4 Steps Consumers Should Always Take To Protect Their Privacy

If you’re anything like me, you might keep an eye on food intake, track the occasional run, manage email and calendar tasks, or maybe even something as significant as retirement planning — by using tools that are all provided over the Internet.

Consider this — how many services do you use today that are based on a SaaS model of delivering software over the Internet? The number may surprise you — it definitely shocked me.

So, what exactly happens when you sign up for a SaaS product? You simply click a Terms of Agreement, decide if you’ll pay monthly, annually or free in some cases — and voila — you now have a new service provider/vendor or marketer that has your information — personal and or financial or both. I understand this probably doesn’t really raise red flags for you because it’s become second nature.

However, as a security professional, I see the parts of this exchange where users have become so unaware of what they are actually providing. This new and normal experience to you, has become yet another avenue of things that could go wrong. A data security threat or risk that could harm you, not necessarily physically, but socially, financially and mentally. What I want to bring forth is the notion of protection and safety, not paranoia. The rules of safety that we apply to our physical world should applied equally and diligently to our cyber world.

1. Be Aware

The mantra to attaining digital nirvana. Bring yourself to the reality of what you are signing up for. What is the specific use-case or need this product will fulfill? What are we willing to give in return(payment, personal information, behavioral data)? Considering these things will bring powerful awareness to your every mouse click.

2. Do What You Know Best

Do you keep the doors or windows of your house open for anyone to come in or inversely why do you lock your doors and windows? You do this to keep the bad folks out, right? You should pretty much apply the same principle to your online world.  

3. Do A Little Research

Find out about the company, product or experience you’re considering— is this someone you can trust? Is the company a known and registered business? Most importantly will they keep your data safe? Read up on the company through independent search results and reviews and ensure that it has a valid business website with up-to-date Terms of Agreements and Privacy Policy. Check out if the business is registered with the Better Business Bureau — you can even find any pending or closed claims against the company.

4. Know Your Security Responsibility

SaaS business models are about efficiency and self-service in order to quickly provide you the means to an end. Depending on the business size, maturity and years of operation, the company may provide sophisticated methods of authenticating to their site. Ensure you follow these basic guidelines:

  • Strong passwords

    Keep your usernames and passwords safe by ensuring you do not use the same information for all accounts or at least the key accounts that matter most. Strong passwords could be a long string of words such as favorite line from a song, book or a random sentence that you make up interjected with numbers and special characters. For example, “today will be a bright day” can be used as “T0day_W!ll_Be_@_Bright_D@y.

  • Use 2-Step Authentication Whenever and Wherever it’s Offered

    More and more companies are now incorporating the need for security by providing users the ability to integrate another factor to the login process for strong authentication. This is in the form of adding a layer to username and password by providing a security token, a secure text to a mobile phone (SMS) or even fingerprint scanners.  For software services you deem significant in terms of risk of harm, ensure to use two-factor authentication to protect your login from malicious hackers

  • Read the Terms of Use and Privacy Policy

    Bo-ring! I know it’s tedious, but you need to ensure you read and understand the terms of your use of the product, the rights you have and the rights of the company have to your information. The key areas to understand are the intended use of your information and if they plan to share your information. If so, will it be secured when they do so? The privacy policy is a legal, enforceable document and a company’s violation to promises made in the privacy policy can lead to fines and penalties. Know your rights as a consumer by visiting the government consumer protection authority.

  • What’s your exit plan?

    Do you have a way to make a clean break with the provider? What will happen to your data when you leave? Most companies will describe the process of termination of agreements in their Terms of Use. As a user, the responsibility falls in your hands to read and understand those terms. Simply closing the account and unsubscribing to the services may not always result in your data being deleted or returned by the company. As a good rule of thumb, always have an exit plan to ensure you get your data back. After all, it is yours!

For more information on consumer protection and free resources, see http://consumer.ftc.gov