A VPN only prevents interception of data between you and the server. Whatever info you voluntarily give to the server, they can use or be misused as the case might be..
Short of wearing a tin foil hat I am very careful about data security:
- Never, ever use "Use my facebook login" when subscribing to new services. It may be convenient but you are just opening yourself for a world of pain in the event of a data breach. Have a specific login/account for every website and service.
- Never use the same password for more than one service.
- If you have so many passwords you cannot remember them all, then consider using a password manager program. However, don't store the true passwords in that program (maybe think of a simple and universal prefix that can be added to every password, but isn't stored in the app). Again this is in case the program gets breached.
- Never state true date of birth except for any services which legally need to complete Know Your Customer (such as banking, government and health services etc)
- If you must use question/answer type prompts for a password recovery, instead of using simple guessable answers such as your Mum's maiden name, consider using responses that consist of numbers.
- Encrypt the hard drives on your computers at home. Encrypt your backups and store them in separate locations to the computers.
- Use 2 Factor Authentication whenever it is available, but do NOT use your own mobile phone # for SMS option, in case your phone account is hijacked. Google Authenticator is very good.
- If you must use SMS/phone authentication option for any accounts, consider using your work mobile # if you have one, or your partner/spouse's phone.
- If you have a second mobile phone, set up Google Authenticator on that phone as well (so you have a backup in case your primary phone goes missing). Trying to recover Google Authenticator without the primary device is a PITA.
- Set up 2 Factor authentication for your internet banking, for any requests to transfer money to third party accounts.
- If travelling, always get your own SIM card or data service. If you must use a free wifi access point anywhere, ALWAYS use a VPN. If you are in a sketchy country, use a VPN anyway even if you get your own SIM card.
- On your phone, all apps which you might not want someone who takes your phone to access, should be hidden behind a password protected folder/app. This is even if you use a screen lock. Norton App Lock is a good free one.
- Get all your bills emailed to you. Consider a PO Box for other mail.
- Register for:
https://haveibeenpwned.com
Stay safe everyone!