Sunday is Data Privacy Day: Stop. Think. Connect.™

Since 2008, Data Privacy Day has been celebrated in the United States and Canada on January 28. While the day commemorates the January 28, 1981 signing of the first legally binding international treaty dealing with privacy and data protection, it is now used to create awareness about the importance of respecting privacy, safeguarding data and enabling trust.

In the United States, the National Cyber Security Alliance (NCSA) spearheads the Data Privacy Day campaign, and the organization’s privacy awareness campaign is part of STOP. THINK. CONNECT.™, which is a global campaign promoting online safety, security and privacy. To help celebrate Data Privacy Day, The Rocket Yard wants to remind you of important steps to take to keep yourself safe online.

Spam and Phishing
When it comes to email, spam and phishing are your two biggest enemies. Spam is unsolicited, bulk and unwanted email. To reduce spam in your inbox, enable filters on your email programs to block unwanted emails. In the macOS Mail app, this is as simple as going to Mail > Preferences > Junk Mail and making sure the “Enable junk mail filtering” checkbox is checked. While there’s no equivalent in iOS Mail, if you have both a Mac and an iOS device, enabling junk mail filtering on the Mac will often prevent that mail from reaching your iOS device as well.

Phishing uses email or malicious websites (when you click on a link) to collect personal and financial information or infect your device with malware and viruses. Phishing is also prevalent on social network sites. How does phishing work? You may get an “official looking” email that appears to be from your bank or some other business, asking you to click a link to resolve some issue or update personal data. When you do so, you may be asked to enter your user ID and password…which can then be used by the cybercriminal to log into your real accounts.

There’s an easy way to remember what to do every time you’re faced with an email that wants your personal information or asks you to click a link to go to a website: “When in doubt, throw it out.” It doesn’t matter if this is happening in an online ad, a status update on a website, an email, a tweet, or anywhere else — think before clicking a link. Other tips to avoid being a victim of phishing include:

  • Never reveal personal or financial information in an email, and never respond to email solicitations for this information. This includes following links sent in emails.
  • Before sending or entering sensitive information online, check the security of the website. Make sure the website is using https encryption (a lock icon appears in the browser address bar), and click on that lock to check the security certificate of the organization running the website.
  • Pay attention to the website URL (address). For example, if an email is asking for you to do something to an Apple ID or iCloud account, the website address should be suffixed with “apple.com” or “iCloud.com”. A phishing site might look exactly like Apple’s website, but use an address that’s incorrect — for example, “apple.security.infosector.ru” or “iCloud.login.tamperproof.com”.
  • Not sure if the email request is legitimate or not? Contact the company directly using information provided in an account statement — don’t use email addresses or phone numbers listed in an email. For example, if you receive a suspicious email from your bank asking you to log into their website or to provide information through the email, call the bank and ask them if they’ve been requesting that info.
  • Keep a clean machine. Any device that’s attached to a network, whether it’s your Mac, PC, smartphone or tablet, should be running malware prevention applications to reduce the chances of having the device infected with malware.

Protect Yourself with STOP. THINK. CONNECT™ tips
The NCSA and other groups participating in Data Privacy Day have created a simple memory tool for keeping safe online: STOP. THINK. CONNECT.™ Essentially, they want you to stop before clicking on anything, to think about whether or not that link could possibly be dangerous, and only then to connect to the website. Here are some tips from the group that can help keep you safe online:

  • When in doubt, throw it out: If emails or links in tweets, posts or online advertising look suspicious, delete them or mark them as junk
  • Think before you act: Any communication that tells you to act immediately, makes an offer that is too good to be true, or that asks for personal information should set off alarm bells in your head.
  • Make your password a sentence: Have problems coming up with long, strong passwords at least 12 characters long that you can remember? Make your password a positive sentence or phrase that is easy to remember (i.e., “MacSales Means Memory”), and note that many websites allow you to use spaces as characters.
  • Unique account, unique password: If possible, have a separate and unique password for every account as this makes it impossible for cybercriminals to use one password to get into all of your accounts. At a minimum, at least separate work and personal accounts, and be sure that the most critical accounts (banks, investments, government websites) have the strongest passwords.
  • Lock down your login: Do you have a device (iPhone, iPad or MacBook Pro) that uses Touch ID or Face ID to authenticate? Use those to enter unique passcodes if at all possible instead of just using them to unlock the device. Also consider using two-factor authentication, which will force you to enter a code that is sent to your mobile device each time you try logging into a system that uses it.

Like These Tips? There Are More Online!
To increase your knowledge of cybersecurity and staying safe online, be sure to visit the StaySafeOnline website that is run by the National Cyber Security Alliance. In addition to helping you to keep your personal information safe, it also has tips on keeping your business secure.


LEAVE A COMMENT


  • “When in doubt, throw it out: If emails or links in tweets, posts or online advertising look suspicious, delete them or mark them as junk.” Excellent advice for an individual, but IT at many corporations has created mailboxes specifically to accept forwarded spam and/or phishing mail. At my company, IT asks that we include the Internet Headers (“Properties”, in Windows 7) in the covering email for the phishing missive. They may be able to use said Properties to block blacklist the original site, and hopefully prevent other workers from receiving the mail too.

    Cheers
    ca