Friday, January 22, 2021
Home Cybersecurity News Is the new device you got for Christmas giving your data away?

Is the new device you got for Christmas giving your data away?

Any internet-connected device exposes our personal data to a host of threats

With the festive season having come to a close, consumers the world over will be playing with a variety of new tech toys.

In recent years, the most popular gadgets sold on Amazon have included a variety of smartphones, wearable tech, tablets, laptops and digital assistants such as Amazon’s Echo Dot.

And it’s likely our gifting habits over Christmas reflected this. But any device connected to the internet (including almost all of the above) exposes our personal data to a host of threats.

Few of us stop to consider how our new devices may impact our digital footprint, or whether they could build new channels between ourselves and cyber criminals.

With this in mind, here are some simple tips to help you lock down your digital footprint this year.

Use more sophisticated credentials

First, when it comes to setting up a new device and/or account, you should always use a unique password — every single time.

While this task may sound painful, it’s made much easier by password managers. Should your password for a particular account be stolen, at least the others will remain secure.

It’s also worth checking the Have I Been Pwned? website, which can reveal whether your online credentials have already been leaked.

And even if you’re using more sophisticated biometric-based approaches on a device (such as face or fingerprint login), you can still leave yourself exposed by having a weak password that can allow hackers to bypass the biometric.

Also, if you ever have to enter a credit card number or other financial details to set up an account, you may want to remove them through the service provider’s site or app.

Some services require ongoing payments, but deleting stored payment details where they are no longer needed will help protect your finances. Most services will provide an option to do this, although others may require you to get in touch directly.

You don’t always have to be transparent online

We constantly provide our personal information online in exchange for access to accounts and services.

Often this includes date of birth (to validate your age), postcode (to offer regionally locked services) or details such as your mother’s maiden name (to help restrict unauthorised access to your account).

Consider having a fake identity. That way, if your details are stolen, your real data will be safe.

You may want to set up a sacrificial email account, or even a temporary address (also called a “burner email”) to sign onto services that are likely to spam you in the future.

Apple device users may want to explore the “Sign in with Apple” feature. This restricts the amount of personal data shared with a service is being used.

It can also hide the user’s actual email address when registering — instead creating a site-specific alias that can later be blocked if necessary.

What happens to our old devices?

When new gadgets enter our lives, the old ones are often passed on to friends and family, sold to strangers, traded in, or simply recycled.

But before we discard our old devices into this growing technology mountain, we should make sure they’re clear of our data. Otherwise, selling an old phone may also mean inadvertently selling your private information.

Many modern devices, particularly smartphones and tablets, have a factory reset option that removes all user data.

 

You can erase content and settings (personal information) from an Apple device by going into ‘settings’, ‘general’ and then ‘reset’. Author provided 

For devices without a distinct wipe or reset option, you can consult with the user manual or manufacturer’s website (which will often have a copy of the user manual). If in doubt, there’s plenty of online advice on how to reset devices.

This video shows how to backup data from a PlayStation 4 console onto a USB drive, before completely wiping the console.

You may need to remove or unlink the old device from your online identities, such as your Apple ID.

It may also be necessary to delete cloud-based accounts — such as Dropbox or Google Drive — set up specifically for that device. And don’t forget about data stored on devices being returned to the seller (perhaps after Boxing Day sales).

A 2019 UK study examining second-hand phones on eBay found only 52% had been properly wiped or reset.

Moreover, 19% contained some form of personal information, ranging from active social media logins to bank account details.

Parental responsibility

Children (especially those in primary school) who use devices should be educated on safe internet practices and cyber safety.

While younger people are becoming increasingly tech-savvy with time, they don’t necessarily know the risks associated with using internet-connected technologies.

It’s important for parents to first learn about appropriate safeguards, and then remind their children of them regularly.

Don’t panic

The good news is you don’t need special cyber security training for each new tech purchase. The lessons above are transferable, so the key is simply to remember to use them.

There are plenty of sources for further learning, including UK Cyber Aware, the Get Safe Online initiative, and the Australian eSafety Commissioner’s website.

To quote from the film The Hitchhiker’s Guide to the Galaxy: “don’t panic”. Just think carefully about how you use (or get rid of) your devices from now on.

Paul Haskell-Dowland is the Associate Dean for Computing and Security in the School of Science at Edith Cowan University, Perth, Australia. This article was co-authored by Steven Furnell. This article originally appeared on TheConversation

Paul Haskell-Dowland
Paul Haskell-Dowland
Associate Professor Paul Haskell-Dowland is the Associate Dean for Computing and Security in the School of Science at Edith Cowan University, Perth, Australia. Paul has delivered keynotes, invited presentations, workshops, professional development/training and seminars across the world for audiences including RSA Security, Sri Lanka CERT, ITU and IEEE.

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You might also like

Stay Connected

Join Our Newsletter

Must Read

Related News