I had breakfast with a friend this morning. One of the things we discussed was keeping a smaller digital footprint, or in other words, keeping more of your life private and less easily discovered by people that might want to cancel you.
The following are things I recommend:
Business / Personal Cell Phone
In general it’s a bad idea to use your personal cell phone at work especially if you have to go through a work-provided WiFi network. You can and should expect that businesses will have firewalls in place that may do arbitrarily advanced monitoring and inspection of your traffic. At a minimum, you probably don’t want them seeing the different websites you’re hitting while eating lunch, etc.
Keep your personal cell phone off the corporate network. You can turn off WiFi on your personal cell and just use 4G or 5G service.
You should have a business phone and use it for the apps that the business is likely to want you to install, such as authenticator applications and probably some set of business applications.
Separate Accounts for Business and Personal Use
Depending on the work you do you may be asked to provide, say, something like your Apple ID. You can and should have different Apple ID and other IDs for business versus personal use. Don’t surrender the passwords to your personal accounts to your employer.
The same rule applies for email. Use your business email for business and your personal email for everything else. If you have personal emails in your business mail, delete them if they don’t apply to the business and aren’t otherwise subject to some kind of records retention policy.
Deleting emails and other documents doesn’t necessarily cause them to be erased for good. Often, deleting something just sets a flag in a database table marking the item as deleted, even though it’s still accessible to system administrators and perhaps others.
Use a Good Password Manager
A decent password manager is a must-have these days. I happen to use 1Password from AgileBits. I like it and it supports all of my devices. I have heard that LastPass is also good. Doubtless there are other good ones as well.
A good password manager will up your security game. You’ll be able to generate long passwords that stand up to dictionary attacks and other brute-force methods. You will still find old crummy websites that limit your password length to something ridiculous from time to time, but more and more you should be able to use at least 32 character passwords. Because the password manager remembers the password on a per-website basis, you can and should have a different password for almost every website you visit.
You can also use the password generator in the password manager to generate user names as well, when that’s an option. For example, on some websites I use, my user name is something like this: MbmixPAyfcKB4eGVv.
Every little bit of friction you can create will make it more difficult for someone to casually exploit your identity.
Use a Privacy-Focused Email Service
I recommend that people search for and use email services that care about user privacy. They are not a panacea yet they are arguably better than sending all of your personal email to a company like Google, which will provide you with free email by monetizing the information they mine from every email you send or receive.
At this time I use Protonmail for my email. They are located in Switzerland. Email is stored encrypted on their servers. They claim to not log IP addresses by default (but if they get a demand letter from the Swiss government to monitor you, they will of course do so.)
Use a Virtual Private Network (VPN)
A VPN will help keep your internet traffic somewhat more secure by encrypting the bulk of it.
Yet it’s important to understand that your DNS requests are not encrypted. So, for example, your internet provider can see what websites you are visiting, but they can’t necessarily see all that you do on the website once you get there.
Consider a VPN a must-have in this day and age. You can find them easily. I like the offering from Mozilla for a VPN provider.
Delete Your Social Media Accounts
Unless you really need to keep them I recommend deleting your social media accounts. Facebook, Twitter, Instagram, etc.
Social media websites make it easy for others to find something to use against you. I wish this wasn’t the case yet one of the first places people look when they want to dig up dirt on someone is their social media pages. Also, on social media, you are the product, not the customer. Every little tidbit you reveal about yourself is analyzed and monetized.
Delete Apps You Don’t Really Need
Every company seems to offer an app these days. They want you to download it onto your personal tracking device / cell phone. You would not believe the data these companies extract from your phone, given half a chance.
For example, your automobile insurance provider may offer you a discount for downloading and installing their app. Do you really want them to have access to the accelerometers and GPS data in your phone, so they can measure how and where you drive? If you get in an accident and you have provided them data on how you drive, you should expect that data to be used against you, if possible, to deny or reduce your settlement.
It’s more or less the same deal with other apps you might download and install. It’s instructive to watch the network traffic that comes off your phone, if you have a setup at home to be able to do it.
As an aside, turn off your phone when you travel, if you can afford to do so.
Two Factor Authentication
Enable two-factor authentication on websites that allow you to do so. It’s easy to do and will help you protect yourself against identity theft. Again, it’s the friction principle; there’s nothing you can do to be 100% secure, so go for “defense in depth.” Every little hurdle you can put in place is likely to help you discourage someone who’s looking to steal from you, in one way or another.