How to Protect Your Data Online

Enable two-factor authentication, for starters

For much of the public, it can be challenging to figure out how to secure their data.
Photo Illustration: Tenzin Tsepel

Concerns about internet security range in severity from the benign, such as the annoying ubiquity of ads, to more troublesome worries about identity theft and consumer fraud.

Then there are concerns about sensitive data impacting future decisions around employment and housing. What’s more, online users who are the most vulnerable offline have heightened threats online—for example, worries about surveillance from law enforcement, or fear of the interference of immigration enforcement officials.

“People have a spectrum of security concerns that pop up at different phases of life,” said Mary Madden, research lead, health and tech engagement at Data & Society, a New York-based research institute.

With Madden at the helm, Data & Society published a study, Privacy, Security, and Digital Inequality, late last year that highlighted how the uneven vulnerability online users have in their everyday lives mirrors the uneven access they have to the appropriate resources to address their security concerns.

Mobile-only internet users, for example, who are usually from households with lower incomes and lower levels of educational attainment, often cannot take the protective measures most frequently advised for online users. You cannot download data archives from the largest tech companies via mobile, and often it isn’t possible to adjust privacy settings using mobile apps.

For much of the public, it can be challenging to find the information to take action to secure their data. It can even be difficult to understand what needs to be secured.

“The average user feels overwhelmed,” Madden said. “It does seem that giant platforms are designed so that privacy settings are set and forgot.” It can be so daunting to tackle—multiple apps and extensions to download, settings to adjust, networks to encrypt—that users experience resignation.

If anything the recent internet privacy controversies have proven that people do care about internet privacy and security.

Joseph Jerome, policy counsel for the D.C.-based Center for Democracy and Technology, echoes Madden. His organization is a “25-year-old digital advocacy organization” that works to preserve the user-controlled nature of the internet. Jerome believes that people are justly afraid that breaches of security with information like “bankruptcy records, arrest files,” would impact their future. But the insight into who has access to what, and how to control it, is lacking.

This past March, news about Cambridge Analytica broke. The firm had been hired by President Trump’s campaign and collected the data of 50 million Facebook users without their consent. Facebook’s leadership was summoned to a congressional hearing and is undergoing an FTC investigation. A backlash ensued, prompting a flurry of suggestions to “delete Facebook.”

But many people do not have the option to delete Facebook. For some, it can be a lifeline to family far away, or information about job opportunities.

Jason Beckerman, CEO and co-founder of Unified, a solutions firm that helps marketers gain transparency and accountability into their social media advertising, says that “Facebook is the safest platform for consumers right now. There’s tools they can leverage every time they go into it.” Beckerman’s firm works on behalf of advertisers, but he says they’d never work with a firm with “questionable data practices.”

Similar to Beckerman, Mary Madden says Facebook provides “an easy way” to understand what information they have about you so “you don’t have to delete your account.” Still, she hesitated to place the tech giant at the vanguard of transparency. “They have done a lot, but they also collect the most,” she said.

The experts I spoke to recommended a few actions we all could take to be safer on the web:

1. Enable two-factor authentication for accessing highly sensitive information like your credit card, banking and email accounts. When you log in from a new device, you’ll verify your identity using a code that gets texted to you or via another mobile app. Technologist Martin Shelton suggests using two-factor authentication for services like Facebook, Twitter and Dropbox as well.