–Be aware of national laws. The European Union (EU) General Data Protection Regulation (GDPR) provides significant privacy protection for EU citizens, including the option for citizens to tell companies to “forget me” and delete all of those citizens’ data. The United States does not have such regulations currently, although some U.S. states are considering enacting similar regulations. In some countries, the government is actively monitoring its citizens online, including the activity of visitors to those countries. Be aware of the online protections in your country, and other countries when you travel abroad.

–Consider your internet service provider (ISP). ISPs can see what websites you go to and can also see your interactions with those sites if the connections are unencrypted. When you use your smartphone to surf the web, your cellular provider is acting as your ISP, unless you are using a home Wi-Fi connection. To be anonymous, you would need to use a virtual private network (VPN) to connect to an anonymous networking service that obscures your online identity. Your ISP would know that you were connected to the VPN service and how much data you were sending or receiving, but not what you were actually doing.

–Consider your web browser. Just as your ISP sees everything you do; your web browser sees everything you do regardless of your ISP. Some browsers—like Google and Microsoft—allow you to logon with your account, and synchronize all your browsing data, passwords, and history across all of your devices. While this capability is great, it also means all that information is now being stored “in the cloud.” Some browsers, like the “TOR Browser” include features to enable web browsing that is at least somewhat anonymous. With a regular browser, you can reduce the amount of data being stored by periodically clearing your browser’s history, cookies, and cached passwords. For example, you can clear your Microsoft Edge browser data each time you close the browser by turning on one of the “Settings” features. However, this process is cumbersome.

–Watch out for your applications. The applications you use remember when you start the application, when you shut it down, and everything you do in between. If you filled out a product registration form when you installed the application, it knows who you are and where you live. Many major applications record this information and send it back to the vendor every time you run the application. While this information is allegedly for diagnostic purposes, it also means the vendor knows who you are and how you use their software.

–Beware of e-commerce. As soon as you purchase something online, the vendor knows who you are, where you live, and your credit card information. The vendor can also tie that information to your computer IP address and your account information, if you have an account with them. If you use a service like PayPal or Amazon, they have a record of this transaction along with all your prior transactions and can use them all to build profiles about you and your preferences.

–Watch out for cookies. Websites track users using “cookies” that are written to the user’s computer’s storage and presented back to the website each time the user returns. Cookies perform an important function to enable session tracking like when you are doing a transaction online. However, “persistent” cookies enable the site to recognize you every time you come back and link that information to your identity. All you had to do was identify yourself to them one time. Once the initial identification was performed, the cookie enables the site to recognize you and your devices, every time you visit.

–Test your privacy. The Electronic Frontier Foundation (EFF) is a nonprofit organization actively promoting online privacy causes. They have created several tools and services for protecting your privacy online, at www.eff.org. One of the more intriguing tools they have is the “panopticlick” service available at https://panopticlick.eff.org. You can use it to test your web browser’s privacy configuration, against their standards. After testing your configuration, you may find you want to change your configuration, or install a privacy filter.

–Do some research! The above list is just a starting point for protecting your privacy online, as well as that of your family. Features like location tracking, notifications, file sharing, e-mail, and free software all give big data opportunities to track you and monetize your online activity. Consider everything you do, the devices you use, and the available tools to give yourself the levels of protection you think you need.

–Be aware of kids’ online activities. Pay attention to what your kids are doing online. Have open conversations with them about what they want to get out of the internet. Is it research for school? Videos for entertainment? E-mail or social media with friends? Online gaming? Understand what they are doing online, why, and where in the internet those activities take them. Explain to them how the internet is a dangerous place, and just as they need to be cautious with strangers in the real world, they need to be cautious online as well.

–Configure their devices. Kids almost never need administrative access to their devices. Installation of software and establishing accounts for them should be carefully supervised. If kids are surfing the web on the family computer, make sure they have separate accounts that are restricted in what they can do and where they can go. You do not want your kids getting malware on the family computer, or worse.

–Put passwords on your other devices. Kids are remarkable in their ability to figure things out, especially when a fun game, amusing video, or other gratification is involved. Identify which devices in your household are okay for kids to use, and which are not. Put passwords on all of them so you can control their usage, especially by young children.

