Here are some easy, practical tips for Data Privacy Day

When reading a list of steps users should take to keep their data and privacy safe online, one starts to think that it’s all a joke. There’s no way that one person with limited experience in cybersecurity can keep up, so you repeat your passwords for multiple websites. Or, worse yet, you create a file with all of them listed on your desktop.

But wait. You don’t have to give into the temptation of convenience. Instead, heed advice from some professionals who understand that it’s not always easy to stay secure online.

For Data Privacy Day, ITaP spoke to two Purdue professors who acknowledge our human limits. Barrett Caldwell is a professor of industrial engineering and runs the Group Performance Environments Research (GROUPER) Laboratory. His research focuses on human factors in engineering and team performance.

A headshot of assistant professor Ida Ngambeki. Assistant professor Ida Ngambeki

Ida Ngambeki is an assistant professor of computer and information technology. Her research includes cybersecurity education and policy, such as how social and psychological factors influence cybersecurity choices, and social engineering.

Caldwell says technology forces us to make decisions, but we’re not thinking of those decisions with the consequences and tradeoffs in mind. For example, when you download an app and give it permission to access your location, that’s usually done without much thought. Caldwell says, however, that you’re trading security and control for accessibility and ease.

“When you download an app for a store that gives you discounts, but you give it access to your location, that’s a tradeoff,” Caldwell says. “You get convenience and money saved, but you’ve consented to give up privacy to the company without your control.”

Your first piece of advice: Think about what you’re giving away in exchange for the product you’re receiving.

A headshot of professor Barrett Caldwell. Professor Barrett Caldwell

Caldwell says companies should consider human nature in their design. Even though technology is changing at a faster pace, humans stay the same.

“You have to include humans in your system,” Caldwell says.

Your second piece of advice: Consider companies that offer human-centered solutions, such as a password manager. Instead of creating unique passwords that contain characters, numbers and letters for each account, get a password manager like LastPass or 1Password. Password managers keep and help you create secure passwords for all your accounts. Instead of remembering all of those passwords, you have to remember only the one for your password manager.

Besides technology that helps you secure your data online, also consider some simple behavioral changes, says Ngambeki.

For one, she says, think before you click. This is well known in the cybersecurity world but rarely practiced outside of it. When you receive an unexpected email or are visiting a website, there are plenty of opportunities to be tricked with a fake link.

And pay attention when downloading the latest and greatest app.

“We’re seeing a lot more in terms of social engineering, such as fake apps, fake websites, that will steal your credentials,” Ngambeki says.

Finally, she says, you can’t fight what you don’t know. The first step to seeing what information about you is already out there: Google yourself.

“Do an intelligence study on yourself,” Ngambeki says. “Think critically about the information that’s available that could be used against you. Maybe you want to reset some privacy settings on social media or remove information if possible.”

Check out the SecurePurdue website for more information on cybersecurity and free anti-virus software.

Writer: Kirsten Gibson, technology writer, Information Technology at Purdue (ITaP), 765-494-8190, gibson33@purdue.edu

Last updated: January 25, 2018