Jun.03rd.2020

How to protect your personal data

Banner - How to protect your personal data

    Ubiquitous on the web, personal data are often at the heart of digital scandals. Constantly shared without our knowledge, they represent all the data that can directly or indirectly identify an individual (this is why we must take care and pay attention of their use).

    Some news items:

    • It's the giant Facebook that makes very regularly talk about him in terms of mistreatment of personal data of its users. And yes, by having an account and publishing on Facebook, we personnaly give it access to our private data without being wary, and the least we can say is that the social network does not take good care of it (the latest scandal is in September the 4th of 2019 when 419 million phone numbers linked to Facebook accounts leaked from the platform, more info here... we're waiting for the next episode!)
    • Another recent case in the news was Faceapp, the app that rejuvenates or ages a photo of you with impressive details. After its international success, many articles appeared to criticize its policy of retention of users' personal data. And yet you were warned because its terms of use indicated that it reserved the right to freely exploit your data.

    You think you have nothing to hide and you don't pay much attention to your personal data on social networks? Well, you should look at the question a little bit. Our personal data are our identity and each of them can be used for malicious purposes if they fell into the wrong hands. Here are some tips for you to protect them.


    Why stealing personal data?

    Theft of personal data can have several hidden objectives:

    • Identity theft: a person steals your personal data for the purpose of recreating an identity based on the latter. This process is usually used for malicious purposes, such as scams on social networks (you are asked for money to help a person for example) or online resale sites (we offer a tempting offer which is actually a trap for you to get money).
    • Data rabsom: Also known as "Ransomware", this process aims to, as the name suggests, ask for a ransom in the form of money in exchange for the non-use and return of stolen personal data.
    • Infrastructure theft: a rather unknown objective of the general public, the theft of infrastructure is to host clandestinely content, such as a website for example, on your servers.
    • Commercial use: a theft of data may also be intended to use your images for advertising purposes (without asking for permission of course), or to analyze your activity on the web to harass you with targeted advertising.
    • Resale on the Dark Web: once your data is collected, hackers can simply resell them on the Dark Web, the "hidden face of the internet", to people who want to use them through one of the four previous goals.

    Where can my data be recovered and how to protect myself?

    Many methods are used by hackers to retrieve your data on the web, but fortunately there are also methods to protect yourself.

    Phishing/Smishing 

    Phishing involves recovering your personal data through the spoofing of a third party identity that inspires confidence such as your bank, online sales sites or even public institutions. Often contacting you by email via an address that does not come from the domain name it is supposed to represent, very often accompanied by spelling mistakes. Fortunately, our mailboxes today protect us greatly from phishing by sending the offending emails in the box "Spam".

    The smishing is an "urgent" text message sent to someone's phone, asking them to either call a phone number or go to a website. Again, the links are often shortened.

    Protect yourself:

    • Pay attention to the address of the sender: if it seems suspicious, don't pay attention to the mail
    • Analyze the credibility of the mail: check if there are spelling errors or if there are inconsistencies
    • Avoid clicking on any link
    • Don't download attachments without being sure.
    • Never call the numbers that sent the messages.

    Good to know: a website where you are registered will NEVER ask you to provide your password. Just as a bank will never ask you for your credentials or bank details under any circumstances.

    Malicious apps 

    A simple method for hackers, but vicious, some applications present in the markets of applications such as the AppStore or GooglePlay are only intended to collect your data without your knowledge and then use them. Although Apple and Google are analyzing the applications present, there are still some that fall through the cracks.

    Protect yourself:

    • Sort your apps regularly
    • Look at the user reviews and ratings that have assigned to it on the download platform
    • Regularly delete applications that you are not using to prevent them from continuing to collect your data unnecessarily

    Online purchases 

    Some malicious sites appear as merchant sites. However, the reality behind it is to steal your data, especially your bank details at the time of purchase.

    Protect yourself

    • Check the legitimacy of the website on which you want to make a purchase: look for user reviews on the internet to be aware of issues raised by them
    • Make sure you surf safely by checking that the site URL starts with HTTPS
    • Ensure your security at the time of payment: check if the 3D Secure technology is well-used and prefer e-cards (digital cards generally for single use) at the time of purchase.

    Voluntary sharing of your personal information  

    By using the internet, we leave a lot of personal data behind us. Especially on social networks, we are not afraid to share intimate information such as our birthday, our habitat, our professional situation, our photos and even our personal relationships. Facebook even knows your interests, your tastes and your personality!

    Protect yourself:

    • Pay attention to what you share on social networks: although it seems fun to fill in your information in full, avoid seeking a profile too deep and only communicate what is necessary.
    • Start reading the terms and conditions when creating an account: did you know, for example, that FaceApp warned you? Its terms and conditions (which you must display as "read and approved") indicate that by registering, you grant it an irrevocable license for your photos! And yes, you knew about it ...

    Hacking a website where you are registered

    In June 2019, the Desjardins Group had the data of 2.9 million people registered on its site stolen because of a breach in the system. This case about the financial services company shows that no one is safe from being stolen data on the web, and you could not do anything as a user of the bank.

    Protect yourself:

    • Unfortunately, individuals can not deal with this kind of attack. It is indeed up to the site to protect itself sufficiently to ensure the security of the data of its users.
    • However the site "HaveIbeenpwned" exist. This site makes it possible to check if your email address has suffered a data breach, when and on which site it happened (hacking of a site on which you have an account for example). 

    What you can do to protect yourself

    • Use trace scramblersPrivacy Badger for example, is a free extension that allows you to prevent trackers from tracking your activity on the web. In another perspective, Adblock is an extension that block any advertising on the internet. Take a look at our article to know whether to use an advertising blocker or not.
    • Navigate safely: As we saw earlier for online shopping, make sure that the URLs of the websites you visit always start with the HTTPS protocol representing the highest level of security. Choosing the browser is also important when browsing the internet. So be aware that Firefox is known to be the most secure browser, and you can also improve your anonymity using private browsing (stay tuned for our future article to know the secrets). Although very popular, Google is also very stingy in data and collecting a lot. If the Firefox alternative does not suit you, other search engines such as Qwant or DuckDuckGo happen to be good alternatives.
    • Use a password manager: Even if we are always advised to use complex and unique passwords, it is sometimes difficult to remember and we often end up opting for a global password (especially for small sites that we do not think we fear anything) ). Well we should be wary more because once one of your passwords is revealed, all sites where you are registered with are threatened. Fortunately, there are managers who will memorize your passwords for you and provide you with original ones each time you create an account. We are fan of Lastpass! We tell you everything in our article about the importance of a unique and complex password.

    Protect yourself!

    It is an illusion to believe that we are untouchable on the internet. Everything you make visible on the net, no matter the way, can fall into malevolent hands and expose you to the dangers mentioned above. Pay attention to what you share, be vigilant in what you accept and adopt safer navigation methods.

    Our articles on the other dangers of the web