August 3, 2020

Your data is your most valuable asset. Here’s what you can do to protect it.

Everyone in the family—from kids to grandparents—is spending more time online because of COVID-19. Here’s what our expert from Allstate Identity Protection says every family must do to keep its assets safe.

"Our digital life has expanded suddenly and exponentially. The biggest risk now comes from our children spending a lot more time online," says data privacy expert Shatabdi Basu. Thankfully she has some tips for how to keep you and your family secure and private. Photo by NeONBRAND/Unsplash

Data privacy is a black box for many people—you know it exists but what it entails is both mysterious and complicated. But with more and more of our time being spent online due to restrictions related to COVID-19, it’s important to know how to protect yourself. We spoke with Shatabdi Basu, Senior Vice President of Marketing at Allstate Identity Protection, to find out some of the best things people can do to stay secure online. Basu also offers advice to small businesses and nonprofits on how to stay secure and thrive, especially in this moment when digital services are so crucial.

Whether it’s working with individuals or organizations, Basu’s role in helping people keep their data secure is grounded in empathy. Growing up in Kolkata, India, she was a student at Loreto Convent—the school associated with Mother Teresa. There, she says, she learned the importance of helping others through education.

“I’m always drawn to helping folks. Within this space, I think one of the draws for me is that people feel lost, they don’t know what to do. Especially the elderly or people who lack digital access. They’ve never dealt with it,” Basu said. “Giving them a way to wrap their heads around data privacy and making it more tangible helps them feel empowered. I think that’s so very important. It’s a key area we can help.”

This Q&A has been edited for length and clarity.

Thank you for talking with us Shatabdi. What are the common mistakes that people are making that they just don’t even think about when they’re living their digital lives?

Let me take a step back actually, before I get into the mistakes, and explain my view on data privacy and how people view it. I think we’re living through this era now where our digital assets, which is our very personal, private information, has become the most valuable asset—even more than our house and car.

If you think about it from that perspective, most people find it difficult to wrap their head around how to manage it effectively. We are signing up online for so many different accounts, rewards, programs, and banks, that people don’t know how to manage it. People all have some awareness of this risk at different levels, but when it becomes overwhelming, then people tend to oversimplify.

One way of oversimplifying things, is we tend to create the same password for every single account, because it’s easier for us to remember that. That is really the biggest kind of risk because you have critical accounts, like your financial accounts, which probably have built-in security, but then you have some accounts that you’re creating using the same password, that are really not that secure. These account takeovers from hackers or cyber criminals are becoming more and more common. Keeping critical and casual email communications separate and secure by using different passwords is important.

Another common mistake that people make is they think of identity protection and privacy protection with tunnel vision, focusing just on credit monitoring and financial security. But an identity breach can expose you to a bigger spectrum of danger. Think beyond free credit monitoring, because it doesn’t monitor you the way a full-fledged identity protection product does.

Our digital asset is probably now the most valuable asset that we have and hold, so secure it.

One thing I think should be adopted far more than it is, is using two-factor authentication or biometric authentication. With two-factor authentication, you put in your password, then it sends you a notification on a different device and you have to approve it from there to log in. Those are some of the habits that need to be adopted more.

Those are some good tips! Are there any other things that someone could do right away to boost their digital security and give themselves some peace of mind?

First create separate passwords. You can get a password manager if you want, which would help you to centralize and manage them, but in a far more secure way. Another thing that I always advise folks to do is to have separate email accounts, at least two. One account is for your serious, more critical transactions, like financial institutions. The other is for when you need an email for a rewards program or online shopping, so you’re not mixing those up. Keep them separate, that way if someone gains access to your casual accounts, they aren’t also getting information on your critical accounts.

Another easy thing is check your social media. Whatever accounts you have, check all your privacy settings to make sure you’re not giving access to folks who shouldn’t be viewing things that you’re posting.

I think the last one is to get an identity protection service. It’s really worth it. In this day and age where we have a car alarm, we have a house alarm, but we don’t think about an alarm for our online security. Our digital asset is probably now the most valuable asset that we have and hold, so secure it.

And things are only going to be even more digital. It’s not like we’re going to all of a sudden go back to paper. It’s here to stay.

We have seen how COVID-19 is changing us this year with how much more time we are all spending online.