–Understand their online accounts. Your kids will most likely need online accounts whether you like it or not. They may get accounts at school for online education, but those accounts may also be usable outside of school. They may need e-mail identities to receive license keys, may need to establish accounts with search engines to store their preferences, or may want accounts on gaming sites to play their favorite games. Keep a list of your children’s online accounts, the websites where the accounts reside, and the passwords protecting the accounts.

–Monitor their online connections. More and more online sites and games include social media elements. It is hard to go to a website and not see a link to “connect through Facebook,” “forward through Twitter,” or “publish to Instagram” on the site. Kids will want to connect with their friends online but can easily fall victim to connecting with strangers who show interest in them. Only let your kids connect to people they (and you) know in person. Periodically check their online connections to make sure you are up-to-date on who is interacting with your kids.

–Use family protection technology. Devices, operating systems, and application software are becoming more family-friendly aware. Microsoft and Apple both have family protection features built in to their operating systems that can be turned on to protect children. Also, popular internet security programs like Norton and Symantec include web filtering features that can be used to protect kids from inappropriate websites. These examples are but a few of the available options. Research these options, enable them, and monitor their operation.

–Teach your kids about the internet. As part of having open communications, educate your kids about how the internet works, its power and capabilities, and its dangers and risks. When they make mistakes, use those mistakes as teaching opportunities. Remember that you own the devices, and you can establish the rules for their use. Enforce your rules, even when the enforcement is unpleasant. Your kids will live, even if they are not online for hours every day, constantly connected to their favorite game, or active in their favorite social community.

–Guard your documents. There are several physical documents that serve as your identity “foundation.” Armed with these documents, someone can attempt to impersonate you and steal your identity. These documents include birth certificates, social security cards, immigration documents, national passports, driver’s licenses, Medicare cards, and national identification cards (in some countries). Have a minimum number of copies of these documents in your possession and safe deposit boxes or other secure storage, but do not make extra copies that could easily be lost or stolen. Any copies that are no longer needed should be thoroughly destroyed so they are completely illegible: shredding is okay, but burning is better.

–Guard your identifying data. In the United States, social security numbers have become de facto national identifiers, and it will take decades to reduce the danger of someone using your number to impersonate you. When accessing resources online or by telephone, your identity is just a matter of information data such as name, telephone numbers, home address, account numbers, e-mail addresses, usernames, and passwords. Your identity is confirmed using secondary identifying information, including: mother’s maiden name, schools, favorite colors, pet names, and other personal trivia and preferences. Keep track of this information, and do not share it except when necessary.

–Consider credit and identity monitoring. Ironically, a big part of Experian’s business is providing credit and identity monitoring. This service gives consumers control over the information the credit agency shares with their business customers and may allow the consumer to authorize when that information is shared. In addition, there are services like LifeLock that provide identity protection above and beyond the protection provided by the credit agencies. In addition, recent regulations in the United States have made it free to request a “credit freeze” that requires your authorization before credit is granted in your name. Credit agencies such as Experian, TransUnion, and Equifax provide “fraud alert” services that can provide similar protections in the event of identity theft.

–Watch out for tax and medical identity theft. Scams that involve stealing people’s identities to obtain tax refunds, or to get free medical services, are becoming more common. Scammers may attempt to steal your identity to file false tax returns in your name and take the resulting refunds, before you can file legitimately. Medical fraud involves stealing your medical information and then getting medical services in your name or buying prescription drugs (which can then be re-sold for cash). These scams are disruptive, expensive, and time-consuming to address. Medicare recommends you guard your Medicare card like it is a credit card and only provide your Medicare number to people you know should have it. Like the IRS, Medicare does not call you unless you give them permission to contact you ahead of time. Review your Medicare claims for mistakes or suspicious charges, and report any irregularities to Medicare. To help prevent Medicare fraud and protect yourself, see https://www.medicare.gov/forms-help-resources/help-fight-medicare-fraud for more information.

–Monitor your identity. Where identity is concerned, a little paranoia can go a long way. Buy a shredder and shred identifying documents like monthly bills, credit card offers, account balances, and medical statements. In the United States, get your annual credit report from the major agencies—Equifax, Experian, and TransUnion—and check it carefully for personal information or accounts that are incorrect or not expected. Check your bank, credit card, and other statements carefully for fraudulent charges or unexpected transactions.

