How to protect online data: U of T Citizen Lab's Security Planner tool offers safety tips from the experts

Our online accounts, from email to banking to social media, contain some of our most important, private information – and there’s a lot of it, with the average internet user maintaining roughly 92 accounts.  

Amid a growing number of data breaches and the recent scandal involving Facebook and Cambridge Analytica, people may understandably be looking for more and better ways to protect themselves on the Web.

Fortunately, researchers at Citizen Lab, at the University of Toronto's Munk School of Global Affairs, have some recommendations.

“Password managers can really help improve your online security by helping you to use unique and strong passwords across a variety of different accounts without having to remember them,” says Christine Schoellhorn, project manager for Security Planner, the Citizen Lab’s online safety tool. “If you use email, the most common threats you face are phishing and password theft. A password manager helps reduce some of the burden of using different passwords by automatically inputting your username and password into the websites that you use.”

Schoellhorn also recommends enabling two-factor authentication (2FA) for an additional layer of protection for your online accounts. The 2FA method requires a small extra step, like entering a verification code sent to your phone, in addition to entering your password on certain websites. “It’s a small lifestyle change, but the impact is really tremendous,” she says. “We are increasingly putting a larger amount of our private lives online and that can be a risk. Keeping yourself safe can also protect other people within your network.”

Safety tips like these and more are available through the Citizen Lab’s Security Planner tool. Users are prompted to take a brief survey to assess their personal security needs and, based on their survey results, are given a tailored action plan to address their most pressing safety concerns. Users can get instructions on everything from how to secure their web browser to how to run a security checkup on their Facebook account.  All of the site’s recommendations are based on peer-reviewed research by a cross-section of digital security experts.

“People want to be more secure online but they’re not sure which actions are a good use of their time and what might be overkill. There’s a lot of contradictory advice out there,” says John Scott-Railton, a senior researcher at Citizen Lab and editor of Security Planner’s recommendations. “So, we thought, ‘Why don’t we get a bunch of experts together, gather the best ideas and then provide those to users in a way that’s accessible?’ The goal of Security Planner is to make those first security steps as easy as possible.”

Most of Security Planner’s tips are quick and easy to implement. Although the tool is designed to help the average Internet user, it also provides links to outside resources for people who may be at a higher risk of cybersecurity threats because of who they are or what they do. (Certain groups – like journalists, legislators or dissidents – may be at a higher risk of cyber-attacks. Citizen Lab has released several reports outlining the details of targeted threats they’ve uncovered.) Designed to be simple and straightforward, the tool provides each user with the safety tips they need most, and strips away information that may not be as useful.

“So many guides that are available online just provide a wall of text. And for someone who is already feeling anxious about taking steps toward better security, they don’t want to have to read a 20-page document on how to be safer,” says Schoellhorn. “They want targeted advice with as little extraneous information as possible.”

The tool is also built to evolve. There is a section on the website for users to provide feedback and the recommendations on the site are updated as security threats change.

“It’s important to keep information updated and current, because security problems change and advice needs to change with it,” says Scott-Railton. “As soon as you take one of those security steps, you’re better off than before you did. We did market research and really tried to find ways to make these recommendations accessible. Because just as free and open communications should be a right, security should be a right too.”

Looking for more online safety tips? Visit securityplanner.org for your personalized safety action plan.