Recently Nicole Perlroth, who covers cybersecurity and privacy for the New York Times, sat down to be interviewed by one of her own colleagues. The interview covered some ground on how readers can protect their own data. Let me list her main recommendations. Wherever possible, I will provide my reasoning on why she may have recommended a particular step:

DOs AND DON’Ts ON PERSONAL DATA PROTECTION

Do not hand over email or Birthdates to retailers.

My take: This may sound a bit harsh. Sometimes retailers may wish to forward a copy of the purchase receipt to your email ID. At other times, they may want to start your Rewards Programme account. There is no denying the convenience. But the worry is can retailers keep your ID safe? Very often, an account or card verification process may start with you being asked to verify your email ID. If someone had harvested your email ID from a retailer, you are providing an easy first step for the criminal. A workaround would be to start a separate email ID just to service retailers, which you won’t link to anything else.

Stricter standards should apply to providing Birthdates.

My take: Sometimes a retailer may ask for your birthday to offer special discounts. The intention may be harmless. But if the retailer doesn’t keep your data safe, you will be unnecessarily exposing yourself to cyber criminals. There’s no workaround here. Simply avoid providing your birthday details to a retailer.

Don't use debit cards unless you are at a bank. Use your credit card when you can, instead of your debit card.

My take: This appears to be another harsh prescription. But she may have recommended this because there’s more protection for credit card misuse from the card issuer. In debit cards, you withdraw money directly from your bank account. It is more of your risk than that of the card issuer. Therefore, the protection offered may also be less.

Do not use self-checkout systems at merchants, because those are often the first place hackers will scan.

My take: The self-checkout system seems to be a feature in the West than in India. In self-checkouts, staff supervision is less. This may have drawn the attention of criminals to such checkout lines. This year’s breach at retailer Home Depot in the US, involving stealing of personal data of 56 million customers, began by criminals infecting the company’s cash registers with malware. So checkout lines are very vulnerable to attacks by criminals.

Use long, complex passwords. Do not use the same password across multiple accounts.

My take: Too many studies have come out about the unfortunate popularity of useless passwords. Time spent in creating strong passwords will save you a ton of trouble.

In her book Online Reputation Management for Dummies, Lori Randall Stradtman has given a simple way to create strong and safe passwords.

I recommend it. Here are the steps given by Lori:
<<
1.)  Brainstorm for a minute on a sentence or phrase that has some special meaning to you.             (However, try not to choose one that’s really popular right now.) For example:

• A favorite song lyric

• A line of poetry

• A movie quote (my favorite).

Let’s use ‘All we are is dust in the wind’ as an example.

2.)  Convert your phrase into an acronym. We’re using ‘All we are is dust in the wind,’ so the           acronym is ‘awaidinw.’ It’s just the first letter of each word.

3.)   Substitute at least one letter with a number. With ‘awaidinw,’ it may look like this:

• awa1d1nw (the letter i is replaced with the number 1)

4.)   Substitute at least one letter with an upper-case letter. Our password in progress could            look  like this:

• awa1d1nW (the last letter, w, gets capitalized)

5.)   Substitute at least one letter with a symbol. Our password in progress could look like                this:

• @wa1d1nW (the first letter, a, is replaced with @)

Congratulations! You’ve just created a password that’s 1.34 tresvigintillion more times, or               1.34  trillion trillion trillion trillion trillion trillion times stronger than your chance of winning           the lottery. Please don’t use this particular one! Now that I’ve described, created, and                     published this password, it is no longer a strong choice. Come up with your own!
>>
Got it? Now go ahead and create your own passwords using this method, but make sure you do not use the same password for many accounts.

Use two different web browsers — one for email and bank account, the other for eCommerce and general web browsing.

My take: No comments.

Switch on two-factor authentication wherever u can.

My take: This is as simple using a debit card and its pin while doing an ATM transaction. The right debit card is the first step, and the right pin is the second step. Many email service providers now allow two-step or two-factor authentication. Make use of it to keep your account secure.

For instance, to authenticate your Gmail Account, simply sign in and go to your Accounts section by clicking on the link seen under the icon in RHS top.

Once there, please click on Security and then say Enable to 2-Step Verification. Enter your mobile number and click for the 6-digit verification code from Google to your mobile phone.

Once you have entered the code, your computer is verified for the particular Google Account. Only when you log in from another unverified computer will you be asked again to authenticate using the code sent to your mobile phone. You can also add other computers to the safe list. Please add this additional layer of safety to your email accounts as an insurance.

Put masking tape over the webcam on your computer.

My take: You may be surprised to hear this recommendation from the cybersecurity expert at The New York Times, but I am voting for it. There have been too many instances of criminals hacking into webcams and leaving people in grief. Laptop manufacturers sneaked in this ‘innovation’ without taking buyers into confidence. It pays to be careful. Cover the webcam with a masking tape whenever you are not using it.

Someone can use stolen data for identity theft and tank your credit score.

My take: Credit scores are very important for individuals in developed countries. In India too, credit-rating agencies no play an important role in assessing the loan-worthiness of individuals. Keep your credit cards and online identities safe. Let no one misuse it and cause harm to your reputation as a trusted borrower.

Hackers are actively selling medical records on the black market. Someone mayyou’re your medical identity and pollute your lifetime medical records.

My take: This advice is more relevant to consumers in developed markets where medical records have been extensively digitized.

Recommended tools by Nicole Perlroth:

Wickr, a mobile app that encrypts and self-destructs messages.

Silent Circle, software which allows encrypted phone calls.

My take: These tools could be more relevant to developed markets.

e.o.m.

Manual penalty is Google’s ultimate weapon to punish a website which it suspects to have indulged in bad behaviour. Webmasters get the hint that their sites are facing a possible manual penalty when it completely or partially disappears from a Google search result.