–The internet is forever. Everything you post to the internet is going to be recorded, saved, backed up, archived, and made searchable by ever-increasing analytical engines. While you may not remember where in the internet you went last week, your web browser, search engine, and the sites you visited remember everything perfectly. Assume that everything you post online is public and could appear on the front page of your favorite newspaper or news site, even decades from now.

–Watch your e-mail. Free e-mail is monitored and analyzed by the providers, who then sell that information to advertisers, aggregators, and other interested parties. They may also use your address book to establish connections between you and other people—your “web of connections.” If you want real privacy, find an e-mail service that guarantees it, or operate your own e-mail server. It may cost money, but that may be a price worth paying if your privacy is that important to you.

–Your “web of trust.” Do not be the friend who gets all their friends infected with malware, and do not fall victim if one of your friends is infected and tries to attack you. Be careful of the documents, links, and recommendations you make online. Be wary of what is recommended to you from your social network. Just because an e-mail or posting comes from a friend, does not mean the e-mail or posting is legitimate. Also, when you “like” something online you are establishing a connection to it and it can be used to get to you. Is it a connection that is safe? Is it a connection you want to endure long-term?

–Safe social media. Understand how your social media accounts interconnect with each other. Networking sites are all-too-happy to consume your address book and invite all your contacts to participate as well. Twitter is thrilled to broadcast to the world when you “like” a site on Facebook. Likes are often publicly accessible and can be used to profile you over time. Many of the major services have integrated together to make cross-sharing easy or even enabled by default. Look at your privacy settings, and make sure the appropriate amount of information is shared publicly, or with friends and family. You really do not need to share everything, especially with the public.

–Watch whom you friend. Be careful whom you “friend,” especially when they are only acquaintances, friends of friends, or unsolicited connections. Attackers may attempt to friend you with introductions like “we met on vacation last year,” “I was at that conference with you,” “I’m a friend of your spouse/kid/family,” or something like that. Unfortunately, social platforms are not always good at distinguishing between close, trusted friends, and distant, untrusted acquaintances.

–Watch your postings. When you post online, it is forever, and when you post personal information online it is forever compromised. Do not post personal identifying information like your home address, phone number, birthdate, place of birth, parent’s names, social security numbers, or other data. When you post pictures online, or shoot a video in your home, look carefully to make sure personal information does not appear. Even a college diploma in the background may be identifying, after it is frozen in the frame, zoomed in, and enhanced. Watch out for prescription drug bottles, as their labels may contain your address, phone number, medical conditions, insurance numbers, and other sensitive personal information.

–Protect your games. Online and mobile games are frequently free to play, but rapidly entice you to purchase premium content within the game. This enticement may be for additional tools, expansion modules, bonus levels, or “skins” for your online character. The game providers can make significant money from these premium offerings. At the same time the providers can collect (and store) your payment information, along with your online profile and friend network. Give careful attention to whom you are providing payment information, and do not let it fall into the wrong hands. Also, your online game purchases may result in license keys that are linked to your account online or sent to you via e-mail. These keys and corresponding online currencies can be worth hundreds of dollars and should be safeguarded accordingly.

–Gaming “friends.” Gaming has become a social activity with entire leagues forming up around popular games. While many people play games with their real-world friends, people also make friends inside the virtual game worlds. These people may be in different states or different countries. Gaming connections may be powerful ones because of the shared gaming experience. However, these people are just as much strangers as anyone else one might meet online. Be wary, especially when kids or young adults are involved.

–Gambling. While online gambling is illegal in many countries (like the United States), that illegality has not stopped online gambling from becoming wildly successful. While many gambling sites are legitimate businesses, plenty more are not. Use caution and do research before giving up your credit card information online at these sites, and manage your gambling carefully within responsible limits.

–Online shopping. Choose carefully which websites you use for online shopping. When you shop at smaller or unusual websites, consider using third-party payment providers like PayPal, rather than giving the site your credit card directly. Be careful when you create an account at a site, and do not re-use passwords that are also used to access sensitive e-mail, online banking, or credit card accounts.

