Proton
Data breach prevention illustration

How to prevent a data breach

The Internet is full of information about what companies should do to keep consumers’ personal data safe from hackers. And there’s plenty of advice for consumers who have already been the victim of a data breach. (You can read our article on the Proton VPN blog about what to do if you were the victim of a data breach(new window).)

But there’s very little guidance for consumers on how to keep their data safe in the first place. In fact, Quartz reported after the Equifax breach that we should just assume our data will be stolen(new window).

Part of our mission at Proton is to build an Internet where data breaches are an anomaly, not a given while mitigating the damage when a breach does occur. There are, of course, regulatory and technological solutions to the increasing trend of data breaches. However, there are also steps individual consumers can take to prevent their data from being exposed.

In this article, we’ll give you 5 simple steps you can follow to decrease the likelihood that you’ll be a victim of a significant data breach.

1. Reduce the amount of information you give out

This isn’t always possible or practical, but companies can’t expose data they don’t have. It’s the most sure-fire way to mitigate your risk of a data breach. In the case of medical or financial information, our control is limited. Banks, credit bureaus, and other financial institutions collect your data often for regulatory purposes or through agreements you can’t opt out of.

But other companies — particularly websites operators like Google, Facebook, or Twitter — usually only collect and store information that you allow them to have. For example, this article shows you how to delete your Google data(new window). In the early days of Facebook, many people treated photo albums as cloud storage. But multiple privacy and security breaches at Facebook(new window) have shown that information stored on the company’s servers is not necessarily safe. Privacy settings are not a solution because the data is still vulnerable to breaches, even if your friends and followers can’t see it.

You should only store information online that you wouldn’t mind showing to everyone. (Encrypted cloud storage is the one exception to this rule, which we’ll cover more below.)

2. Use aliases when possible

Websites are hungry for data, but sometimes they don’t really need it to provide you with a service. For example, airports may ask for your name, phone number, and email address to access free WiFi. Or a liquor company may ask for your date of birth to verify your age before entering their site.

Unless you have to, don’t give companies your real information. While this is obviously not advisable for your shipping address or the name on your airline ticket, there are many situations where an alias or fake birthday works just fine. Proton Mail allows you to create aliases and multiple email addresses, which you can provide instead of your main email address. You can also create secondary social media accounts with limited personal details whenever a website asks for your profile link. If a site requires an image, consider using an illustration or something that’s not your real face.

3. Research companies’ security record before doing business with them

With so many major companies(new window) falling victim to data breaches, it’s not always possible to do business only with companies that have never had an incident. And there may be other factors like price and convenience that weigh into your decision. But if it comes down to Marriott(new window) or another hotel, or British Airways(new window) or another airline, you may find it easier to choose the company with a better IT security record.

4. Use end-to-end encryption

The most secure way to store and send information online is through services that use end-to-end encryption. We have previously explained how end-to-end encryption works, but here’s the brief version: when you send a message or store information on the cloud, the data is encrypted before it leaves your device and it can only be decrypted by you or the people you choose to share the data with.

End-to-end encryption adds an extra layer of protection to your sensitive information. Even if your files are exposed in a data breach, those files cannot be decrypted and thus remain safe. A variety of online services employ end-to-end encryption, including instant messaging apps, video and voice calling, cloud storage solutions, note-keeping apps, and email. Proton Mail automatically applies end-to-end encryption to all of your messages. It even allows you to send end-to-end encrypted emails to other email services. 

5. Use strong passwords

Most people don’t have to worry about the NSA or a hacker targeting them specifically and trying to crack into their accounts. For most of us, it’s important to use a strong, unique password for your online accounts in case the website’s password database is breached. 

Proton Mail uses the Secure Remote Password protocol to authenticate users, which means we don’t know what your password is and a hacker cannot steal a “list” of all our users’ passwords. But other websites store your password on their servers in an encrypted form that can conceivably be cracked by hackers who obtain the password database. That’s why we recommend following the tips in this guide to creating a strong password.

You should also use a unique password for all your accounts and devices. That way if one password is breached, your other accounts remain secure. Two-factor authentication can also protect you in the event your password is exposed.

There’s no way to completely protect yourself from a data breach, short of abandoning the Internet. But these steps can help mitigate your risk. Sign up for Proton Mail(new window) today and minimize how much data you share with any organization to avoid having your data exposed in the next breach.

Best Regards,
The Proton Mail Team

Related articles

A cover image for a blog describing the next six months of Proton Pass development which shows a laptop screen with a Gantt chart
Take a look at the upcoming features and improvements coming to Proton Pass over the next several months.
The Danish mermaid and the Dutch parliament building behind a politician and an unlocked phone
We searched the dark web for Danish, Dutch, and Luxembourgish politicians’ official email addresses. In Denmark, over 40% had been exposed.
Infostealers: What they are, how they work, and how to protect yourself
Discover insights about what infostealers are, where your stolen information goes, and ways to protect yourself.
Mockup of the Proton Pass app and text that reads "Pass Lifetime: Pay once, access forever"
Learn more about our exclusive Pass + SimpleLogin Lifetime offer. Pay once and enjoy premium password manager features for life.
A cover image for a blog announcing that Pass Plus will now include premium SimpleLogin features
We're changing the price of new Pass Plus subscriptions, which now includes access to SimpleLogin premium features.
Infinity symbol in purple with the words "Call for submissions" and "Proton Lifetime Fundraiser 7th Edition"
It’s time to choose the organizations we should support for the 2024 edition of our annual charity fundraiser.