Thursday, January 28, 2010

Data Privacy Day Checklist

Rather than add to the previous post, I decided a true celebration of Data Privacy Day deserved a post all its own, and what better way to celebrate the date than with a list of Data Privacy To Dos! Don't think that sounds fun? Put it in perspective: would discovering someone's gone hogwild with your Amazon (or PayPal) account be fun? How about suddenly getting a flurry of unhappy replies from friends and family (or coworkers) to some offensive email you don't remember sending? I don't think that's fun. If you do, I'm guessing this is where you'll stop anyway, if you even made it this far. However, if such or similar scenarios are on your Not Fun List, you might want to check out my list of a few ways to avoid them.

Review all your passwords (and they'd better not be on a large post-it stuck to the bottom of your keyboard, either).
Are they on this list? Don't pat yourself on the back just yet if the answer's "no"; you might want to check this list too. Still in the clear? Maybe - depending on whether you can also answer "no" to the next question.

Do you use one password for everything?
If so, you need to make a list of your own: of all the stuff someone would have access to if they got hold of that ONE little word. Write it all down, look it over, and think about it. Now imagine it in the hands not just of someone, but someone who really, really doesn't like you. Feeling any password creativity yet? If you need a little help, here are some tips:

1. Choose a strong password, with numbers and even punctuation marks as well as letters. Substitute numbers for vowels, for example: p4ssw0rd (NO, DON'T USE THAT). Pick a line from a favorite song or poem, and use the first letters of each word. Mary Had A Little Lamb = MHALL (NO, DON'T USE THAT EITHER). If you've just got to use your pet's name, spell it backwards. If your pet's name is Spot or Rover, give him a middle name (preferably a long one) and use both.

2. Use a different password for all websites/accounts. Write them down if you must, but keep them in a safe place; under your keyboard or taped to your monitor doesn't count. I'm not a keen proponent of the old "stash it in your wallet" routine, either. Yeah, if you lose your wallet your day's already in the toilet, but why add to the booty if someone other than a Good Samaritan finds it? Besides, do you really need to carry all your passwords with you everywhere?

3. Never let websites "save" passwords for you. That cute little "remember me" box next to your Twitter login? UNcheck it. That's actually saving your password to your computer hard drive, usually in a simple cookie and all too often unencrypted. If your computer gets compromised by a malware ridden banner ad or flashing pizza coupon, or your laptop gets boosted in an airport lounge, guess what's the first thing bad guyz look for? Don't trust your computer to remember your passwords or keep them secure. You really shouldn't trust your computer for much of anything, anyway. Ultimately, computers are dumb. You can trust me on that.

Designate ONE credit card for online use, or see if your credit card company offers a virtual credit card service.
Using one credit card soley for online use makes it easier to spot red flag fees or charges, and if you smell smoke and have to put out a fire, you won't also be having to cancel the same card you use for dining out or keeping your wardrobe up to date. "Disposable" or "virtual" credit card numbers are also now offered by many financial services. They're one hoop jump too many for me personally (well, so far), but worth consideration at least for one-time purchases, or trial offers that also "offer" to automatically opt you in for the rest of your natural life - though bear in mind on that latter, if you did implicitly agree to some Neverending Subscription, you could still legally be on the hook. RTFP (Read The Fine Print). Never EVER use your debit card online if you can avoid it, and always practice safe online shopping.

Set up a "junk" email account.
Don't use your primary email address for casual shopping, social networking, or submission to any website that requires one before you can read the last sentence of a tantalizing news article (or leave a snarky comment on the same). Set up a separate email account with one of the many free web email services available, and whatever you do, DON'T immediately import your entire address book into the thing. Don't fill out a profile with your full name, complete home address, and life history, either; that utterly defeats the purpose. The idea is to cut back on the info merchants and advertisers can mine from you, as well as give them someplace else to send their spam.

I'll save my list of browser tips for another post (everyone can stop cheering now), and end here wishing a happy Data Privacy Day to all. If anyone has other tips or tricks to share, please do so! And if (again) it appears my tinfoil hat's a little tight, remember bad things don't always happen just to other people. Someone's got to make up the statistics, and if you don't preemptively stack a few odds in your favor, your number could be next.

No comments:

Post a Comment