Mobile application sources and permissionsNo matter which mobile operating system you have adopted, downloading apps from verified, trusted sources such as Google Play and Apple's App store is always the best option to maintain your security and privacy.
However, the permissions you give an installed app are also important.
Apps can request a variety of permissions including sensor data, call logs, camera and microphone access, location, storage, and contact lists. While many legitimate apps do require access to certain features, you should always make sure you are aware of what apps can access what data to prevent unnecessary security risks or information leaks.
CCleaner, Pokemon Go, Meitu, and Uber have all come under fire for privacy-related issues in the past and the problem of data collection and extended business permissions will likely carry on in the future.
To be on the safe side, any time you no longer need an application, you should also simply uninstall it.
Mobile malwareMobile malware is far from as popular as malicious software that targets desktop machines but with these variants infecting Android, iOS, and sometimes making their way into official app repositories, they are worth a mention.
The types of malware that can hit your mobile device are varied, from Trojans and backdoors to malicious code that focuses on the theft of valuable information, such as online banking credentials.
The most common way that such malware can infiltrate your smartphone is through the installation of malicious apps, which may actually be malware, spyware, or adware in disguise.
It's recommended that you download and install an antivirus software solution for your mobile device, however, you will probably be safe enough as long as you do not jailbreak your phone and you only download app .APKs from trusted sources, such as Google Play or the Apple App Store. However, malicious apps do sneak into these official stores as well.
Secure emailMany email providers now encrypt email in transit using TLS, but there are few email services, if any, which you can truly consider 100 percent "secure" due to government laws, law enforcement powers, and the difficulty of truly implementing strong encryption in email inboxes beyond using PGP to sign messages.
However,
ProtonMail is worth considering. The open-source email system is based in Switzerland and therefore protected under the country's strict data protection laws. Emails are end-to-end encrypted which prevents ProtonMail -- or law enforcement -- from reading them. In addition, no personal information is required to open an account.
Reduce your online footprintNow that you've begun to take control of your devices, it is time to consider what data is floating around the internet that belongs to you -- and what you can do to prevent future leaks.
One of the first places to travel to is Troy Hunt's
HaveIBeenPwned service. The free search engine (of sorts) can be used to check your email accounts and linked online services for the exposure of credentials caused by data leaks. If you find you have been 'pwned,' stop using all the password combinations involved immediately -- not only in the case of the compromised account but across the board.
GOOGLE PRIVACY CHECKSIf you are a user of Google services, the
Privacy checkup function can be used to stop Google from saving your search results, YouTube histories, device information, and for you to decide whether you are happy for the tech giant to tailor advertising based on your data.
Make sure you also take a look at your main
Google Account to review security settings and privacy measures. The
Security checkup page also shows which third-party apps have access to your account and you can revoke access as necessary.
Social networksSocial networks can be valuable communication tools but they can also be major sources of data leaks. It is not just friends and family that might be stalking you across social media -- prospective employers or shady characters may be doing so, too, and so it is important for you to lock down your accounts to make sure only the information you want to be public, is public.
FACEBOOKTo begin locking down your account, go to the top-right corner, click the downward arrow, and choose "Settings," which is where the majority of your options for privacy and account safety are based.
Security and loginUnder this tab, you can choose to enable 2FA protection, view the devices in which your account is actively logged on, and choose whether to receive alerts relating to unrecognized attempts to log in.
Your Facebook informationReview activities: Under Activity Log, you can review all your activity across the social network, including posts published, messages posted to other timelines, likes, and event management. You can use the "edit" button to allow something on a timeline, hide it, or delete it outright -- a handy function for wiping clean your older timeline.
Download data: Under this tab, you can choose to download all the data Facebook holds on you.
Privacy Settings and Tools: Here, you can choose who can see your future posts. For the sake of privacy, it is best to set this to friends only, unless you are happy for such content to automatically be made public.
How people can find and contact you: You can tighten up your account by also limiting who can send you friend requests, who can see your friend lists, and whether people are able to use your provided email address or phone number to find your profile. A particular feature you may want to turn off is the ability for search engines outside of the network to link to your Facebook profile.
Location: Turn off this to prevent Facebook from gathering a log of your location history.
Face recognition: Another feature you should consider turning off -- it's unnecessary.
Apps and websites: Under this tab, you can see a list of third-party services that have been logged into using your Facebook credentials and whether they are active.
