Christina J. Colclough
Your digital self-defense
The digital world is still relatively new to us humans. Unlike in nature, where we can recognize a threat, we are still learning to move safely in the digital jungle. We can't help but be watched on our journey, but here are my top ten tips to protect you against the worst predators.
This article was originally written for the Danish Insurance Sector Union. See the Danish article below, English version under the Danish insert.
My top ten tips
This article wraps up the ones I have written for the Danish Insurance Sector Union on the challenges of the digital world. This one is all about my top ten tips for protecting yourself and others from the shadow side of the digitised world. The digital jungle, I might be tempted to call it, because while it may look charming on the surface, threats are hiding everywhere.
As with the jungle’s mosquito net, boots and protective clothing, my recommendations for your journeys in the digital jungle will also seem cumbersome. That's the way it should be, because digital tools, apps and services are precisely designed to make it as easy as possible for you to use them without having to think too much about what they do and what you don't see. They offer you simplicity and convenience while collecting data from you and tying you ever stronger to them.
To protect your own and others' rights, I hope you will consider changing some of your digital habits. Let's look at what that means.
Tip 1: Employer-provided mobile phones and computers
If your employer has given you a mobile phone, they probably also installed Mobile Device Management (MDM) software on it. MDM protects the data that you produce when you use your company's e-mail system, download and save files, and the like. But MDM also allows your employer to see which apps you've installed and how you generally use your phone.
Let's say you downloaded an app about pregnancy: Will it tell your employer something that you may not have told them yourself yet? Or maybe your employer has turned on a "find my phone" service. In principle, it allows your employer to track where the phone is at any time of the day – and therefore also where you are. So, did you call in sick while you were actually visiting your family on the other side of the country? There could be consequences.
An employer paid mobile is the employer's property. Do you use it for your social media? To save pictures or take notes? Keep in mind that all of this information is in principle your employer's. Anything you privately store on your employer mobile can be used against you at worst.
So my first tip is quite simple, but also one of the more cumbersome: Buy a private mobile phone and turn off the employer's after working hours. Only use the employer paid mobile for work purposes. Everything else you should do from your private mobile.
And the same applies to employer-paid computers, tablets and other devices: use them for work only and turn them off after working hours. Use your private devices for everything else.
Tip 2: Your work email address
This leads me to the next piece of advice: Your work email. It is also your employer's property. Every single email is theirs, and they have the right to check your emails if they have good reasons for doing so.
There are several reasons why we should be careful when using our work email. The General Data Protection Regulation (GDPR) contains something called the 'Right of access by the data subject’ (DSAR). This right ensures that a person can obtain a copy of all the personal data that a company has on him or her.
You can use this right as an employee to get a copy of the personal data your employer has collected about you. For example, they should then give you a copy of all emails, files, SMS texts, images from surveillance systems and data-driven inferences, that include your data. They must also provide you with information about who this data has been disclosed to and what else the information has been used for.
While the DSAR is a strong right, it also means that if you have used your work email address to write about a particular person and that person makes use of the data subject access request, also your emails must be included in the package they receive. This most probably raises a lot of questions and maybe some nervousness with you as well.
So, the second tip is that you should use your work email address for work purposes only. Nothing else.
Tip 3: Mind the apps!
Fortunately, Apple and Android (Google) have developed their services, so you now get an overview of which apps on your phone or tablet have access to which sensors on your device. It's good and practical, as we – hand on heart – never read the endless privacy policies, terms and conditions, but just blindly accept them when we install an app.
But we should read them. Your mobile phone and tablet typically contain 14 sensors that for example provide information about where you are, at what speed you move and reveal what floor of a building you are on. Apps can collect a wealth of information through these sensors - unless you take the time to take control over which sensors your apps have access to and which they don’t.
The tip here is that you should make use of the possibilities to restrict your apps from collecting data about you and your whereabouts. Delete the apps you never use. Every one of them is a potential tool to collect information about you.
Tip 4: Social media
We've become accustomed to using social media to stay in touch with our surroundings, check what they're doing, see their pictures and show others what we are doing. There's a whole bunch of social media, and you're probably using more than one. Did you use the same email address to sign up for them? Have you used your mobile phone number for that?
Bear in mind that while these services can be really convenient, their whole business model is built on harvesting data from you, analysing them and selling them on. It's fun and exciting to use their services, but there's no free lunch here – you pay one way or another. So here are some tips to protect your identity and privacy on social media.
