Do’s & Don’ts for Online Personal Privacy

Click here to download a PDF of this Guide.

  1. Identify information you want/need to keep private
    1. Bank account and social security?
    2. Identity and reputation?
    3. Family photos?
  2. Protect your sensitive information and accounts. If you get hacked, you may experience a massive invasion of your privacy. 
    1. Use unique, complex passwords. 
    2. Use two-factor authentication (2FA, 2-Step) for improved security when accessing important online accounts, if available. 
    3. Encrypt your data on all devices;. Consult a professional, if necessary.
    4. Quarterly, check to see if your data has been exposed (because a company with your personal data has been hacked) at . Change passwords as needed.
  3. Limit information sharing
    1. Avoid entering contests/surveys, mailing in warranty cards and excessive posting on social media.
    2. Minimize sharing of your cell phone number.  Consider setting up a mobile number alias for unimportant accounts (e.g. Google Voice to forward texts and voice calls to your real number). 
    3. Set up personal email address aliases for your important online accounts (financial, medical, government are important; everything else is unimportant). Gmail, Outlook, iCloud, and Yahoo email are examples of services that offer the ability to set up aliases.    
    4. Minimize sharing your contact list and location with apps.
    5. Review sharing and privacy settings for all online accounts at least two times a year.  Be sure to tell them not to share your data to third parties.
  4. Hide your internet activity
    1. Use a virtual private network (VPN) service when using a Wi-Fi network at an airport, restaurant or other public place.  Well-regarded VPN services include NordVPN, Private Internet Access VPN and TunnelBear VPN.
    2. Consider using a privacy-focused search engine, such as DuckDuckGo.
    3. Minimize tracking of your browser activity by using “incognito” options or installing a blocking extension, such as Privacy Badger, Ublock Origin, or Ghostery.
  5. Delete or obscure unnecessary data on your devices periodically, especially if files are not encrypted.
    1. After switching to a new device, carefully erase all files from your old device. Consult a professional, if necessary.
    2. Periodically clean up stale personal data on websites.  For old unimportant accounts, consider updating with false data and then deleting accounts after 30 days.
  6. Document the things you have done on this list, especially aliases, as time will pass and you may need the information in the future.


Crossroads Investigations: Social Media Privacy Tip Sheet

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge