Privacy and Security in the Digital Age: 7 Tips to Remain Safe Online

Who would’ve thought 20 years ago that we would be able to see and talk to someone thousands of miles away with just one click? Living in this digital age is definitely like a dream – but its perks also come with threats, especially to our privacy and security.

With every sign-up to a new financing app, post to your social media account, or even Google search, our personal data and web behaviors are recorded and stored to be used to create a seamless web experience personalized to our preferences.

Ever wondered why you suddenly saw an advertisement for a beauty product you were just talking about with your friend? It’s as if your phone can hear you! It may not be literally that, but our digital presence grows with each click on our phones. It is therefore more important than ever to stay vigilant so that we can protect our privacy and security in this digital age.

Read on to discover the digital threats that loom in this digital age and tips on how to protect our personal data online.

Why are Privacy and Security Online Important?

While websites and apps have security measures in place to ensure the safety of the data they collect from users, they are still not 100% protected from security attacks. Cases of identity theft continue to grow despite the stringent security measures placed by web organizations. As users, we also have to protect our privacy and security by making sure that we control the personal data that we provide so that they are not used for malicious purposes. Providing only relevant personal information only to trusted organizations can help prevent unauthorized access to our private data. Maintaining as much anonymity online strengthens our privacy both on and off the web.

Whenever we access something on the web, we also leave our digital fingerprint or a set of data that identifies us digitally. This typically contains our browser or device details that organizations can use to trace the transactions that we do back to us. While in most cases, recording our digital fingerprints is vital, especially for legal purposes, it can be abused by malicious users or organizations. Access to our digital fingerprints can be used for identity theft, scams, and other illegal activities. As such, it is immensely important to be vigilant about our online presence and where we provide our information.

7 Security Tips Checklist to Stay Safe Online

With the growth of the digital space also comes the growth of available personal information which can be abused by malicious users and organizations. It is therefore important for users like us to be aware of the different techniques used by these malicious users so that we don’t fall victim to them.

Below, we compiled 7 important tips you must keep in mind to have a safe and secure online presence in this era of easy access to free information.

1. Social Engineering

Social Engineering is the term used for the techniques used by malicious users, often incorporating psychological manipulation, to trick online users into revealing sensitive information or performing actions that compromise their privacy and security.

It is extremely easy to fall victim to social engineering as malicious users commonly use methods such as emails, SMS, or promising offers that unsuspecting users tend to easily fall for. Below are 5 common social engineering techniques and tips to help protect ourselves from them.

Pretexting is a common technique used by malicious users to gain a victim’s trust by claiming a false identity - or taking advantage of their real identity - to direct victims into performing a specific course of action. If you’ve ever received a phone call from a person claiming to be a bank representative who then asks for your bank login details to perform something for you, then you almost fell victim to pretexting.

These malicious users usually claim to be an expert or an organization’s representative to gain your trust which can eventually lead you to follow their instructions. To avoid pretexting, it is always important to request proper identification before trusting someone. If possible, verify with the organization through their official channels if they are really conducting the activities that the person claims. Lastly, never provide your passwords to anyone!

Another technique that uses a person’s authority is Quid Pro Quo. Malicious users trick victims into performing an action by offering something in return, such as a free internet upgrade in exchange for downloading a new software that turns out to be harmful. To protect yourself from quid pro quo, always verify the validity of the offer before accepting. Remember, something too good to be true may be exactly that – too good to be true!

Baiting is a technique that lures victims into performing a task by providing “baits”, or easily accessible triggers. A folder with the label “Private Pics” is an easily accessible trigger that can lead victims to download a virus unknowingly. A word of advice: never trust unknown sources!

In the same way, Scareware lures victims into clicking on or downloading potential viruses by frightening them into believing that they are under threat. The majority of you have probably seen the red flashing pop-ups saying that your device is under attack – these are typical examples of scareware. Once clicked, these pop-ups may download a virus to your device that can compromise your personal information. Similar to baiting, it is always best not to trust unknown sources, especially those that are red and flashing!

The last and probably most heard-of technique is Phishing. This consists of campaigns that instigate urgency, curiosity, or fear in the victims. If you haven’t received emails saying that your bank account has been blocked and that you should click on the link ASAP to unblock it, you’re lucky as this is the most common example of phishing. Victims who may panic because of the urgency of the message may then follow the instructions. Clicking on the link will eventually prompt them to enter personal information that malicious users can then use for theft (both identity and financial).

Phishing comes in many forms, the first of which is Spear Phishing which is phishing targeted at a specific organization or company. Banks are the usual prey to this as they store the most sensitive personal information. On the other hand, whaling is phishing targeted at high-profile people, usually to steal their identity. Lastly, smishing, is phishing using SMS.

Since phishing is the most common social engineering technique, various techniques to avoid it are widely available. The government and most private companies usually post reminders to the public on how to ensure that campaigns are from legitimate sources. One way to do so is by looking at the format and grammar of the campaign – if there are grammatical errors, it most probably is a phishing scam! Also, the domain of the sender’s email address must match the organization’s official domain. Lastly, never EVER provide personal information such as passwords and one-time PINs!

2. Unknown Files

Always be wary of unknown files received from unknown sources as these can be used by malicious users for social engineering. These files may contain ransomware, malware, or malicious codes that can potentially jeopardize your privacy and security when downloaded to your device.

3. Emails

Email is the most common channel for social engineering. Since we usually use our email addresses to sign up for programs, websites and apps, and other marketing campaigns, it’s especially easy for our data to be leaked to malicious users and organizations.

You can protect your security by being cautious when providing your email address. Make sure that you only provide your email address to legitimate organizations, and always check the website’s terms & conditions to know how they will use your personal information. Avoid giving out your email address to organizations and people who cannot provide their terms & conditions.

If your information still fell into the wrong hands and you receive emails from unrecognized senders, you may follow these steps:

1. Do not click on any link or download any attached file immediately.
2. Check if the domain (the string following the symbol @) used by the sender is legitimate.
3. See if the greeting in the email is personalized with your name.
4. Scrutinize the content for grammatical correctness.

If you find that the domain is not a legitimate one, the email greeting is a generic one, or the email contains grammatical errors, it is most likely a phishing email. Delete it immediately (you can also mark it as spam) and, if possible, report it to the authorities for investigation.

4. Passwords

With everything becoming digitized – from messaging to hotel booking to banking – we are in an era when we have to maintain tons of accounts with their corresponding passwords. You may think that it’s easier to maintain the same password for all of your accounts or even write down your passwords, but think twice! Having the same password for all of your accounts provides a higher risk of your other accounts being compromised when one is, while writing down your passwords may have a higher risk of them falling into the wrong hands.

To ensure that your accounts are as secure as possible, here are a few tips that you can keep in mind when creating your passwords:

1. Choose a password that is a combination of uppercase and lowercase letters, numbers, and special characters. Most websites already require these as these make it more difficult for hackers to guess your password.
2. Choose a password that has at least 8 characters. Again, the longer the password, the more difficult it is to guess!
3. Never include your personal information in your password. One of the easiest passwords to guess is your birth date, so never use it! Do not include your name, nickname, or any variation of it, and never include your social security number.
4. Change your password regularly. Most websites also already automatically prompt users to change their passwords after a certain number of months. Even if you are not prompted, it is recommended to change your password at least once every 3 months to keep it secure.
5. When available, use two-factor authentication (2FA). Common examples of these are one-time passwords or biometric logins. 2FA enables you to have a second, different layer of security check before being able to access your account. It provides greater security to your account.
6. Never use the same password for multiple accounts. If one account is compromised, you wouldn’t want your other accounts to also be accessed illegally! The best way to ensure this is to use different passwords.
7. Avoid writing down your passwords as that piece of paper can easily fall into the wrong hands. If you really need to write them down, do it when you’re alone and make sure to keep the paper in a safe place that only you can access.

5. Software Updates

In this digital age, everything is always evolving to keep up with the latest trends. This includes hacking which has gotten more sophisticated and advanced in recent years. Hackers have tons of tools they can use to compromise your privacy and security, so being lax is not an option.

Fortunately, along with the advancement in hacking also comes the advancement of security measures by different software. Well-known software, operating systems, and apps are always on the lookout for possible security risks for their users. As a result, constant software updates with enhanced and more stringent security features are made available regularly. Be sure to keep your computer and phone operating systems, downloaded apps, and antivirus software up-to-date to have the best and latest security available.

6. Apps

Everything nowadays can be accessed through apps – social media, movies, banks, etc. They are such a way of life now that it can also be easy for malicious users to use these apps to hack into your personal data. As such, it is important to ensure that you only download legitimate apps by legitimate creators. Here are some tips to stay safe when downloading apps:

1. Only download from official sources (Google Play, App Store, Huawei AppGallery, etc.). These stores use security checks before they make apps available to users so it would be less likely to download malicious apps from them.
2. Check the app’s download count, rating, and comments. Even if official stores have security checks, some more advanced malicious apps may still get through. It is thus best to also check each app’s download count, rating, and comments to see what other users who have downloaded the app have to say. If you see anything remotely suspicious in the comments, it’s best to avoid the app!

7. Future Threats

No matter how advanced security features get, digital threats will always be able to keep up. In recent years, deep fakes, or media that have been manipulated using artificial intelligence to display something other than what was really recorded, have been circulating worldwide. These are usually videos using the faces of popular people saying whatever the creator wants.

In this day and age, more and more threats to our privacy and security are surfacing. We don’t know what may be next, especially with the boom in artificial intelligence. The best that we can do is be aware of the current threats and keep learning how to protect ourselves.

Be Safe Out There!

Threats to our privacy and security have always been present, but they are more prevalent in this digital age. Through this article, you are now aware of the common techniques that malicious groups and users use to gain access to sensitive personal information, and tips on how to avoid them and stay safe digitally so that you can feel secure while using your favorite sites and apps.

Fortunately, your favorite virtual gift app is safe! Gifft.me does not show your personal data to anyone but your intended recipient. Want to know more? Read our article on Who can see my Giffts?