Security awareness

A User's Guide: 10 Ways to Protect Your Personal Data

Susan Morrow
January 22, 2019 by
Susan Morrow

In 2018, Facebook had to contact over 50 million users who had their personal data exposed in a security breach. This was on top of the 87 million Facebook users who had data sold to Cambridge Analytica without their consent. Our personal data, the stuff that lets the world know who we are, what we like, how we plan our day, what ails us, is valuable.

Personal data is anything that can be linked to you as an individual and it includes:

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.
  • Name
  • Address (current and previous)
  • Date of birth
  • Email address
  • Health data, including scans and test results
  • Identity documents such as passport, driver’s license and so on
  • Employee data
  • Bank and other financial details
  • Login credentials
  • Location data
  • Biometric data
  • Information on your political or religious views

This list is by no means exhaustive.

A study by Armor which looked into black-market prices for personal data found that amounts paid for data varied from $40 to $200, with prices hitting as much as $2,000 for U.S. Green Cards and visa bundles.

Identity theft is also on the rise. Javelin Research found that in 2017, more individuals than ever before in history had their identity stolen. In the U.S., this equates to 16.7 million people having their identity stolen to be used in fraud and other nefarious deeds.

Social engineering is behind many data breaches. The 2018 Data Breach Investigations Report by Verizon found that around 98 percent of security incidents and 93 percent of data breaches involved behavior manipulation or phishing.

But what do cybercriminals do with our data? Here are some of the ways that our personal data is misused and abused:

  1. Sold on for secondary attacks such as fraudulent loan applications
  2. Used to set up accounts to commit fraud
  3. Used to access health services using your identity
  4. Make fraudulent payments
  5. Use data for extortion and blackmail
  6. To use in targeted phishing attacks

And then there is account takeover. According to the 2018 Identity Fraud Study, this most sinister of attacks has increased three-fold. Once a cybercriminal has access to your online account, they have access to a lot of personal and private, sensitive data.

The gloves are off, and we need to fight back against those who would impersonate us, sell our personal data and use our digital being to line their own pockets. Here are 10 ways that you can make sure that your personal data doesn't become someone else's.

[FREE] A User's Guide: 10 Ways to Protect Your Personal Data

Download This Free Training Poster

The Top Ten

1.  Don’t click that link!

What to do: Don’t click links in emails. Instead, type the URL of the service you want to log into directly in the browser.

Why: According to Microsoft in their Security Intelligence Report (SIR), phishing is still the number one favorite method of cyber-attack. In the 2018 Data Breach Investigations Report by Verizon, they found that 30 percent of people clicked on links in spoof emails. If you click the link, there is a very high chance you will reveal personal data and/or have malware installed to your device, which will, ultimately, steal personal data.

2.  Come back for a second (factor)

What to do: Use a second factor for logging into accounts and use password phrases, not short words

Why: Robust authentication is one we keep coming back to. If you have a good second-factor in place for logging in to online accounts, then you are much less likely to lose personal data due to phishing or other means of unauthorized access.

3.  Shhh … someone is listening (whispering digital assistants)

What to do:  If you use a personal assistant, make sure you delete recorded conversations regularly. Also mute your digital assistant if you aren’t using it.

On a related note: The Internet of Things (IoT), in general, often relies on your personal data to either perform a task or simply to record your ownership. Making sure that the personal data held within the IoT is protected in the same way you would any data is important.

Why: There have been cases where Alexa has revealed personal data to unknown persons without consent. A recent one occurred when an Amazon Echo user asked for their data under the GDPR “right to access” rule. As well as his own data, he also received 1700 voice recordings of an unknown individual. In another case, private conversations between a married couple were sent to a work colleague by Alexa.

4.  Keep it clean — delete old files

What to do: Make sure that you keep data replication to a minimum. Delete old files you don’t use. This includes shredding paper documents and mail.

Why: The watchword of cybersecurity is “de-risk.” There can never be 100% security but reducing the number of places that can be compromised helps to reduce the risk.

5.  Be less social

What to do: Minimize the amount of personal data you have on social media platforms. This includes things such as dates you will be away from home and personal details such as mother’s maiden name, favorite pet name and so on.

Why: Social media is an open pool of data that cybercriminals can dip into at will. Information such as mother’s maiden name is sometimes used to recover account credentials — don’t give hackers an easy way into your online accounts!

6.  Don’t sync for sync’s sake

What to do: Disable automatic file- and media-sharing unless you really need to do it.

Why: A lot of devices set up cloud syncing when you first configure the device. This means that you may end up with files containing personal and sensitive data (including images) in a cloud repository when you don’t need to.

7.  Keep off the beaten track

What to do: Disable location tracking on each app. You might also want to disable Android Device Manager, but this is a double-edged sword as it can help you to locate a missing phone. Also check the privacy policy of your apps.

Why: A recent study of almost 1 million Android phones showed apps regularly harvested tracking data.

8. Let sleeping Bluetooth lie

What to do: If you are not using Bluetooth, switch it off.

Why: Bluetooth vulnerabilities can allow data to be siphoned off. The BlueBorne vulnerability is a risk for all mobile devices that use the Bluetooth connections.

9.  Encryption is your friend

What to do: Encrypt any data you store on hard drives and use apps like Telegram if you share personal data.

Why: There have been almost 13.5 billion data records lost since 2013 and only 4 percent of those were encrypted. Encryption is a layer of protection that can prevent lost or stolen data being exposed.

10. A patch in time

What to do: Keep your computers and mobile devices patched and up to date.

Why: Software vulnerabilities allow malware to infect your device. Malware steals data and login credentials to online accounts.

Get six free posters

Get six free posters

Reinforce cybersecurity best practices with six eye-catching posters found in our free poster kit from our award-winning series, Work Bytes.



  1. Facebook Security Breach Exposes Accounts of 50 Million Users, The New York Times
  2. Stolen PII & Ramifications: Identity Theft and Fraud on the Dark Web, Armor Blog
  3. Identity Fraud Hits All Time High With 16.7 Million U.S. Victims in 2017, According to New Javelin Strategy & Research Study, Javelin
  4. Verizon Data Breach Investigations Report, Verizon
  5. Security Intelligence Report (SIR), Microsoft
  6. Alexa user gets access to 1,700 audio files from a stranger, TechCrunch
  7. Woman says her Amazon device recorded private conversation, sent it out to random contact, KIRO 7
  8. The Attack Vector “BlueBorne” Exposes Almost Every Connected Device, Armis
  9. Breach Level Index, Gemalto
  10. Reuben Binns, Ulrik Lyngs, Max Van Kleek, Jun Zhao, Timothy Libert, Nigel Shadbolt. Third Party Tracking in the Mobile Ecosystem
Susan Morrow
Susan Morrow

Susan Morrow is a cybersecurity and digital identity expert with over 20 years of experience. Before moving into the tech sector, she was an analytical chemist working in environmental and pharmaceutical analysis. Currently, Susan is Head of R&D at UK-based Avoco Secure.

Susan’s expertise includes usability, accessibility and data privacy within a consumer digital transaction context. She was named a 2020 Most Influential Women in UK Tech by Computer Weekly and shortlisted by WeAreTechWomen as a Top 100 Women in Tech. Susan is on the advisory board of Surfshark and Think Digital Partners, and regularly writes on identity and security for CSO Online and Infosec Resources. Her mantra is to ensure human beings control technology, not the other way around.