Today is Data Privacy Day. A day dedicated to awareness of how data, often very personal data, needs to be managed and protected. Just about every company you interact with on a daily basis has collected, uses and is responsible for being a good steward of that data.
But we can’t expect those companies, your bank, your doctor’s office, your insurance company, your favorite social media experience and any of the myriad of applications you might have on your smart phone to be the only responsible stewards of our data.
We are also responsible.
Take a moment to take stock of your various identities. We all wear different hats in real life – parent, volunteer, employee, pet owner, what have you. Some cross over to others, some do not. We have equivalents online and a collection of companies are vying to be the holder of the “primary” identity you use online. We are constantly offered the chance to log in or “connect” using Facebook, or Google, or Microsoft, creating additional interconnection between the fabric of websites and mobile apps in our ecosystem.
Today, I challenge you to inventory your online identities and make improvements where necessary. Break out a piece of paper and pen:
- List out all your email addresses. Which ones are used for access to which websites? When you create an account on your bank’s website or a shopping website or anywhere, that service has created an identity for you. While it’s true that your bank’s computers don’t connect with the servers that run Netflix, if you are using the same email and password in both places, you have increased your risk in the event that a password breach at one service could allow someone to access your information from the other service.
- Document all the popular services you use that all provide the option to use that identity to connect to other sites – the situations where you connect to services or other websites using the credentials from another. In this case, those services may not bother to maintain their own database access credentials, instead relying on the services of another. This “single sign on” feature is great – event potentially more secure than having a less robust system maintain a list of email address and password combinations – but make sure you are combining those services in a way that makes sense for you. I would never sign onto my banking websites “using Facebook” for example, even if it was available. Using my Twitter credentials to connect to a news website, would be a more reasonable use.
- Review the list so far and make changes as necessary. Update passwords, change email addresses and consider the “single sign on” options that make sense for how your organize your life. If you’ve used your work email (which is an identity you don’t fully control) as the primary email for a personal service, make sure to adjust that appropriately. You never know when you might lose access to that email service, making it difficult to recovery a lost password or receive notifications.
- Turn on multi-factor authentication where available. Those services ensure that additional information is needed to grant access to the service with a phone call, text message or email to an alternative account. Make sure that your contact information is up to date with alternative phone numbers and current email addresses that you can access.
- Some services provide printable one-time use access codes that you can store offline. Google and Microsoft are two companies that do this. I print these and store them in a secure location at home, as a backup to all the other multi-factor security options.
- Review the recovery related FAQs for all the major services you use. In the past, some have required you to know rather specific information related to your account, like creation date, etc. If necessary, gather that information and store it securely offline as well.
- Finally, review the security and privacy settings on the sites where you purposely post personal information, like Facebook and LinkedIn. Make sure you have them set so what you have publicly visible is what you intended.
I know that’s big list. Make it Data Privacy “Week” if you have to. Your future self will thank you.
Learn more about privacy settings for: