Graphic by Eleanor Cain
Editor’s note: this story pairs with “Internet users gamble with information privacy”
BYU information systems professor Mark Keith said it’s inevitable to have some form of personal data collected, but there are four things the average user can do to increase the security protecting their information.
- Learn privacy settings
Most users are unaware of their mobile device’s privacy settings, Keith said. In addition, he said most users don’t take time to research real data about which apps are trustworthy and which aren’t.
Even though there may not be much data about which company to trust or not, Keith said it’s always better for users to do their own research first before trusting reviews.
“This could be the most untrustworthy company in the world but because they got five out of five stars and 100,000 reviews, (users) assume they’re fine and give them everything,” Keith said.
- Weigh the costs versus the benefits
There are some cases, Keith said, where users may not be able to find good data on whether a company is trustworthy. In these cases, it’s best to use good judgment and decide whether the benefits the company provides through its services are worth losing privacy, he said.
“It’s not necessarily whether the company is trustworthy or not, but are their practices in safeguarding your data good or not?” Keith said. “Do you trust that? And there’s no company that’s really safe anymore, so how do you protect it or not?”
- Examine your digital footprint
Passwords and usernames are much easier to connect across accounts than people think, Keith said. It’s important for users to update their online profiles frequently.
Leslie Francis, a professor of law and philosophy at the University of Utah and co-author of “Privacy: What Everyone Needs to Know,” said it’s also important to check credit scores frequently. Users should be aware of not only what information is out there about them, but what misinformation.
“The Equifax security breach … didn’t protect (information) adequately, (but) if you hadn’t checked your credit report and requested correction of errors in that, information that you never had any idea could be associated with you — because it in fact isn’t about you — might be all over the world linked up to you at this point in time,” Francis said.
Some guidelines include using different passwords for each account, avoiding dictionary words and not including personal information in passwords.
- Be adaptable
Finally, Keith said it’s important to take the approach that every company will lose a user’s information at some point in time. Users should be ready to learn and re-learn what privacy protections they have, because policies could change with each new operating system update.
Even Target, a presumably trustworthy company, was hacked when someone connected to its database through its HVAC unit, he said.
“The only thing people can do, I guess, is just be aware of what options that they have and know that just because you learned them once doesn’t mean they’re not going to be different tomorrow,” Keith said.