For instance, if you key in your website’s URL in the Google search field, and the search result does not return a single page from your site, you can be sure that you are facing a manual penalty. Sometimes only a sub-set of pages from a very large website are made to disappear from Google’s search index. Even then, regardless of whether the penalty is site-wide or partial, its effect would be pretty devastating on the business.

CONFIRM, AND THEN TAKE ACTION
If you suspect that your site has been penalized by Google, the first step to take would be to confirm that you are indeed facing the penalty. For this, log in to Google Webmaster Tools, and then click Search Traffic in the dashboard.

Now click Manual Actions. If your site has been penalized, it would be listed here. Depending on the punishment, it can be ‘Site-wide’ or ‘Partial’. Further, there would be a mention of the Reason for the action, as well as a list of the parts affected under the Affects header.

Click on Reason to find out why your site faced the penalty. It could be one of the following:

Unnatural links to your site — impact links.

This means Google suspects you could be buying links or collaborating in link schemes. If you think you have been punished wrongly, you should use the Reconsideration tool

Unnatural links

If you see this listed as the Reason, it means Google is seeing a pattern of manipulative links pointing to your site. As a result, it has taken manual spam action against your site.
In this case, you should download the links to your site using Webmaster tools, and check the list for links that violate Google’s guidelines on linking.
Once you’ve identified such links, contact the webmasters of such sites and request them politely to either remove their links, or add a “rel=nofollow” attribute. A good SEO practitioner can help you here.
It’s possible that you are unable to remove some problem links. This is where you use a tool called Disavow links tool provided by Google.
Once you have removed or disavowed the links, it’s time to use the Reconsideration tool and ask Google to index your pages once again.

Hacked site

If this is what you see under Reason, it means Google believes one or more of your pages have been hacked by third parties.
Google suggests a series of steps to clean up your site. A good SEO practitioner can help you in this case. Once you are sure that your site has been cleaned up, it’s time to use the Reconsideration tool to ask Google to index your pages once again.

Unnatural links from your site

This message means Google suspects you are providing unnatural and manipulative links to others from your site as a beneficiary of some link-buying scheme.

You should either remove these links or ensure that they don’t pass your link juice by using the “rel=nofollow” attribute. Once done, use the Reconsideration tool to ask Google to index your pages once again.

Thin content with little or no added value

If you see this message, it means Google has applied a manual spam action on your site because it thinks you have low quality pages of these types:

·   Pages with automatically generated content

·   Thin affiliate pages

·   Scraped content from other sources

·   Doorway pages

Identify these pages and correct the violations. Once done, use the Reconsideration tool to ask Google to index your pages once again.

Pure spam

If you see this message, it means Google believes you are practising aggressive spamming. You have to then clean up the affected pages, and approach Google for reconsideration.

User-generated spam

If you see this message, it means has Google has identified that your site hosts pages with spam generated by site users. Such spam can exist in site forums, profile pages, or guest pages. Once again, identify such pages and do a clean-up. Then knock on Google to reconsider.

Measures suggested by Google to prevent user-generated spam include the following:

·  Use a CAPTCHA system

·  Turn on comment moderation

·  Use the “nofollow” attribute

·  Add a ‘report spam’ feature

·  Disallow hyperlinks in the comment box

·  Block Google access to comment pages by using robots.txt file

·  Monitor your site for spammy pages by setting up Google Alerts for keywords linked to spam

Cloaking and/or sneaky redirects

If Google thinks your site shows one page to Google, and another to users, or redirecting users to a site different from what Google saw, you will get this message.
To clean up, you have to use a tool called Fetch as Google. This enables you to compare pages as seen by Google, and by other users. If the two are different, start cleaning up the source of this. Once done, request Reconsideration using the tool meant for that.

Hidden text and/or keyword stuffing

If Google thinks some of your pages contain hidden text or keyword stuffing, you will see this message. You could take the help of a good SEO practitioner, or on your own review Webmaster Guidelines on Hidden text and Keyword stuffing. Use the Fetch as Google tool to find content visible to the Google crawler, but hidden from human visitors. Remove or re-style such text, once identified. Once done with the clean-up, use the Reconsideration tool to ask Google to index your pages once again.

Spammy Free hosts

This applies if you run a free web hosting service and a significant number of your users are indulging in spam. The recommended steps are to block creation of automated content, and monitor the service for abuse using simple, but effective tools like site:operator query or Google Alerts.  There’s also a Safe Browsing Alert Tool for Network Administrators provided by Google. For other best practices, it’s best to contact a knowledgeable SEO practitioner.

Spammy Structured Markup

In case of the above message, it means Google thinks some of your HTML or CSS code may be using techniques outside its rich snippet guidelines. Webmasters use rich snippets to take advantage of Google’s offer to provide a rich summary of your page in the search engine results page.

To fix this error, first refer to the guidelines. After clean-up, test using the Structured Data Testing Tool provided in the Webmaster tools. Once done, submit for reconsideration.

THE IMPORTANCE OF GUIDELINES

So there we have it, a summary of the most usual reasons given by Google for punishing your Website with the dreaded manual penalty.
Some of the remedial measures listed above may require handholding from an experienced SEO practitioner. As you can see, search engine optimization is not all hot air. There are situations like being at the receiving end of the dreaded manual penalty when you would certainly need the services of an SEO firm.

It’s foundational that as a website owner, you should be thorough with Google’s Webmaster Guidelines. In the instances given above, one finds again and again that the remedy suggested by Google refers to the Webmaster Guidelines. So make sure you have it well covered on that front because it could be the best insurance to ensure you don’t ever face manual penalty from Google.