–Watch out for fraudulent charges. Do not use debit cards for online purchases, as the compromise of a debit card can endanger your entire bank account. You may also have less recourse with fraudulent debit card charges than you do with credit cards. Scrutinize your credit card and bank statements for possible fraud. You may also want to set up a separate credit card account, just for online purchases.

–EMV payment and tap-and-pay. Modern credit cards include microchip technology from the Europay, Mastercard, Visa consortium. This “EMV” technology uses a chip embedded in the credit or debit card to authorize transactions and verify your identity. The chip is almost impossible to duplicate, unlike the legacy magnetic stripe that preceded it. This EMV technology is slowly being required for credit card purchases worldwide, including the United States. Your personal information is much safer when you use EMV for your credit card purchases. If a personal identification number (PIN) is required to authorize the transaction, it is even more secure, but you should use caution to cover your hand when you key in your PIN. “Tap-and-pay” features are very convenient for quick purchases like for gasoline but are vulnerable to exploitation by attackers who can connect to your card’s wireless features remotely. To protect against such fraud, your wallet or purse should be shielded to protect your card from snooping.

–Snooping, skimmers, and ATMs. Snooping involves watching your card transactions to read your card numbers and PIN codes. Skimming involves modifying terminals to steal a copy of your card’s information, including the card number, your name, and other data. Skimmers may also capture your PIN entry. ATMs are particularly vulnerable to these types of attacks, because they are frequently out in the open and relatively unprotected. Skilled attackers have even succeeded in installing skimmers at major retailers, by pretending to be maintenance personnel or installing their equipment after hours. Watch for obviously modified credit card terminals or ATMs, cameras watching the screen of ATMs you use (looking over your shoulder) and shield your hand when you enter your PIN codes.

–Understand the risks. Medical fraud is real, and very expensive. This fraud is perpetuated by using stolen identities. Unfortunately, these risks are increased every time we allow our health insurance card to be copies by a service provider or fill out an extensive patient history form. Much of the risk is unavoidable, which is frustrating for everyone.

–Protect your health care identity. Safeguard your health care ID card just like a government ID or credit card. These cards are worth money to fraudsters! Look after them, do not loan them out, and report if they are lost or stolen. Shred your health care statements, both from health care providers and from your insurance, when they are no longer needed.

–Check your health care statements and records. When you are treated, you should get two statements—one from the service provider, and one from your insurance. The information on these statements should match, indicating the service you received matches what your insurance paid. It is up to you to check this, as no one else knows what happened. If you see a discrepancy, investigate and report it. The discrepancy could affect your payments, your deductibles, your treatment, and your safety. Also, check your medical records for accuracy. When records incorrectly indicate a condition you do not have, or a treatment you did not receive, it could be a sign of fraud or identity theft. It could also contribute to potentially life-threatening medical mistakes.

–Report fraud when you see it. If you find inappropriate charges from a health care provider, request an investigation. Escalate to government regulators if the response you get is inadequate. It may not be “your money,” but the damage impacts all of us and the medical costs we all bear together.

–Internet crime. Most illegal online activities are illegal due to laws that have been on the books for years, or even decades. They fall under categories like financial theft, extortion, or mail fraud. Many computer “hacking” activities are outlawed under the Computer Fraud and Abuse Act (CFAA) passed back in 1984, and amended several times since then.

–Net neutrality. This area is a hot topic in the United States at the time of this writing, as legislation requiring ISPs to allow all network traffic to flow freely expired without a replacement in place. Without this requirement, ISPs can give preferential treatment to their content or that of their content partners. They could even completely block access to their competitors or websites they view as being “inappropriate.” Many citizens consider this lack of net neutrality to be a dangerous limitation on personal freedom and privacy.

–HIPAA. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) laid out many of the requirements for health care providers in terms of collecting medical information, sharing medical information, and protecting that information when it is stored on paper and online. Many of the hospital and health care provider cyber protections can be directly traced back to this legislation and its requirements.

–GDPR. The EU’s General Data Protection Regulation (GDPR) is a comprehensive regulation requiring organizations to safeguard personal data and personal privacy for EU citizens. Because of the international nature of e-commerce, this legislation affects e-commerce worldwide, even outside of the EU. One of the more interesting aspects of this legislation is a requirement for a “forget me” feature that allows citizens to ask that their data be removed from an organization’s records.