How to avoid becoming the next victim of a data breach

Data breach prevention illustration

The Internet is full of information about what companies should do to keep consumers’ personal data safe from hackers. And there’s plenty of advice for consumers who have already been the victim of a data breach. (You can read our article on the ProtonVPN blog about what to do if you were the victim of a data breach.)

But there’s very little guidance for consumers on how to keep their data safe in the first place. In fact, Quartz reported after the Equifax breach that we should just assume our data will be stolen.

Part of our mission at Proton is to build an Internet where data breaches are an anomaly, not a given, while mitigating the damage when a breach does occur. There are, of course, regulatory and technological solutions to the increasing trend of data breaches. However, there are also steps individual consumers can take to prevent their data from being exposed. In this article, we’ll give you some simple steps you can follow to decrease the likelihood that you’ll be a victim of a significant data breach.

Reduce the amount of information you give out

This isn’t always possible or practical, but companies can’t expose data they don’t have. It’s the most sure-fire way to mitigate your risk of a data breach. In the case of medical or financial information, our control is limited. Banks, credit bureaus, and other financial institutions collect your data often for regulatory purposes or through agreements you can’t opt out of.

But other companies — particularly websites operators like Google, Facebook, or Twitter — usually only collect and store information that you allow them to have. For example, this article shows you how to delete your Google data. In the early days of Facebook, many people treated photo albums as cloud storage. But multiple privacy and security breaches at Facebook have shown that information stored on the company’s servers is not necessarily safe. Privacy settings are not a solution because the data is still vulnerable to breaches, even if your friends and followers can’t see it.

You should only store information online that you wouldn’t mind showing to everyone. (Encrypted cloud storage is the one exception to this rule, which we’ll cover more below.)

Use aliases when possible

Websites are hungry for data, but sometimes they don’t really need it to provide you with a service. For example, airports may ask for your name, phone number, and email address to access free WiFi. Or a liquor company may ask for your date of birth to verify your age before entering their site.

Unless you have to, don’t give companies your real information. While this is obviously not advisable for your shipping address or the name on your airline ticket, there are many situations where an alias or fake birthday works just fine. ProtonMail allows you to create aliases and multiple email addresses, which you can provide instead of your main email address. You can also create secondary social media accounts with limited personal details whenever a website asks for your profile link. If a site requires an image, consider using an illustration or something that’s not your real face.

Research companies’ security record before doing business with them

With so many major companies falling victim to data breaches, it’s not always possible to do business only with companies that have never had an incident. And there may be other factors like price and convenience that weigh into your decision. But if it comes down to Marriott or another hotel, or British Airways or another airline, you may find it easier to choose the company with a better IT security record.

Use end-to-end encryption

The most secure way to store and send information online is through services that use end-to-end encryption. We have previously explained how end-to-end encryption works, but here’s the brief version: when you send a message or store information on the cloud, the data is encrypted before it leaves your device and it can only be decrypted by you or the people you choose to share the data with.

End-to-end encryption adds an extra layer of protection to your sensitive information. Even if your files are exposed in a data breach, those files cannot be decrypted and thus remain safe. A variety of online services employ end-to-end encryption, including instant messaging apps, video and voice calling, cloud storage solutions, note-keeping apps, and email. ProtonMail automatically applies end-to-end encryption to all of your messages. It even allows you to send end-to-end encrypted emails to other email services. 

Use strong passwords

Most people don’t have to worry about the NSA or a hacker targeting them specifically and trying to crack into their accounts. For most of us, it’s important to use a strong, unique password for your online accounts in case the website’s password database is breached. 

ProtonMail uses the Secure Remote Password protocol to authenticate users, which means we don’t know what your password is and a hacker cannot steal a “list” of all our users’ passwords. But other websites store your password on their servers in an encrypted form that can conceivably be cracked by hackers who obtain the password database. That’s why we recommend following the tips in this guide to creating a strong password.

You should also use a unique password for all your accounts and devices. That way if one password is breached, your other accounts remain secure. Two-factor authentication can also protect you in the event your password is exposed.

There’s no way to completely protect yourself from a data breach, short of abandoning the Internet. But these steps can help mitigate your risk. Sign up for ProtonMail today and minimize how much data you share with any organization to avoid having your data exposed in the next breach.

Best Regards,
The ProtonMail Team

About the Author

Ben Wolford

Ben Wolford is a writer at Proton. A journalist for many years, Ben joined Proton to help lead the fight for data privacy.

 

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

2 comments on “How to avoid becoming the next victim of a data breach

  • Do you recommend using a (cloud-based) password manager, like 1password, Dashlane, or LastPass? While they make it convenient to have separate passwords for every service and use 2-factor authentication, we’re entrusting our most valuable data to a service that could get hacked– and is a likely target for hackers. Even if they use strong end-to-end encryption, that encryption could be broken perhaps now or in the future (e.g. with the rise of quantum computing). For something like a social media password, sure, if there’s a breach, just change your password before any encryption is broken. But for something like social security numbers and other non-changeable personal data, a breach of these services could be devastating.

    Reply
    • Hello! Of course, there’s no such thing as perfect security, so it just depends on your threat model. The password managers you listed are probably fine for most users, and they can help solve the more common security issue of people using weak but memorable passwords. If you’re concerned, however, you could simply encrypt your passwords locally, though this is less convenient. (By the way, we’ll be posting an article in the near future about quantum computing and encryption. Stay tuned.)

      Reply