Almost everything you do online, whether it’s visiting a website, reading a blog, downloading music or sending email, leaves a trail of personal data. Some of it remains on your computer; some is transmitted to third parties. While this is not necessarily a bad thing, you can and should control who sees it. In the interest of protecting your privacy, we offer some tips.

1. Opt-out and use any other privacy options offered

As you sign-up for accounts with online merchants and social networking sites, pay particular attention to the various privacy settings and privacy options offered to you. For example, many online companies provide you with the option to get off or “opt-out” of the lists that share your information. A number of companies go a step further and ask your permission (“opt-in”) before sharing personal information that they collect. Brand name companies will respect your choices. Too often, however, companies make opting out difficult, so you may have to dig through their privacy policy to find where to opt-out.

2. Get a separate account for your personal email

If you are assigned an email address in connection with your job, your boss probably has a legal right to read any and all correspondence in this account (and maybe any information stored on your work computer). In fact, you may have agreed to such monitoring when you took the job or first logged on to the corporate system.

Using a separate email account (such as the free accounts available from Google or Hotmail) for personal communications helps protect your privacy at work. Some private accounts, such as those offered by Web-based email services, enable you to check your personal mail from work without downloading it to your company computer.

3. Be careful when using social networking sites and picture/video sharing sites

If you use a social networking site, be careful about who can see your information. If you use a picture or video sharing sites to share photos with friends and relatives, be careful how you set the settings that are offered, to be sure you are not sharing your pictures with strangers. Be especially careful with pictures of your kids. If the site allows you to do so, check every once in a while to see if anyone you don’t know is looking at pictures you did not want to share publicly.

4. Learn about – and use – the privacy features in your browser

The software you use to surf the Web – whether Internet Explorer, Firefox, Safari, Camino, Firefox, or Chrome – has built into it a variety of tools (or plug-ins are available) that can help you protect the privacy and security of your information as you use the Internet. Take some time to read about the privacy and security features in the browser you use. They can help you control the planting of “cookies” on your computer, identify insecure or fraudulent sites before you visit them, block viruses and other malicious software from being downloaded, and enhance your privacy and security in other ways.

For example, if you use a computer in a library or other place where someone will use the computer after you, use the tools that allow you to clear your browser history and memory cache after browsing. This can be important because, as you use the Web, the browser software saves a history of the sites you visit. In addition, copies of all the pages you visit are saved in the computer’s memory (known as the “cache”), in order to help the site load faster when it is visited a second time. Also, the search bar on the browser may store past searches. All of these features have their benefits, but these browsing records can compromise your privacy, particularly if you use a computer at the library or in another context where someone else will use it after you do. Depending on the specific browser, you can delete cached images from the “Preferences” menu or the “Tools” menu. You may have to use three separate controls to delete all three sets of history – cache, the list of sites visited, and the search history.

5. Make sure that online transactions are secure

While interception of Internet communications in transit is rare, it is worth taking precautions, especially when sending credit card numbers or other financial information. Most ecommerce Web sites have a secure mode that encrypts sensitive transactions while they pass over the Internet, and all the major browsers indicate whether a transaction with a particular Web site is encrypted. In most cases, the address for a secure Web site will start with “https” – the “s” indicating secure. In addition, all of the common browsers use a small picture of a lock to indicate that a site is secure. The symbol appears either in a corner of the browser screen or right in the address bar; clicking on the lock will give you additional security information about the page.

It is VERY important, however, to recognise that the use of https and the appearance of the lock do not prove that the Web site you are visiting is legitimate or that your information will be used properly once it reaches the Web site. The company running the Web site may be fraudulent; or the Web site may be a fake, made to look like a legitimate, well-known brand but in fact it may be a spoof. Increasingly, browsers have features that will warn you if something doesn’t add up. Read up on the browser you use, so you know whether and how it warns you when you are about to visit a site that may be fraudulent. But the fraudsters are always trying to keep ahead of these security measures, so use common sense and check out Tip #8 to learn for yourself how to spot a fraud.

6. Learn how to spot phishing and other scams

Before giving out personal information online, know who you’re dealing with. You have to be especially careful because fraudsters are creating websites that look like those of legitimate businesses, trying to get you to enter information.

“Phishing” is a scam designed to steal your personal information under false pretenses. The scam works by tricking users into disclosing personal information, such as credit card numbers, social security numbers, and account passwords. The fraudsters pretend to be a well-known source, such as your bank, a brand-name ecommerce site, or popular social networking site. The fraudsters lure you in with an email, a pop-up ad, or an instant message that has a link to the fraudulent website where you are asked to enter their sensitive information.

