10 ways to protect your digital footprint

1. Email accounts

Have you ever missed a bill or overlooked an important email because it was sandwiched between layers of marketing and spam emails? Just like the practice of having a separate non-linked credit card for online purchases only, consider the option of quarantining important emails in a primary account and having a different, dedicated ‘junk’ email account for secondary purposes, like online shopping.

By guarding your primary email account for use with known and trusted entities, you are potentially better positioned to identify suspicious emails. In either case, stop and think, scrutinise email domains and resist the urge to open suspicious emails or pop-ups. Hover over hyperlinks to see where you are being directed, take screenshots or photos, and do some research to assist in establishing authenticity if you have any doubt.

2. Phone settings

It's necessary to check your privacy settings, especially after software upgrades and installing new apps. Regularly reviewing apps that request access to your camera, photos, microphone, location tracking and contacts is a great habit to get into. Do your settings enable people to find you by email or phone number? If you use an iPhone, consider new features such as iCloud Advanced Data Protection.

3. Social media accounts

The more personal data you share in the public domain, the easier it is for threat actors to collect and cross-reference information to build a digital profile on you, your friends and family. Be aware that interaction with random posts that have many 'likes', inviting you to name your favourite number, colour, pet, holiday destination, are all adding data to your digital profile. This can lead to more accurate tailored targeting, making it more difficult for you to discern what is real and what is a scam.

Other factors to consider when joining a social media platform and loading an app are:

• Who or what entity owns the platform?
• Under which country and governmental jurisdictions do they operate?
• Are they subject to National Legislation that requires them to provide your personal information to foreign governments, their military or intelligence services, if requested?

4. Social media handles, usernames and display names

While they all have a distinct purpose, and are sometimes used interchangeably, get creative and use a display name that does not directly identify or align with your known or preferred name. While some professions and organisations require this as a term of employment, blurring the link creates a degree of separation between you and your identity.

5. Devices

Just like your phone, it is essential to regularly review your browser privacy and security settings on your devices. Take the time when entering new websites to review their Privacy and Cookie settings. Consider if you choose Accept all cookies, Decline and close, or Click for more information. If a website doesn’t give you a choice about which Cookies you can enable and require an Accept all to enter the site, consider why they won’t give you a choice. Do you trust them with your data?

End-point protection apps on all electronic devices (computer, laptop, tablet and phone) that access the internet, can also limit exposure to scams, fraud and data breaches. Never click on any links in emails, text messages or websites where you have any concerns about their authenticity.

6. Home security

The current Australian Government evaluation of its networked and non-networked security equipment in government buildings is a timely reminder to review our personal home security, surveillance equipment and intercoms. Research equipment to ensure it meets both your security and privacy needs. Know if your security equipment has facial recognition functionality. Is it networked? Is it collecting biometric data that could be used maliciously?

Similar to the self-assessment questions when opening a social media account, it’s critical to choose a home security system with your eyes wide open. Consider the following questions:

• What is the brand of the equipment?
• Who or what entity owns the company?
• Where is the equipment manufactured?
• Is there a history of privacy and data breaches with this product, company and/or country of manufacture?

7. Home automation

It seems every new home device can be controlled remotely or is voice-activated. Security cameras, electronic door locks, garage doors, robotic vacuum cleaners and air conditioning are just some examples. If you can voice-activate or use an app to remotely control this equipment then, potentially, someone else can too. Consider the risks of someone knowing if you aren't home, unlocking the house and knowing the layout of your home. At a minimum, make sure the firewall software in your home router has the latest software updates installed.

8. Health records

Do you know if you opted in or out of the digital My Health Records? Have your circumstances changed? Are you still comfortable with your current status? 

9. Loyalty schemes and scams

Remember a time when you could walk into a physical shop and anonymously buy an item with cash? A time when you didn’t have to provide your name, phone number, street address and email address (and be privy to other people’s data who have similar details to you)? Are the benefits of the loyalty schemes worth the risk and consequences of your data not being respected and protected? 

10. Passwords

Use strong passwords, different passwords and change them regularly. Strong passwords are unique and difficult to guess. They should include a combination of lower-case and upper-case letters, numbers and special characters. The longer the password, the more difficult it will be to hack. Current best practice recommends a minimum of 14 characters, in addition to complexity requirements. 

In conjunction with strong passwords, many organisations now offer multi-factor authentication. To help remember and store passwords securely, there are a number of password-manager apps available.