Data Protection: How to Protect Your Online Privacy

We all like our privacy. However, as the internet becomes more and more integral to daily life, it’s become clear that not all entities on the internet value it as much as we do. Our data is big business these days, and with advertisers seeming to know our habits better than we do, it can feel like everyone online is watching us.

Fortunately, it doesn’t have to be this way. It’s possible to take back your privacy online and safeguard your data without totally going off the grid. In this article, we’ll explore what data privacy means, why it matters, and how to protect it.

Data privacy is the concept of keeping your personal information, well, personal. This could apply to any information stored on a computer or other device. It can also cover data stored on the cloud or in online accounts such as social media sites and apps or email.

Personal information can encompass a wide variety of data:

• Name
• Location
• Phone number
• Email address
• Passwords
• Browsing history
• Banking information or credit card numbers

These days, keeping your personal data private is more than a matter of just watching what you post. The internet is packed with cookies and trackers that log your every online move, primarily to advertise to you better. Additionally, cybercriminals and malware are a real concern, and data breaches happen seemingly every week, leaking private information onto the web for anyone to see.

Data privacy can also refer to the branch of information security that focuses on the task of keeping your data private. With this definition, tools like ad blockers, two-factor authentication, and password managers would fall under the data privacy umbrella.

Hackers and criminals have a number of ways to use your personal data maliciously if it falls into their hands:

• Criminals can use stolen credit card numbers or bank account information to make fraudulent purchases in your name.
• Unsavory people can use personal information such as your name or location to harass or stalk you, either online or in the “real world.”
• Companies can sell or otherwise share information on your browsing and purchasing habits to advertisers or other third parties.
• Governments in certain countries or regions of the world may restrict your ability to use the internet as you like or express yourself freely online, and they can use personal information to track and monitor your activity.

Ultimately, protecting your personal information online is about protecting your right to privacy. For some people, this will be a big deal, while others may not worry much about it at all. However, everyone should be aware of the situation and its potential ramifications.

Now that we’ve covered what data privacy is, let’s look at some practical ways you can protect yours, starting with securing your connection.

Be careful on public Wi-Fi

Free public Wi-Fi networks are everywhere, and they’re definitely convenient—particularly if you’re on a limited data plan. Unfortunately, they’re also extremely insecure. Anyone who knows the password can log onto the network and, theoretically, see everything you’re doing online. If there’s no password, that’s even worse!

If you have to use public Wi-Fi, we recommend not doing anything involving sensitive data while connected. That means avoiding banking, social media, and logging into important accounts. Alternatively, you can use a VPN to help secure the connection—see below for more on that.

Choose a router with WPA2 security

Your home Wi-Fi network should have robust security, preferably WPA2. WPA2 stands for Wi-Fi Protected Access 2, and it’s the second generation of the powerful WPA security protocol. It’s generally the strongest encryption you can have on your network, and it helps keep unauthorized users from accessing your personal Wi-Fi and seeing what you’re doing. 

Most modern routers support WPA2 and use it by default. If you’re not sure, your best bet is to consult the manual for your router model. Unfortunately, it’s hard to get more specific than that since there are so many different models on the market.

Ensure you only use HTTPS sites

HTTPS stands for Hypertext Transfer Protocol Secure. Essentially, this means the website secures the connections and keeps them encrypted. Sites that don’t use HTTPS (those that use plain HTTP) are more vulnerable to prying eyes.

Most modern web browsers will automatically mark non-HTTPS sites as unsafe, and some won’t let you browse to them at all without jumping through hoops. However, it’s always a good idea to check for the “Secure” symbol in your browser’s address bar before entering sensitive info like credit card numbers. This symbol usually appears as a padlock icon.

Use a VPN

Using a VPN is one of the simplest—and most effective—ways to keep your browsing secure and private. A VPN, or Virtual Private Network, is a network that routes your signal through remote servers owned by the VPN provider. This process helps obscure your location, IP address, and other personally identifiable information.

These “secure tunnels,” as they’re called, also usually come with encryption, and most VPN providers have a privacy policy that includes not keeping any logs. So anyone snooping after your activity won’t be able to tell what you’ve done.

There are a few free VPNs on the market, but we generally don’t recommend using them. VPNs are expensive to operate, so if you’re not paying with money, there’s a good chance the VPN is selling your data—this obviously defeats the whole purpose. The only free VPNs we recommend are those that come as limited trials of paid options.

Instead, we recommend going with a paid VPN like ExpressVPN, NordVPN, or Proton VPN. These options have prices as low as $3.00 per month and all the features you’ll need.

Finally, it’s worth noting that VPNs tend to reduce internet performance since your signal is being routed through distant servers. Some are better than others at this, but they all come with some slowdown. For this reason, we don’t recommend using a VPN with satellite internet—combined with satellite’s already high latency, you’ll be in for a bad time.