One way to spot a phishing email is to examine the sender’s email address. For example, if the email purports to be from a bank or other business headquartered in the UK, but the email address ends with .cn or some other country code, you can be sure it is not legitmate. Also, if you scroll your cursor over any link in the email (being careful not to click on it), your browser may show the actual address – if it is a string of numbers or is otherwise different from the address of the legitimate business, then the link will take you to a scam site.

Messages marked “Urgent” are usually frauds.

To be safe, it is best that you don’t click on any links in an email purporting to be from a bank or financial institution – chances are it is a fraud. If you want to go to the web site of your bank, type the address into your browser.

Fraudulent websites generally have deceptive URLs. Look carefully at the address of a website – if it is not in the normal business.com or business.co.uk format, it may be fraudulent. Many fake sites will place a picture of a fake lock icon on their site. Make sure the secure lock icon is in the browser frame, not inside the browser window.

Never click on an email attachment from someone you don’t know.

7. Reject or delete unnecessary cookies

Cookies are small bits of computer code planted on your computer by most of the Web sites you visit. They enable the Web sites to collect and store information about your online activity and to recognize your computer when you return again or visit an affiliated site. If you signed up to a Web site and obtained a username and password, cookies remember that information for you. Some sites use cookies to deliver content targeted to your express or inferred interests; sites often use these preferences to target advertisements to you. Cookies can be used to track you across Web sites online, enabling creation of a profile without you even realizing it.

All of the major browsers allow you to reject cookies outright (although that may interfere with the functioning of various Web sites you want to use regularly) and to view and delete the cookies that have been put on your computer. You may have to dig around in the Help section or on the Browser Web site to find the cookie controls, since they vary from browser to browser and even between different versions of the same browser. In Safari, for example, you will find cookie controls under Safari > Preferences > Security. In Internet Explorer, you can find the options for controlling cookies by clicking “Internet Options” on the “Tools” menu, and then clicking the “Privacy” tab. To delete cookies already on your computer will require a separate set of steps; again, you may have to dig though the Help section or search online for instructions.

One point of caution: Some privacy opt-out systems rely on a cookie. If you delete the cookie, your opt-out is canceled. For this reason and others, it is probably best to delete your cookies selectively, not wholesale.

8. Use security software and promptly install security upgrades

If you go online, your computer could be infected by various kinds of malicious software, ranging from viruses to spyware. “Spyware” is used to deliver unwanted pop-up ads or to steal sensitive information. These programs create privacy problems, open security holes, and otherwise degrade the performance of your computer. Worse, you often can’t tell what’s wrong with your computer and even if you knew what you were dealing with, it can be very hard to uninstall spyware.

The best solution is to keep nasty software off your computer in the first place. Fortunately, there is a thriving market for security software that you can use to protect your computer. Anti-virus and anti-spyware software takes many forms, but if you use a reputable product, your computer will be protected from most (although not all) security threats.  Just make sure you get your security software from a reliable vendor; often, spyware masquerades as software to protect your computer!

The vulnerabilities in your computer software that viruses and spyware take advantage of are most likely being fixed or “patched” constantly by the developers of the basic software you use. Microsoft, for example, issues patches for their products once a month, on the second Tuesday (and more often if needed). You can set up your computer to automatically check for upgrades, and most security updates are free. When an application that you installed asks whether to update itself, you almost always want to do so promptly in order to ensure that you have the most up-to-date security in that application or on your operating system. Likewise, new security features are often incorporated into new software upgrades, so new versions of software you already own may be worth the upgrade. Check out what the reviewers have to say and see if the upgrade will protect you online.

And remember, don’t click on links or attachments in emails even if they promise security upgrades. If you are looking for a security upgrade, it is best to type the address of the company into your browser address bar – such as “http://www.microsoft.com/downloads/“.

9. Safeguard important files and communications

Secure your laptop, your phone and other portable devices with a strong password. Keep your important files out of any shared or public folders. In situations where there is a particular need for security, you should use encryption. You can encrypt your email and you can encrypt files stored on your personal computer. However, in order to encrypt your email, both sender and recipient must use the same program. This is fairly common within closed systems (such as for communications among the employees of a government agency or within a corporation and between the corporation and its suppliers), but relatively few individuals use encryption for their daily email with people outside their own institution. The major email programs (i.e., Internet Explorer Outlook) have encryption built in. Pretty Good Privacy (PGP), a popular encryption software, is free for non-commercial use. PGP can also be used to encrypt files on your computer.

10. Use strong passwords and protect them

Do not use passwords that can be easily guessed by someone who knows your name. Especially do not use your children’s or spouse’s names, your date of birth, current or old addresses, phone numbers, or favourite football team – it is just too easy for someone to find out these things about you. Do not use the same password across sensitive sites. Change your passwords occasionally.

[Copyright credit to CDT]