It’s Data Privacy Week!
From January 22 – 28, 2023, the annual campaign will focus on educating individuals and businesses about the importance of online privacy.
Here’s 6 Ways You Can Protect Your Privacy
All your online activity creates a trail of data. And while you cannot control how each byte of data about you is shared and processed, here are some tips on how you can manage your data privacy.
- Change your passwords
This is a simple yet effective way to protect your data. It is good to update all your passwords once every few months, as they are prone to appearing in data leaks. Create long and unique passwords for each account and device.
- Turn on Authentication
Use two-factor authentication (2FA) or multi-factor authentication (MFA) wherever it is available. This will help keep your data safe even if your password is compromised.
- Stay up to date
Turn on automatic or install device, software, and browser updates as soon as they are available. These updates could contain fixes or updates to many security features.
- Don’t take the bait!
Learn how to identify scams and phishing messages, which can be sent as emails, texts, or direct messages. Delete the messages and report the sender if possible.
- Adjust your privacy settings
Take into account all your information that is available online. Be aware of which apps and websites have access to your personal information. For every app, account, or device, check the privacy and security settings and adjust them to your comfort level.
- Learn more about data privacy
Understand that there is a trade off. Many social media platforms, apps, and online services will ask for access to your personal data. Be sure to read about how they are collecting user data, and for what purposes.
How Gray Digital Group Protects Your Privacy
It’s important to us to protect our clients’ sites and the individuals that utilize them. Here are some processes we follow that help keep your data safe.
GDG updates core WP versions as they are released as well as all plugins on our clients’ sites regularly. We strive to use reputable plugins so we know they will stay maintained and also for their security measures that they take in keeping their plugins secure. If we are alerted to a vulnerable plugin, we make sure we are patching the plugin as soon as a patch is released.
We use WP Engine to host our sites which has an integrated security feature with their hosting. For example, web rules can be set up to prevent anyone outside of the United States from being able to access the admin section and the login screen. They also do daily scanning of plugins and their versions and send out updates if there are any known vulnerabilities that have been discovered and the vulnerable version has not been patched on your install.
All of their hosting plans provide daily automated backup, with additional one-off backups when needed, along with three environments per site/install.
Free Domain Validated (DV) certificates are offered for all domains that are connected to the account, via CNAME or A records, or you can upload your own certificates as well.
We use Sucuri for our go to WAF security platform. Simple login attempts/attacks are mitigated by Sucuri. Sucuri also identifies new potential attacks and adds to their watch list, which they have been able to continue to compile over time.
With Sucuri, we get the WAF protection along with daily scans for malware or any potentially malicious files on the system. They also do monitoring to check for any blacklisting a domain may get added to. Sucuri also provides free DV certificates for the site, but also allows for uploading custom paid certificates as well.
If using Sucuri for a WAF, there are rules we can set up on the host end to prevent direct access to the hosting server. This prevents someone from bypassing the firewall.
Wordfence is a plugin we use for login security features and provides Two Factor Authentication. We typically require all administrators to use 2FA with their login. Other roles can be required as well to use 2FA along with their standard username and password.
The plugin also provides some firewall measures and rules, but are now being handled at the last level, the actual site. This just adds an additional layer of security to the mix. It will monitor actions on the site and will learn normal behavior for the admin section and can then block certain actions that may not get blocked by an outside firewall.
It will monitor for failed logins, login attempts against users that don’t exist, and forgot password reset attempts. There are thresholds that can be set up to then block those IPs along with a duration in which they are blocked.
Wordfence will also scan the file system and try to compare any public repositories with local code. It also just scans files looking for any suspicious files on the system and can quarantine them. They also have reports that can be sent out for the scans and WAF items as needed.
For more information on Data Privacy Week, view the National Cybersecurity Alliance website at https://staysafeonline.org/programs/data-privacy-week/