Privacy & security tips
Our organisation regards privacy and security as a top priority!
In this context, we give a number of practical tips (based on the presentation by Maria Genova during our global member conference in 2019):
- Passwords are often too simple. and the same passwords are used for many different websites etc. This is a big risk! It is also not a good idea to save passwords on your computer. There are programs, called password managers, which store passwords securely, for example, KeePass and LastPass. Be careful to use the official websites as there are unreliable copies of these sites!
When using a password manager, it is, of course, important to make the main password safe (long, not only letters), otherwise, someone can access all your passwords! Do not use names of people, pets, dates of birth, etc. and use a password at least 12 characters long.
Another possibility is to use passphrases. These are easier to remember and safer than a password. You can use the same phrase for each account, but add something specific per website. Example: BEAUTIFULROSEINMYGARDENFB (FB = Facebook), BeautifulRoseInMyGardenAMA (AMA = Amazon).
- Your identification (ID card, passport and driving license) are ‘ dangerous ‘ documents, so don’t just give a copy to car rental companies, hotels and phone shops! In The Netherlands, there are strict guidelines from the government concerning who may require such a document (an ‘ app ‘ has been developed: KopieID). Never give out a copy with your Social Security Number to commercial companies (except your employer)! It is handy to make a copy of an identity document (which contains your social security number, your signature and/or your passport photo) by blacking out this information on the copy, and writing ‘ copy meant for… ‘ on the copy. Keep a few of these modified copies with you!
- Don’t click on any links you don’t trust. Also, be very careful links received in emails from friends because it is possible that your friend’s account has been compromised.
- We are bombarded daily with all sorts of ‘phishing’ emails which try to get your (account) data. These emails look reliable with logos etc. from the sender. Many people still fall for this trick. Banks, municipalities, tax authorities, credit card companies, etc. never send emails asking for personal or login details.
- Make sure your computer’s operating system (e.g. Windows) has been updated with the latest updates.
- Make sure you have good anti-virus and ‘ firewall ‘ software installed and that it is up to date. Norton is an example of such software.
- You can use Google to search for information about peoples’ names and companies to check if they are trustworthy.
- Well-known Internet browsers like Google Chrome and Microsoft Edge store all sorts of data (even in ‘ incognito ‘ mode, things are still stored). Browsers that don’t track your behaviour are, for example, Duckduckgo or Epic
- Always look carefully at the address of the sender of the email. Criminals often add one letter to a known email address. Example: @amazone.com (correct address is @amazon.com).
- Always look carefully at a link in an email. Short links such as http://bitly/xxxx are suspicious. If you see this, the real url (website) is not immediately visible. The real website is hidden, but you can determine it using Urlxray
- Attachments in an email are also suspicious, and especially attachments that you have to open or download. Usually, your anti-virus software has already determined if it is a virus. You can contact the sender if you have questions.. Another option is using the Virustotal website
Attachments in an email with the extension zip, exe, JS, ink, WSF, SCR and jar should never be opened! Also, do not enable macros when prompted.
- You can safely surf the internet using Privacy Badger that blocks all sorts of advertisements and ‘ trackers ‘.
- Sending an email is not secure because email messages can be read by others, meaning someone other than to whom you sent the mail. You can encrypt email messages so that only the addressed person(s) can read the email.
For example, free email encryption can be done using ProtonMail.
- Do not unsubscribe via unsubscribe links in spam emails. The sender then gets confirmation of your email address, and then you will receive even more spam. Normally you have a separate folder for spam. Check it regularly and check if there are email’s that are not spam.
- Google and YouTube Store your location and history by default and sell them to third parties. You can not only delete the stored data, but also prevent Google from linking ads to your interests using Mypermissions
- Regularly check your computer, including the trash and cookies, with a program like CCleaner from Softonic.
- Several companies offer 2-factor identification (such as Google, Facebook and LinkedIn) as additional security. As soon as someone logs in via your account on a different computer, you will receive a notification to determine whether the login is done by you.
- Pay attention to what you post via social media channels. Don’t post impulsively. Be cautious about sharing private things like your date of birth. Many companies use this to verify that you are the one communicating with them (identity fraud!). When you share photos of your children, think of how they will feel about them when they are older.
- Do not store intimate photos or a copy of your identity document on your computer. Save it to an external hard drive or USB drive that you can password-protect.
- If your computer is infected with ransomware (where you often have to pay money to regain access to your computer), check out Nomoreransom
- Teach your children to be very careful with the information they share over the Internet.
- If your computer is discarded, erase the data from the hard drive completely using programs such as Eraser, Sure Delete or Wipe Drive.
- When you enter personal information, please check that the website is safe. This can be seen by the ‘ https://’ in the address bar or a padlock symbol.
- Public Wi-Fi networks are, by definition, unreliable. Use them only in conjunction with an application that sends your data encrypted (for example a VPN).
- If you want to know what information Google has collected about you, see: Google collected
Examples identity fraude: