We’re all getting used to hearing about problems with data security. After the massive Target breach last year, when something similar happened to Home Depot this summer it didn’t seem all that surprising.
What was surprising was the Sony cyberattack, a story that’s been making headlines for weeks.
If a big corporation can’t keep hackers out of its email networks and script vaults, what does that say about the security of any digital information—especially the personal data thieves want, which is the kind that leads to fraudulent purchases and identity theft?
I’m saying this not just to raise the alarm (if it isn’t already ringing deafeningly loud already) but to give you practical advice on how to protect yourself.
First, you need to know a little about your digital footprint.
Every time you click the checkbox next to “I agree to the terms & conditions” on a website, you’re actually giving permission to the website owner to track your clicks, and take certain actions, like post a targeted ad on other websites you frequent. That’s why if you visited Zappos to browse for shoes, then went to Facebook, you’ll likely see a Zappos ad on your Facebook page that hadn’t been there the last time you logged on.
I don’t know about you, but I certainly don’t have enough time (or interest) to read all that terms & conditions fine print. What I can say is that companies require that click for you to opt in, an action that reserves their right to collect and retain information about you and your digital transactions when you use their sites.
All of the data about how you use those sites—where you’re clicking through, how long you stay on a page, whether you buy something, and if so, how much was that purchase—is extremely important to marketers.
In fact, most companies that do e-commerce are investing billions of dollars to collect and analyze that data to better determine what to sell you, when, and on which devices.
You’re also volunteering personal information every time you fill out an online survey, or do any of those cute quizzes that tell you what character you’d be on Downton Abbey, or how many states in the US you’ve been to, or how well you know grammar.
All of that information you’re providing free to digital marketing firms is being compiled to profile you in some way, shape or form.
The same holds true for apps. Once you download them and create a new account, your geographical location is being tracked, your searches are noted, and your purchase history is collected. So too is the information you’re sharing with your digital social network.
So if you’re on a vacation you booked on a cheap-travel website, you post Instagram photos of your meal at a fancy restaurant you logged into on foursquare, and you buy concert tickets, your taste in destinations, hotel chains, cuisines and music has been duly noted.
Interested companies can buy this information and may start suggesting similar trips, restaurants and entertainment events when you’re surfing the web, long after your vacation is over. These marketers will also know when you’re sharing your location, etc. with family and friends…because that little checkmark you hastily clicked allows them to.
So how can you protect yourself from becoming a target of someone intent on exploiting your digital habits?
First, make a list of all digital accounts where you are required to have a user name and password. That includes online banks, your credit card providers, your healthcare company, e-commerce sites and social media sites.
For financial accounts, such as banks and mortgage company, make sure you have different user names and passwords for each account. It’s tedious, I know, but very important.
Use a dedicated user ID and password for medical accounts. In other words, don’t use the same user name/password for medical and financial accounts.
Create a spreadsheet, print it out and store it somewhere safe. A hard copy isn’t just to help you remember your log in information; it’s to provide access to important documents and data to others in case you are incapacitated.
If a third party (spouse/partner, next of kin, etc.) needs to access your digital accounts, they won’t be able to unless you have given them a digital assets power of attorney, which is something few people ever do.
Change user names and passwords every six months or so—more frequently for financial and medical accounts.
Get in the habit of monitoring these accounts regularly. Some cybersecurity experts suggest checking bank and credit card activity weekly, if not more often. Check make sure any recent activity is accurate and that there are no transactions you do not recognize.
Consider using a third-party company to monitor your digital wellbeing.
Keep informed. For a superb deep-dive on digital footprints, check out the insightful (and sometimes harrowing) 2013 documentary, Terms and Conditions May Apply. It adds a whole new dimension to caveat emptor.
David Lubert has spent more than 20 years in the retail technology solutions field. As the first retail lead in North America for SAP, he held numerous management positions in the retail and wholesale industry business units and worked with technology executives from a wide range of retail segments. Currently, he is a consultant for DML Group LLC.