In observation of Privacy Awareness Week here in Australia, I thought it would be a good time to review the importance of protecting personal information online. Digital business is helping organizations engage with customers anywhere and at any time—but these new personalized interactions often come at a steep price. So I’ve put together some important steps that businesses can share with their consumers to help them keep safe online.
These top seven tips are designed to not only protect a consumer’s privacy and identity, but also to do so in a way that is user friendly.
Don't reuse passwords. Your most important passwords are those for email, banking and e-commerce services like PayPal and eBay, and therefore these are all outlets that fraudsters will potentially target. The passwords for these more important services should be different from those used for others, and should be complex. That way, if one account is compromised, your other accounts will still be safe.
Create a secure password. Instead of defaulting to commonly used or easily guessed passwords, use password generators to help you create and maintain complex variations. If you don’t have access to a password generator, create something memorable. For example, string together three or four words and replace vowels with numbers. This both helps you meet the site’s password requirements and makes your password harder to steal.
Use two-factor authentication. Many organisations offer the choice to use some form of multi-factor authentication (MFA) for customers via push notifications to a mobile application. When available, take the extra step of entering a two-factor authentication code (via SMS, email, push notifications) to access your accounts. This small step makes it more difficult for fraudsters to impersonate you online.
Stop before you share. When registering for online services, think twice about sharing personal data that could be used for identity theft. If an online quiz asks for your date of birth, do you really need to supply the correct date? Perhaps 1 January with the correct year is good enough, and won't impact you if that data is stolen or shared with third parties without your consent. Similarly, password reset questions like "mother's maiden name" need not be answered with real data unless it's an important service like your bank or a government entity.
Stay safe on social. On social media platforms, think carefully before granting access to your data. If the application or service is asking for unreasonable levels of access like "your profile, phone number, email address, friends list, the microphone and SMS messages" and it's a quiz or a game, reconsider if you really need to use it. Also, regularly review the list of apps you have given access to your social media profile, removing access where you no longer use a particular service.
Be skeptical. Treat unsolicited calls claiming to be from your phone company, internet supplier or "the Windows Security team" with the scepticism they deserve. And definitely do not install any software recommended by any of these parties.
Don’t reveal passwords on the phone. Never share account passwords over the phone with customer care representatives. Furthermore, it’s wise to avoid sharing them via email or text as well, as they become vulnerable to being stolen by unscrupulous individuals.
Consumers increasingly are concerned about how their personal data is used and shared. It’s become a critical competitive requirement that leading brands not only provide privacy and consent options, but make these options user friendly. If the customer can’t easily find or use these options, they might as well not exist.
A customer identity and access management (CIAM) solution can be the key to helping your end users securely and seamlessly access their personal information. Having CIAM in place can play a critical role in ensuring customer confidence, as well as compliance with privacy regulations across all the jurisdictions in which a business operates.