery plan, to protect not just against physical loss of the device, but against the growing threat of ransomware. You need to test the restore function regularly, to make sure that it is working correctly and includes the files and directories that you need. If you have a continuous and tested backup of your data that is not stored in a vulnerable location like your PC, then you can ignore the ransom demand and just reset and restore your device.
Then, invest in malware protection for your phone and tablet, like you do for your PC. There are a growing number of attacks directed at devices other than PCs, and you can benefit from the extra protection of software that watches for phishing attacks and credential theft, as well as viruses and other malicious code. Malicious code hidden in apps is an increasing threat vector, so install only the apps you need, from trusted sources. Resist the temptation to jailbreak the device, as this often removes key protections and opens up new vulnerabilities.
Finally, sign up for a service that allows you to track your device and lock or delete it if it is lost or stolen, leveraging the cloud as your search and rescue team. Most of these services are available for little or no cost, and you do not need to be a security expert to set them up.
Attackers will continue to uncover new vulnerabilities and methods to disrupt our lives. Vulnerabilities are being fixed all the time, and you should allow automatic updates for your apps and operating system from the vendor’s trusted software store. There are many straightforward security tools that are freely available or relatively inexpensive that will keep you as protected as possible. Take advantage of them and don’t be a passive bystander with your device or data.
This blog post was written by Jonathan Anderson.