This blog post was published on 25th May 2023 and the information may be out of date.

Over the weekend, I travelled to London on the train to meet up with family, and we went to see Moulin Rouge at the theatre. In both of those situations, I heard and saw some incredible potential for personal data leaks. (The show was amazing, by the way!)

On the train, we ended up seated with another group of adults who chatted for a good 90 minutes about their own financial affairs, and those of their close family and friends. Did they even think twice about who was listening? It certainly didn’t help that it was the quiet zone, and they were the only people talking.

It’s an important reminder to think about your environment when you’re talking about personal or sensitive information, whether in person, over the phone, or online. If someone malicious gathered enough other personal information about anyone in that conversation, it might have made them a prime target for social engineering.

In the theatre, we were seated on the balcony, where the rows of seats are stepped quite steeply. If you were interested, it would have been exceptionally easy to see what the people one to several rows in front were doing on their phones before the show and during the intermission. How about if you’re sat next to or in front of a stranger on the bus or train — do you think about what you’re showing on your device’s screen and who could be looking?

It’s likely that you already know this in other contexts as shoulder surfing — an age-old example is cashpoints (ATMs) and card payment terminals, where you’ve always been advised by your bank to make sure you cover the keypad when you enter your PIN. The same goes for entering passwords into phones and computers, regardless of whether you’re in an office environment or out in public.

You can keep most apps like those for banks and investments secure with individual app locks — this also serves as an interruption for your brain, so you can consider whether you should open that app in public. Use a password manager to autofill passwords where you must enter them, and try to use biometrics (like face or fingerprint sign-in), not PINs or manually typing passwords, so people can’t observe you typing them in.

Let’s not forget that your social media profile could technically be a public presence. It’s a good idea to regularly check the privacy and security settings on your social media profiles and show as little as possible to people you haven’t made connections with (“friends” on Facebook, and followers/people you’re following on other platforms). Really keep the publicly accessible information minimal, so scammers can’t for example grab your photo and set up a detailed new account pretending to be you. Here are the most common applicable ones:

Finally, be mindful of what you post on social media. Do you post anything that indicates when your pay date might be? Look out for payslip scam emails. Do you reshare and participate in the quizzes that give you a fun nickname based on personal information? The original poster might be trying to acquire possible security question answers from it (names of first pets, date of birth, street names, etc.) Do you post photos from your desk at work? Make sure that nothing sensitive is visible on your paperwork or screens within the photos when you’re sharing!

There’s a lot to think about, and it sounds scary at times, but introducing a little more mindfulness when you share information publicly (in the real world or online) can create good habits and keep you and your private information safe.

Currently reading (book links go to The StoryGraph):