Ad Preferences, advertisers: A settings option that has been heavily expanded upon since the Cambridge Analytica scandal, in this section, you can review what Facebook believes are your interests, a list of advertisers that "are running ads using a contact list that they or their partner uploaded which includes information about you," and you can manage personalized ad settings -- at least, to a point.
Your interests: If you select this tab you will see topics, such as property, finance, food, and education, which are collated based on ads or promotional material you have previously clicked on. In order to remove a topic, hover over the option and select the "X" in the top right. The same principle applies to the "Advertisers" tab.
Your information: There are two tabs here that are both relevant to your online privacy and security. The first tab, "About you," allows you to choose whether Facebook can use your relationship status, employer, job title, or education in targeted advertising. The second tab, "Your categories," includes automatically generated lists of topics that the social network believes are relevant for ad placement -- all of which can be hovered over and removed.
Ad Settings: To further thwart targeted ads, consider saying no to all the options below.
Another section to mention is under the "
About Me" tab in Facebook's main account menu. Here, you can choose whether to make information public (whether globally or to your friends), or only available to you. This information includes your date of birth, relationship status, contact information, and where you've lived.
TWITTERUnder the "Settings" tab there is a variety of options and changes you should implement to improve the security of your account.
Login verification: After you log in, Twitter will ask you for additional information to confirm your identity to mitigate the risk of your account from being compromised.
Password reset verification: For added security, this requires you to confirm your email or phone number while resetting your password.
Privacy and safety: You can deselect location tracking and stop your locations being posted at the same time you send out a tweet, and there is also an option for removing all past location data from published tweets in your history.
In this section, you will also come across "
Personalization and data," which allows you to control -- to an extent -- how the social network personalizes content, collects data, and what information is shared with third-parties. You have the option to choose not to view personalized adverts, but the main setting you need to be aware of is for sharing.
Described by Twitter as an option to permit the company to "share non-public data, such as content you've seen and your interests, with certain business partners for uses like ads and brand marketing," you should consider saying no.
Apps and devices: Under this tab, you can see what third-party services, if any, are connected to your account, as well as what devices your Twitter account is actively logged into.
There is also an interesting section under "
Your Twitter data." Once you have entered your password, you can see Twitter's compiled collection of interests and advertising partners based on your activities.
It is also possible to request your full data archive under the main Settings tab.
INSTAGRAMTo give your Instagram account a
privacy boost, there are a few changes you can implement.
By default, anyone can view the photos and videos on your Instagram account. By going to Settings and then Account Privacy, you can change this to ensure only those you approve of can see your content.
If your account is public, then anyone can view and comment on your images and videos. However, you can
block people you would rather not interact with.
The Internet of ThingsThe Internet of Things (IoT) started off with mobile devices, including our smartphones, tablets, and smart watches. Now, IoT encompasses everything from smart lights to voice-controlled smart speakers and home hubs, such as Google Home and the Amazon Echo.
Here are some tips to improve the security of your connected home and prevent your products from being compromised, your information stolen and your IoT products from being added to botnets:
• Keep IoT devices password protected. Default credentials -- unfortunately often still in play when it
comes to IoT vendors -- are an easy way for hackers to compromise a device. The first and easiest
way to protect your devices is to change these credentials ASAP.
• Making sure your IoT device firmware, as well as your router software, is to up-to-date is also a key
factor.
• Consider running all your IoT devices on a separate home network. Therefore, in the case of
compromise, the damage can be limited.
• If your IoT device does not require an internet connection to run, then disable it. (Unfortunately, this
is rare nowadays)
• If you no longer need an IoT device or have upgraded, perform a factory reset and remove older
devices from your network.
• Always check the default settings on new products. It may be that default options -- such as the
implied consent for usage data and metrics to be sent to the vendor -- will benefit the vendor, but
not your privacy.
JUST DO ITThe threats to our privacy and security are ever-evolving and within a few short years, things can change for the better -- or for the worse. It is a constant game of push-and-pull between governments and technology giants when the conversation turns to encryption; cyberattackers are evolving and inventing new ways to exploit us daily, and some countries would rather suppress the idea of individual privacy, rather than protect it.
Thankfully, the threat to our privacy has now been acknowledged by technology companies and many organizations, both for and non-profit, have taken it upon themselves to develop tools for our use to improve our personal security -- and it is now up to us to do so.
source
