How to Secure Your Digital Life
As digital records, accounts and passwords become more integrated into daily life, they come with a heightened risk of data breaches.
Though fully protecting one’s personal information and digital accounts may seem unmanageable, there are steps consumers can take to protect their digital information, said professor Maritza Johnson, who created the course “Usable Privacy and Security” for the UC Berkeley School of Information’s Master of Information and Cybersecurity (MICS).
“With everything going on in the world with COVID, it feels hard to ask people to prioritize security as yet another thing that they should be taking care of,” Johnson said. “But of course, it’s something that everybody should be taking care of because if you don’t, then who will?”
What Has Changed Recently as Far as Data Security Is Concerned?
As the volume of digital accounts being created has increased, so too have the number of data breaches. Widespread apathy around digital security helps create conditions that can lead to online privacy violations.
According to NordPass, 70 percent of people have more than 10 password-protected accounts, and 20 percent have more than 50. At least 3,932 data breaches in 2020 exposed more than 37 billion records—a 141-percent increase in the number of records compromised from 2019, as reported by Risk Based Security.
More accounts create more targets for hackers, Johnson said.
“There are more systems. There are more websites. There are more devices, more people using them. There’s more money involved. Hackers are more motivated to actually go and exploit vulnerabilities,” Johnson said.
This can leave people questioning what they can realistically do to protect themselves and whether they should stop using certain technology altogether.
However, those concerns do not always lead people to take action to protect their online information. A 2019 Pew Research Center report showed that the majority of Americans felt they had little control over information collected about them by corporate and government entities.
of U.S. adults said they have very little control over the data companies collect.
of U.S. adults said the risks of companies collecting data outweigh the benefits.
of U.S. adults had little or no understanding of what companies do with the data they collect.
of U.S. adults were not confident companies would publicly admit mistakes and take responsibility when their data is misused.
What Has Been Done to Secure Private Data?
Several recent pieces of legislation affect the security of private data.
California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA) was passed in 2018. Under this law, California residents have the right to:
- Know about information a business collects about them, and how it is used and shared.
- Delete information collected about them.
- Opt out of the sale of their information.
- Non-discrimination for exercising these rights.
The law does not require companies to disclose data breaches.
General Data Protection Regulation (GDPR)
The UK General Data Protection Regulation (GDPR) was also passed in 2018. Under this law’s seven key principles, the GDPR requires that personal data collected is:
- Processed lawfully, fairly and transparently.
- Collected and processed for specific legitimate purposes.
- Limited to necessary data points.
- Accurate and updated.
- Stored for a limited amount of time.
- Kept secure.
- Protected by the controller of the data.
The GDPR also outlines stiff fines for unreported breaches and other violations.
Digital Security, Privacy and Anonymity
It can also be helpful for consumers to understand the key distinctions between privacy, security and anonymity.
A system is secure if the people who need to use it are able to use it, Johnson said. Two things must be true for a system to be secure: “One, that somebody — an attacker — can’t manipulate the system to do something that it shouldn’t do. And then, on the other side, you want it to be true that the people who are supposed to use the system are able to do it in the way that they need to, that they can achieve their goal.”
When engineers are designing security and privacy technologies, they must focus on the end users who they plan to protect to ensure “usable security,” Johnson said.
“It’s important to ask yourself questions of, ‘Are the people who are meant to use the tools actually able to successfully achieve their goals using what you’ve built?’” Johnson said.
Many people think of data privacy as secrecy or seclusion, Johnson said. But she wants more people to think about it more broadly.
“Informational privacy is awareness of data and what’s being collected and how it is used,” Johnson said. “What I want people to be thinking about is: What’s the data at hand? How is it being collected? Who has access to it? How is it being stored? And is it deleted?”
“Anonymity is the ability to use something in such a way that it cannot be tied back to you, your personal identity,” Johnson said. “At times we want to design things in such a way that we could give people an assurance of anonymity because it can feel like if you have that, then you may have lower concerns about security and privacy.”
When people do something anonymously, they should be unidentifiable. However, guaranteeing full digital anonymity is difficult, Johnson said.
Common Tools to Keep Your Digital Life Secure
The following tools can help consumers better secure their digital information.
Two-Factor Authentication (2FA)
Two-factor authentication (2FA) asks users to provide a second factor (2F) in addition to their password, usually in the form of a physical token or a digital code.
- Print out your backup codes.
- Use a 2FA manager, which is more secure because it requires physical access to your device. Phone numbers can be spoofed.
- Set up a recovery option.
- Don’t use 2FA without understanding what happens when you lose your keys.
Popular 2FA Apps
Virtual Private Networks (VPNs)
A virtual private network (VPN) creates a private encrypted connection between a computer and a server somewhere else. That server can be used to browse and work on the internet, masking the IP and location data for the user. Johnson recommends using a VPN in public places or while using public WiFi.
- Don’t give out personal information while using a VPN, which protects your connection but not your data.
- Be selective about your use. VPNs can spoof your location, inhibiting services that are location-dependent.
- Know where your VPN server is located. Your browsing activity might be subject to that country’s laws and regulations.
Popular VPN Apps
Password managers store and encrypt your passwords for all your accounts in one place, allowing easy access. Johnson said it’s unreasonable to expect people to memorize unique passwords for hundreds of different accounts.
“When passwords first came to be, it was typical that you might only have one account, so it was reasonable to ask you to memorize your password and to manage it,” she said. “Fast-forward to today — now everybody has, I think on average, like 200 passwords.”
- Create complex, unique passwords to store. Google recommends passwords that are longer, memorable, and unique to each account. Avoid personal information and common words.
- Know whether your passwords are stored on your device or in the cloud. Storing on your device is more secure, but you could lose your device and all your passwords with it.
- Know how to recover your passwords if you cannot log into your password manager.
- Don’t share your master password.
- Treat security questions as passwords, or lie when answering them, as security questions are becoming outdated.
Popular Password Manager Apps
These articles and guides offer additional information on protecting your digital identity.
- Consumer Reports: Guide to Digital Security & Privacy
- Electronic Frontier Foundation: Surveillance Self-Defense: Tips, Tools and How-Tos for Safer Online Communications
- Forbes: 10 Tips for Keeping Your Personal Info Safe Online
- New York Times: How to Protect Your Digital Privacy
- PCMag: 12 Simple Things You Can Do to Be More Secure Online
- PCMag: How to Find Out if Your Password Has Been Stolen
Citation for this content: cybersecurity@berkeley, the online Master of Information and Cybersecurity from UC Berkeley