Stop using them! Many have. I have stopped using Facebook to protect my privacy. This might seem like a big step, so instead try to share less about you and your life. You really don't have to share everything. These services are not only interested in you, they also extract lots of information about the places you visit and about the friends you have. Do you ask for permission before uploading pictures of your friends? Or your children?
Online live is forever. Even a 15-year old photo can compromise a person's job or opportunities in life. There are already many companies that make a living vacuuming social media and creating profiles of people's activities and attitudes. They are used by HR managers, recruitment experts, banks and governments far more often than we would want to know.
Use a dedicated email address. When creating social media accounts use a dedicated email‑address that you only use for this purpose. Never use your work email or your private e-mail.
Beware of criminals. If you provide your real name, date of birth, mobile number and the like, it is not difficult for criminals to steal your identity.
They love to share. Facebook - or Meta, as they call themselves now - owns WhatsApp and Instagram. Google owns YouTube. They love to share data between their different services. Therefore, think twice when using these services. For example try Signal or Telegram instead of WhatsApp, especially if you need to send and receive confidential data.
Tip 5: Beware of free wi-fi connections
When you're out and about traveling, or just in a public space, think twice before logging on to free wi-fi connections. Remember that nothing is free! Even if they don't charge money, for every millisecond you're on these networks you are giving them data. Often you need to sign in with your email or flight number, and then they know who you are and where you're going.
If you have exceeded the amount of data that your mobile plan holds, consider using a virtual private network (VPN). If you still have data left, use it — it's your safest connection.
Tip 6: Virtual Private Networks VPN
In fact, we should always connect to the Internet through a VPN connection that creates a secure connection to the digital world. A VPN is a Virtual Private Network. Think of it as a way to conceal your online activities and mask what you are doing and where you are.
Use a VPN service wherever you go. It will give you a protection that is greater than even a secured Wi-Fi hotspot: VPN makes it hard to snoop on your traffic and pick up on what you are doing. VPNs can also prevent websites and Internet services from knowing your real location. And with a VPN, your ISP can't monitor your activity.
I have a VPN system on my mobile phone that blocks all sorts of things. Some months it has blocked up to 18,000 trackers!
Tip 7: Cookies
Cookies – digital cookies – are the reason you get all these pop-up messages when you are browsing the web. Cookies ensure that we do not have to log in again and again on websites we frequently visit. They also allow websites to keep track of what webpages we visit, how often, what news articles we read and much more. Cookies also provide data to some of the most popular analytics tools, such as Google Analytics. Google Analytics (and systems like it) provide website owners with real-time reports about users’ location, what webpages they read, for how long they are on a site- and much much more.
This important law aims to protect your privacy. So use the few seconds it takes to "reject all cookies" – or at least only allow "strictly necessary" ones. If you "accept all cookies" you will probably be tracked in everything you do online.
Tip 8: Go incognito
Related to rejecting cookies is the possibility to choose private mode – incognito or 'private internet browsing'– when using the web. This is an option in most browsers and ensures that the browser doesn’t store your browsing history, your temporary Internet files and/or cookies.
In Google Chrome, it is called 'Incognito Mode'. In Firefox it’s the 'Private Browsing' option, and Edge/Internet Explorer uses the name 'InPrivate' browsing. Common to them is that it is a privacy feature that prevents a lot of tracking.
But even these private mode are not entirely private. When you search in incognito or private mode, your ISP can still see your browsing activity. If you use a company computer, your IT department can follow it as well. Even websites you visit can track you.
So whilst, incognito browsing has certain advantages, do use the other tools to protect your digital privacy, not least a VPN.
Tip 9: Keep everything up to date
Updates help you keep your mobiles, computers, and other devices safe. A good tip is that you check all your devices for system updates at regular intervals, daily or weekly. Those who have developed the systems we use actually do what they can to protect us from hacking and other bad stuff.
I start the week by checking all my devices and installing updates. You can also set your devices to do this automatically, but often it can be convenient to decide that updates should only be downloaded when the devices aren't being used anyway, rather than in the middle of a meeting.
Tip 10: Remember rest time
My final tip has to do with our increasing reliance on our smart devices. Let's just admit it - we hardly go anywhere without our mobiles. But maybe we should!
There is no need for Google or Apple to know where we are 24 hours a day, 7 days a week. Go for a walk without your phone. We must dare turn it off every now and then and give ourselves the right to a free space and rest.
I wish you the best of luck in changing your digital habits. Do it for your own sake – and for all those affected by your data. Make protecting your privacy a fun thing to do together with your family, friends and colleagues.