Protecting your online data

In today’s highly digitalized world, where information is constantly being shared over the Internet, taking steps to protect your data is more critical than ever.

Statista estimates that approximately 445 million data records have been exposed worldwide between January 2020 and August 2022. So, what can you do to help keep your personal information safe?

Sauvik Das, assistant professor at Carnegie Mellon’s Human-Computer Interaction Institute and member of CMU’s CyLab Security and Privacy Institute, stresses the importance of taking preventative measures to secure your passwords and personal information.

“It doesn’t do a whole lot of good to lock the barn door once the horse has escaped,” says Das. “But there are measures you can take to prevent your information from being stolen in the first place.”

Das suggests using a unique password for each service. If one of your passwords is compromised, this will help contain the damage to a single account. 

While keeping track of each password may seem like a daunting task, using a password manager can help.

“Many people today have dozens or possibly even hundreds of online accounts,” says Sarah Pearman, a CyLab Ph.D. student whose research focuses on usable security and privacy.

“Can the average person remember 100 different 12-character random strings of numbers and letters? No. That’s why they resort to making easy-to-guess passwords or reusing passwords. A password manager generates strong, randomly generated passwords and remembers them for you, so you don’t have to reuse passwords across multiple accounts. All the user has to do is remember one very good password, and that serves as the key to all of their other passwords.”

Das also suggests using two-factor authentication for any accounts that offer such protection. “Even if your password is compromised, the attacker would still need to get a hold of your phone or YubiKey to access your account."

While Das recognizes this extra step may become an annoyance, he strongly recommends using it on “important” accounts, such as those associated with financial and health information, and on accounts like Google and Facebook, where credentials may be used to log into other services. 

If you’re concerned your Internet Service Provider (ISP) may be ‘snooping’ on your data, Das says using a trusted Virtual Private Network (VPN) that doesn’t store browsing history is an excellent way to hide the websites you visit and the data you send and receive online. 

In order to keep your emails and messages confidential, Das suggests using end-to-end encrypted services. “If you use a service like G-Mail, anything you send is fair game and can be fed into algorithms that make inferences about you. However, if both the sender and receiver use a service with end-to-end encryption, your messages should remain completely secure.”

If you believe your data has already been compromised, Das says following the above steps can help limit the damage and provide future protection.

“Security is an afterthought for so many people. Use the breach as an opportunity to re-up your security posture and implement strategies to help prevent it from happening again.”

“For at least six months following a breach, remain vigilant. Most attackers that scrape password information aren’t using it themselves. Instead, they’ll look to sell the information to a scam agency, so the ensuing effects may not surface until months later.”

For data leaks that involve social security or financial information, Das recommends purchasing an identity theft protection service that will alert you about any activity regarding your account. You can also reach out to credit bureaus Experian, Equifax, and TransUnion to initiate a credit freeze.