5 Tips to Protect Your Personal Online Data

What Is Digital Security & Why Does It Matter?

According to Team CommUnity, “digital security is the set of practices, tools, and habits used to protect people, devices, communications, and information from digital threats such as surveillance, hacking, censorship, and data misuse.”

When was the last time a corporation (your bank, internet provider or cell phone company, for example) sent you an email and or letter in the mail informing you about yet another data breach where customers’ personal data was stolen, hacked or in some way compromised? We understand how frightening that can feel when considering concerns of privacy, both for yourself and for your customers and clients. 

In this current technological moment, a lot of our time is online, often whether we like it or not. Due to the nature of the work many businesses and non-profit organizations do – whether it be using customer relationship management (CRM) software, handling sensitive client data or ensuring GDPR* compliance – protecting your data and the data of your clients and community has never been more important. With increasing frequency, you as a business owner need to integrate technology into your work to increase your efficacy. In doing this, business owners are asked to opt into a digital experience, to use an app, to create an account, to share personal data and at times, their clients’ and customers’ data. These corporations collect and store your data – that includes passwords, payment information, customer or client information and whatever else you shared with that app or website. Amongst all this, what can you do to protect your privacy and data and the privacy and data of the communities with whom you work?

“Digital security can be a bit overwhelming for folks. That’s because it is. You’re gonna do things imperfectly and a bit flawed. But what’s more important is that you start.” 

–Kim Tercero, Founder, Tercero Solutions.

5 Fundamental Security Practices

Here are some fundamental security practices we recommend to clients, organizations and community members to strengthen their digital security.

Use A Password Manager: Password managers make it easy to follow good password practices. You don’t need to use your Notes app, post-its or notebooks. If you are someone who uses one password for multiple websites and online accounts, a data breach that exposed password information could possibly impact multiple accounts. Using a password manager is an important tool to protect your digital privacy because it can randomize a different secure password for each of your accounts and it also allows you a safe place to store your passwords and other sensitive information. A password manager is the most secure way to store passwords, however if you don’t have one, storing your passwords in your browser is safer than on a post-it note or on your phone’s Notes app.

Enable 2FA/MFA:  Enable multi-factor/two-factor authentication. 2FA/MFA is a security feature that verifies your identity before allowing access to your account. After entering your password, you'll need to enter a unique code to prove it's really you. If given the option, use an authenticator app rather than SMS or email verification. Some password manager apps, like Bitdefender or 1Password, are also authenticator apps that can be used for multi-factor/two-factor authentication.

Don’t be a phish! Scammers use email or text messages to scam you into clicking on a suspicious link (sometimes leading to fake sites) or opening an attachment with a virus or malware. In this process, sensitive information may have been exposed. Some of the tactics and tricks scammers use are sneaky and deceptive. As much as possible, do not click on suspicious links, especially if it was sent to you from an unfamiliar number or email of someone you do not know. Don’t click on links unless you absolutely have to–if you know how to access that website, type it directly into your browser instead of clicking on links. Or if you have a shortcut saved in your browser from a trusted source, use that rather than clicking on a link sent to you.

HTTPS only websites: “When you browse with HTTPS, your data is encrypted, which means it’s scrambled and unreadable to anyone trying to intercept it.” [Source.] Hypertext transfer protocol secure (HTTPS) is a secure way data is sent between a web browser and a website.

We recommend you only access websites that use HTTPS to protect your data. To check if the website you’re using is using HTTPS, you can 

1. check the URL and make sure HTTPS is at the beginning of the URL

2. look for a lock icon 🔒 to the left of the URL along with HTTPS in the URL indicates that the website is encrypted. 

Learn how to configure browsers to HTTPS-only mode here.  

Encrypt Everything: 

For any call or text that you want to remain private, it should be done in an end to end encryption app, like Signal. As described previously, encryption protects your data by scrambling it and making it unreadable to anyone but you and the recipient. Signal is currently the only truly encrypted and secure platform for text and voice communication. To keep your emails private, use Proton: Proton mail is currently the only truly encrypted and secure platform for email communication. Encrypt your devices. Device encryption protects your data from unauthorized access, even if it’s lost or stolen. Ensure your cell phone is protected by a passcode or PIN of maximum length. You can find steps to enable full disk encryption for your computer or laptop here. 

We hope these digital tips and tools will help you strengthen your digital protections! If you need support integrating these practices into your work, you are welcome to reach out to us. 

*GDPR “GDPR compliance refers to adhering to the General Data Protection Regulation (GDPR), a set of rules established by the European Union (EU) to protect individuals' personal data and privacy. Compliance involves implementing appropriate technical and organizational measures to ensure data protection, including obtaining explicit consent for data collection, limiting data processing to specific purposes, and ensuring data accuracy...The GDPR has had a significant impact on how organizations handle personal data and has set a new global standard for data protection laws.” 

Resource recommendations excerpted from Tercero Solutions’ “Digital Security Checklist and Resources” Paper. If you would like to request a copy of this resource, contact us here.