Each interaction you make online leaves behind a trace. A website visit here, filling in your personal information in a form, use your geolocation, watch a video, like a few pictures, maybe write an email. Companies are well aware that your data (and your eyeballs) are an important revenue stream. Sites like Facebook and Google aren't free, you just will often pay for them with your data instead of with money.
Trust me, I hear you, 'normal person'. You think, "I'm so boring, no one would really ever care about my data." I get it. It can be totally overwhelming to think about all the data you have floating around. The problem that might come out of this stance is that 'cat videos' and 'banking transactions' are getting put into the same group.
So, while it might be okay to not care about your online data, you have to first come to that stance by knowing what the risks would be if someone were to have access to it. Thinking about the bad things that might happen if someone has access to your data is known as a 'Risk Analysis'.
Conduct a 'Risk Analysis'
Everyone is not going to have the same level of threat when it comes to being safe online. Regardless of your threat level, it's important to know what all the risks might be and from there you can determine if you should care about them or not. When you start this process, it's helpful to first think about the types of data someone might have access to, and determine how you feel about that entity having access to it. Jot down some of the data points of things you do online or on your phone. Things like:
- enter personal data in forms...email/SSN/DOB/name/phone/address/...
- use your location (navigation, etc)
- communications (messaging, email, skype, ...)
- documents ('the cloud')
- spoken word (siri, alexa, iOT, ...)
- payment and financial information
- phone and computer hard drives
Given the above data points, try and determine:
- What bad things will happen if someone gets access to this data?
- What is the likelihood of them doing something with it?
From there, you can start the think about what level of effort you might be willing to go through to protect the data. You might decide you have no threats to your data, but chances are there is at least one bit of data that you might have concerns about.
Once you've determined your risk analysis, you should have a general idea of things you might care about. With that list in hand, you can determine the types of security measures you might be interested in. The purpose of giving you all this information is not intended to scare you into never going online again, but rather to make you an informed consumer of the internet.
I started my own journey in investigating security online after attending George Stephanis's talk, 'Security is not an Elective' at Open Camps last summer. I was also recently fortunate to attend a workshop hosted by Briana Vecchione, a Civic Tech Fellow with Microsoft. In her workshop, Briana provided an excellent cheat sheet of various items of interest. This series is a direct inspiration from that workshop. The posts that follow in the upcoming weeks will be the highlights of that information.