Lesson 4: Privacy

An exploration of online privacy and safety practices.

Another way to protect your data and stay cybersecure is to limit the amount of information that you put out there and be knowledgeable of how companies utilize your data. In this article, we'll spotlight online privacy and awareness of company data policies as a strategy for self-cybersecurity.

Explore

Plenty of information about you is available online for free, especially with increased usage of social networks in the modern day. Imagine if someone simply types your name into Google-- what could they discover about you? Perhaps more than you might think.

Do some research yourself: try to find data about yourself on the internet. In a search engine of your choice, type your full name, then your name and school, then your name and city, then your name and whatever hobby you do. Every time you do a search, browse on the links that pop up and record personal information about yourself that you discover. Go on school and community websites, social media platforms, etc.

Online Risk

Now that you've completed that exercise, you might realize that a lot more information is publicly accessible online than you previously knew. Strangers (and more dangerously, hackers) can piece together your personality and life using the data they found with a few simple keywords on a search engine. The larger your online presence is (meaning the amount of data you make public and what you post), the easier it is for cybercriminals to access your personal data in a hacking situation or data breach, which threatens your security and privacy. To prioritize your cybersecurity, reduce your online risk. Don't give up too much information digitally for everyone to see, especially data relating to your finances. Limit your digital footprint and keep things positive online. Although you can never completely erase your presence on the internet, do everything you can to keep your data secure and maintain cyber safety.

Privacy Policies

Additionally, being aware of what businesses do with your data is an important aspect of user-based cybersecurity. Nowadays, so much consumer data is in the hands of companies and corporations. Just imagine how much data you give to others, and how much businesses collect. If you share your information to a company in any way and want to keep it safe and secure, familiarize yourself with that company's privacy policy. Companies' privacy policies are written documents that detail what consumer data they collect, how they use that data, and what pieces of data they distribute (and to what third parties they share to).

Try it yourself: look up a company name (like Facebook, Google, Amazon, Yahoo, etc.) + "privacy policy" on a search engine. As you scan through their policies, think about whether or not you agree with the way your information would be utilized or shared. Additionally, consider if the company's privacy policy aligns with the pillars of the CIA Triad, which is a set of principles that guide how companies protect data. The CIA Triad is the backbone of cybersecurity and consists of three pillars: confidentiality, integrity, and availability.

1. Confidentiality: Is your data only accessible to groups that have your consent, and is it secure? To verify its security in the hands of a company, seek URLs that begin with "https" to ensure that communication between the server and browser is secure on the site. Look for a closed padlock icon-- which indicates your information will be encrypted and Transport Layer Security will be used (meaning that all information sent over the web will go to its intended destination).

2. Integrity: Is your data utilized in a way you approve of and not tampered with?

3. Availability: Is your data available for you to edit or delete when you so choose?

Then, make a decision regarding your choice to use that company's devices or services based on what you found about their data policies.

Wrapping It Up

By reading over a business's privacy policy, not only can you be aware of what personal information they control and how they use it, but you can also have the power to know how and when to change or erase that data. This way, you can take charge of your own data, and develop stronger cybersecurity habits in turn.