Yes, with everyone having constant video meetings, there’s an extra potential for risk there. Is there something that you think folks should keep in mind for the COVID reality of keeping our digital communication secure and private?

You’re absolutely right. Our digital life has expanded suddenly and exponentially. The biggest risk now comes from our children spending a lot more time online. That really draws on us as parents and teachers and school administrators to secure them. You have to have that conversation so they understand not to click on any kind of link, not to just download any app, and not to talk to just anybody online.

You also have to make sure that you’re providing updated anti-virus software. If a child is breached through a school network, everyone who shares a network with that child’s device could be breached.  Additionally, if a child brings a breached device home it can put the family network at risk.

Kids likely don’t have privacy and security in mind as they navigate devices, but they can be digitally savvy. What about our older relatives who didn’t grow up in the digital age? What are the best ways someone can help their loved ones—both young and old—improve their level of privacy or data security?

With our elderly, our parents and grandparents, I think it’s a lot of the same things we do for our kids. Talk with them about what they should or should not be doing, educate them on online security so they can identify any phishing emails that come through.

Even my mom would take some of these fake emails very seriously and click on some link that she was not supposed to. I think the additional risk that we have with the elderly that we don’t have with children is that kids are at least not doing financial transactions. I think that exposes the elderly to an additional risk.

You can set up two-factor authentication and help set up different passwords. Help them back up their data. I like sending my parents a lot of articles and educational material just on how to protect themselves, especially during tax season. Often people will receive random calls and emails claiming to be the IRS. It’s important for them to know how to verify whether that’s true or not. For example, with COVID-19, unemployment fraud has grown. There has to be this higher level of awareness on what can happen to them and how they can protect themselves.

In the past The Renewal Project has written about nonprofits that are hoping to close the digital divide. Many of these organizations take donations of gently used smartphones and laptops. When someone does donate these devices, what should they do to ensure their information stays secure?

You want to wipe your data, and there are a couple of ways you can do that. One is if you have a removable hard drive, remove it, and either you can replace a hard drive or maybe the place where you’re donating to will have extra hard drives that they can put into the computer.

The second one, a lot of the laptops nowadays and even smartphones don’t have a removable hard drive or SIM card. So in that case just restore factory settings on the device.

Before you do that, make sure to back up everything. I, myself, actually have a couple of different ways I back up my data: on the cloud as well as on a separate, physical machine server. Ensure that you have all your data backed up and then restore factory settings. There are also a couple of softwares that you can use to override. I prefer donating clean devices, rather than relying on other software programs to override your data.

We’ve been talking about data privacy issues on an individual level. Many small businesses and nonprofits are forced to do more of their work online more than they ever have before. What should these small, often grassroots, organizations keep in mind when it comes to keeping information secure?
Small businesses are always a passion for me because I’ve had two of my own startups and I know how difficult it is. There are a few things that small organizations can keep in mind. Firstly, don’t store clients’ private information unless you absolutely need to, because you’re exposing yourself to liability.

Second would be to not share your own, your employees’, or your customers’ private information, like a social security number, over emails. That’s a big no-no. If they have the funds, it would be worth investing in cybersecurity training and have their staff trained on a regular basis. Be compliant with data compliance, laws, rules, and regulations such as the CCPA and anything else.

If you are a small business in the U.S., limit yourself, unless you absolutely have to, from storing data across international borders, because then there are international laws that you have to be mindful of. Also, as a small business, be very conscious about who your partners are, if you’re sharing data with them, how you’re sharing, and if you’re hosting any data on a third party software.

Make sure third party partners are secure, reputable, and that you have a proper contract with them that protects you. In some cases you also want to build in an indemnification clause in the contract that completely protects you in case they get breached and then you get breached through them.

So you touched on your experience as a small business owner. But would you say those same rules apply for nonprofit organizations as well?

Yeah, I would say it’s those same dynamics. Often nonprofits are working with a more vulnerable population. So, in some ways I think it’s even more important for nonprofits to be able to protect themselves, their employees, and the people they serve.

Thank you, Shatabdi, for taking the time to speak with me!

Caitlin Fairchild

Caitlin Fairchild is the Deputy Editor of The Renewal Project.
all stories