Perform regular scans for malware, viruses, and malicious apps

One of the most important things you can do to ensure your data stays secure is run regular malware scans on your devices. This applies primarily to Windows computers, although—contrary to popular belief—Macs aren’t immune to viruses. Android phones can also be vulnerable.

The only device we don’t recommend antivirus for is the iPhone. Due to the locked-down nature of the system, there’s not much an antivirus app can do on an iPhone, even if the device was somehow infected with malware. The bigger problem on iPhone and iPad is malicious apps masquerading as trustworthy ones, although Apple does a pretty good job of keeping these off the App Store.

There are a lot of antivirus options on the market. We like Malwarebytes, Norton, and Bitdefender, but they all do more or less the same thing. Note that these apps can be pricey, but we generally feel they’re worthwhile investments. Also they can sometimes slow down devices. If that happens to you, you can disable the real-time monitoring feature and run a scan on an as-needed basis (say, once a week or so).

Only install apps from trusted sources

Speaking of malware, we highly recommend only downloading software from a trusted source. On smartphones and tablets, that means using the device’s official app store. On Mac, the Mac App Store is also a great resource.

If you have to get software outside of the app store, we recommend only downloading from the software’s official website. Installing an app that looks legit, but isn’t, is one of the most common vectors for malware, data loss, and identity theft. Be careful!

Keep your devices (and apps) updated

You know those pesky software updates that interrupt what you’re doing and cause your devices to reboot? Yes, they may be irritating, but they’re also critical to your security and information privacy. That’s because these updates usually contain a slew of security fixes to patch up vulnerabilities in the system. The same is true for your apps and software.

To make things easier, we recommend leaving automatic updates on. You can defer the updates if you’re in the middle of something important or if you’re not sure a key piece of software will work with it, but don’t wait too long. 

Use social media wisely

Social media remains a fantastic tool for sharing with friends and keeping in touch with loved ones. That said, it’s important to remember the risks involved with putting our lives out on the internet and take steps to mitigate them.

For example, you should spend time personalizing privacy settings to ensure you know exactly who can see your content. You may also want to turn off location tracking for posts so viewers can’t see where you are. Finally, it’s a smart idea to only click links from trusted sources.

Be smart about passwords

One of the most basic, and yet most important, things you can do for online privacy is ensure your passwords are up to snuff. These are your first line of defense against unwanted access to your accounts, so they should be strong and unique.

A strong password is often defined as one that’s at least 10–12 characters long, with a combination of uppercase and lowercase letters, numbers, and symbols. You should never use a word that can be tied to you personally, such as a pet or child’s name.

The purpose of making your passwords long and complex like this is to prevent guessing and brute-force attacks. The longer a password is, the more combinations of characters a hacker or program needs to guess, and this increases exponentially.

An 11-character password with only lowercase letters would take just one day to crack. Add a letter to make it 12 and it jumps to 3 weeks. Mix in some uppercase letters and you get 300 years! It gets better, though.

A 12-character password with at least one uppercase letter, number, and symbol would take 34,000 years to crack by brute force. Make it 13 characters and this jumps to an astonishing 2 million years. You get the picture.

Finally, you should avoid reusing passwords across multiple sites whenever possible. This practice helps minimize the damage if someone does get ahold of your passwords. Using a password manager like LastPass can help keep all these complex passwords under control without you having to remember them all, but you can also just write them down on a piece of paper (not a digital document). Someone would have to actually break into your home and find the document to steal them, which is relatively unlikely—but keep it somewhere secure as well. We don’t recommend the sticky-note-on-your-monitor approach.

Enable two-factor authentication

Two-factor authentication (2FA) is a system that requires you to authenticate yourself via two different means in order to log into an account. The first “factor” is your password. The second is usually a code that’s sent via text message or email, generated randomly in an app like Authy, or created on a physical authenticator device.

Two-factor authentication is an extremely powerful way to protect your accounts. Since the second factor requires access to a personal phone, email account, or physical device, you’d have to have been both hacked and robbed in order for your account to be compromised.

Many accounts and services support two-factor authentication, including most major social media platforms and email providers. You can usually find the option in your account settings, in the same place where you manage your password. We recommend enabling it everywhere it’s available. While it might be slightly inconvenient at times, the security benefits are just too good to not use.

Yes, there are some laws that protect data privacy. The most famous is probably the General Data Protection Regulation (GDPR) in the European Union, which regulates how personal data can be collected and stored. It also provides significant rights to individuals in regard to control over personal data.

In the US, the California Consumer Privacy Act (CCPA) requires that consumers are made aware of what personal data is being collected and affords them some control over it. This includes the right to request that organizations not sell personal data.

The Fair Information Practices, or Fair Information Practice Principles, were a set of principles laid out in 1980 by the Organization for Economic Cooperation and Development. They’re not a part of any specific law or regulation, but they have been used to guide privacy regulations such as GDPR and CCPA, as well as inform the best practices of businesses. You can read the full list of principles on the Federal Privacy Council website.