How to secure your digital identity
We are living in a digital connected world, where giving our personal data to companies is inevitable. The sad truth is that companies are getting breached on a daily basis, and it’s just a matter of time for the ones who didn’t. You’ve been breached? <hl>Keep calm and keep reading, here is what you should know.<hl>
1. When your data is breached, it’s already too late
Let's be honest. There's nothing you can really do to get your personal data back once it has been breached. The truth is, once your info is out there, well... it’s out there! We understand that you don’t think about these things, and it’s just too much to deal with. But the average time it takes for a company to identify a breach is 197 days, and a lot can happen with your data during this time.
The one thing you can do is to change your password, enable two-factor authentication, and notify your financial. This will prevent anyone to further the damage. Unfortunately, this is not an end-all solution.
But it does not mean you cannot prevent it from happening in the future. And it does not have to be tedious. The best-kept secret to reducing the chances of it from happening again is...
2. Keep your data only where you need it
Different types of information can affect your life differently. Here are a few recent data leaks examples which consequences we don’t often think about:
- in 2014, the hotel chain Marriott was breached affecting 500 million accounts. The most sensitive info here were not the credit card numbers. It was the future reservation dates and personal addresses. With this time-sensitive and location-based info, the burglars knew when the person was not home and took advantage to rob the house of the user.
- In 2017 when MyHeritage (92 million customers email exposed) – the world’s largest family history resource – got hacked. Because the “forgot your password” feature of most sites always ask you the same security questions (like the year your father was born and such) which answers can be found in your family tree. This allowed the hacker to guess and reset the account password without even having to hack it, accessing even more sensitive information in the user’s mailbox.
- Also in 2017, Equifax, one of the leading US financial institutions, was breached. The data of 143 million users was leaked, including names, addresses, credit card numbers, and most of all, social security numbers. This, in turn, can allow the thief to steal government benefits, tax returns, and apply for loans, having potential drastic consequences on one's life in the long term.
As you can see, it is very hard to predict how the data from a breach will be used. But one thing is sure: it is not a matter of “if”, it is a matter of “when” it will happen to you. Therefore, the one important thing you can do is reducing the data trail you left behind, to be the least possibly exposed. To this, you need to...
3. Simply change your digital habits and monitor your digital footprint
It is a bit like wanting to be a more conscious and healthier eater – digitally that is. At first, it might feel tiresome, but once you make it a routine, you won’t really have to think about it. Ever heard of digital minimalism? It means only leaving your data where if you really need it. After you’ve booked that flight, or purchased your concert ticket, you don’t need to leave your data with those service providers. Every time you leave your data with a new service provider, your digital footprint grows and becomes more exposed to threats (read this for the full definition of the term digital footprint).
Most people have a data trail of 400 companies, of which 80% is a one time use! Not only that, but every month the average person gives his personal data to 8 new companies. Can you imagine the amount of data you have left out there over the years? While this can be scary, be sure of one thing...
Know you can regain control. Fortunately, with new privacy regulations like GDPR and soon CCPA, you can start decreasing your online exposure. By leveraging your newly acquired rights, you can become the owner of your data.