PERSPECTIVES FROM THE CAMPUS

One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives from the Campus”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.

In the latest installment of this series, David Dungan, who serves as the executive director at the Center for Security Services and Cyber Defense at Anderson University, shares his perspective on the four key defenses we can use to protect our personal data.

By David Dungan

Did you know researchers estimate that 61 percent of Americans have had their personal data compromised and 45 percent of Americans have had their data compromised in a breach within the last five years.

Additionally, 44 percent have been involved in more than one data breach. Because millions of records are exposed every month, it is paramount that users take precautions to defend their data. Fortunately, there are several defenses that can be deployed to protect your personal information. Moreover, these techniques can be used to help in an effort to protect one’s data from being accessed as part of a data breach.

The first data defense directive is to use a virtual private network (VPN). VPNs encapsulate network traffic and encrypt data in transmission, in such a way that it cannot be accessed by unauthorized users. This also prevents what is known as data breadcrumbs from being left behind after browsing sessions. By using a VPN, you can ensure that your data is only going where you want it. This is a tool that’s especially important to use if you are in a public place, such as a coffee shop, airport, or even a retail store. It’ll help in needing to rely on a free public Wi-fi network that anyone could access.

The next directive is to consider freezing your credit. In the event of a data breach, threat actors will be unable to apply for credit cards or loans – even if they swipe your social security numbers, birthdays, names, or other personal information. Once frozen, your credit stays frozen. No activity is allowed unless or until you lift the freeze yourself. As an aside, freezing your credit doesn’t negatively impact your credit score!

The third directive is to limit with whom, where, and how your data is stored.

While it may be convenient to store your credit card information and login credentials with apps or websites you frequently visit, doing this creates a security risk for your personal information. It’s worth taking a few extra seconds to manually enter your payment information or credentials each time you visit certain sites. Also, it’s a good idea to read the privacy policies before giving your personal information to any company.

If possible, avoid companies that share your information with third-party brokers. For companies that store or transmit your data, make sure they are applying end-to-end encryption, hashing, and other defensive security controls. Before giving any information to these companies, conduct your research, read other customer reviews, and scan the Terms and Conditions. Finally, it’s absolutely OK to be skeptical and ask questions. You can’t be too careful when it comes to sharing personal data.

The final data defense directive is to join a personal data clean-up subscription service. You can arrange for these applications to select what data you want removed from the web and the service goes out into the Internet and cleans up your stored (and vulnerable) information. Among the personal data clean-up services that are out there include:

• DeleteMe
• Kanary
• Mozilla Monitor Plus
• Optery
• Privacy Bee

Here in the Hoosier state, there are other FREE resources, available from state government, that you can access by visiting the Indiana Cyber Hub website. In the event you suspect your data has been stolen, there are steps you can take, whether you’re an individual or it involves a company or organization, to report the incident and begin recovering.

By following these steps and always being vigilant with personal data, you can experience a greater peace of mind that your data is secure from threat actors.