January 28th marks the 16th annual Data Protection Day, if you live in Europe. If you’re in the US, it’s the 14th annual Data Privacy Day. Slightly different names, but the same day was officially adopted in both territories, for the same reason. Namely, to promote and recognize the growing importance to every individual, organization, and business of data protection – and privacy.
As the volume and variety of data that can be collected, stored, and analyzed has skyrocketed over the past decade-and-a-half, we’ve seen the issue given growing prominence. Both the European Union and individual states within the US (including California, Utah, Colorado, and Virginia) have created specific legislatures obliging businesses and organizations to protect the personal data they acquire.
When it comes to how we as individuals use and treat our own data and that of others, though, there are often fewer safeguards in place. And statistics around the number of us that are continuing to fall victim to social engineering, phishing, identity theft, and other scamming attempts suggest there's room for improvement.
So here are five basic areas where all of us can ensure we are up-to-date with best practices, and have a basic understanding of the threats we may come up against. By keeping these in mind, anyone can help to reduce the chance of becoming a victim.
Adopt good password and authentication management practice
Hopefully, the days are long gone when it was customary to simply use something like a child's name, our date of birth, or simply the word "password" as a password. Well, hopefully … but evidence suggests otherwise. According to password management specialists NordPass, the world's most commonly used password in 2022 was still "password." Second on the list is “123456”. Ho hum.
Once you know this, it probably isn’t surprising to learn that 81% of corporate hacking-related data breaches are down to poor passwords. This is why, basic as it sounds, understanding and rigorously sticking to rules of best-practice when managing your use of passwords and other authentication methods is the most important single step that everyone should take.
The simples rules here are:
Use strong passwords – at least 12 characters, 16 is even better! Mix letters, numbers, and special characters while trying as much as possible to avoid words found in a dictionary. Crucially, ensure that although they are unique and impossible for anyone else to guess, they are still memorable to you – this will reduce the risk of you writing them down.
Avoid reusing passwords – Particularly for different accounts that protect sensitive data. If a hacker accesses one, they will probably try and use the same password to access others.
Don’t share passwords with anyone – even if you trust them, there’s a chance they might write it down where someone else could find it.
Use a password manager – These simplify the process of creating secure passwords for any number of services, and despite the fact that several of them have themselves been successfully hacked, security experts still recommend using them for the security benefits they bring. This is essentially because anything can potentially be hacked, and as we’ve discussed, it usually happens because of unsafe passwords. As password managers effectively force you to stop using unsafe passwords, the risk of hackers gaining access to any of your accounts – including your password manager – is reduced across the board.
Use 2FA – Most importantly, because two-factor authentication (requiring another method personal to you, such as a phone number or email confirmation) successfully deflects up to 99.9% of attempts to gain unauthorized access.
Keep everything up-to-date
We all know how easy it is to postpone or knock back those offers to download software updates. Unfortunately, hackers do, too, and as those updates often contain security patches designed to defend against known exploits, they know that non-updated and out-of-date software, operating systems, and other installations offer some of the easiest picking out there.
These days, many devices and applications offer automatic updates, which are best kept enabled whenever possible. But operating system updates – that might make a device unusable for anything from a few minutes to a few hours as they are applied – often have to be manually launched after the download has been completed.
Systems and applications for which it is particularly important to ensure are always running the most up-to-date version include:
· Operating systems – updates generally include essential security fixes.
· Firmware updates – These affect the way that the device hardware itself runs. This is a particular cause for concern with internet-of-things (IoT) devices, which may not seem likely to contain much in the way of valuable data themselves (smart home appliances, for example) but could be used to gain access to other devices which do.
· Web browsers – often the first line of defense against threats that are launched from hostile websites.
· Anti-virus and anti-malware – ensuring these are updated means that they are aware of the latest threats and prepared to defend against them.
Read and understand data protection and privacy policies
No one bothers to read all of those several-page-long privacy and data protection statements that we have to agree to before we can access online services or use our new piece of software or hardware, do we? Well, if you want to take protecting your personal data seriously, then, unfortunately, it's time to start doing so.
The good news is that legislation such as GDPR and the CCPA are making it harder for service providers to squirrel away clauses that surreptitiously give them permission to do unsavory things with your data. The bad news is that we can’t assume that many of them aren’t still going to try and get away with doing so.
We’ve all done it, sure. But if, even with everything we know today about the way data is collected, used, and sent around the world at the speed of light, we still blindly click "I agree" without making sure we know what we agree to, we've only got ourselves to blame for the consequences.
Use a VPN
A virtual private network (VPN) lets your device connect to the internet through a third-party server rather than directly and also encrypts all of the data that is sent or received. This gives your privacy a big boost by essentially ensuring that the services you are connecting to can never know who you are – all they can “see” is the address of the third-party server. In terms of online security and data protection, VPN technology is one of the most advanced and foolproof steps that anyone can take to ensure they are not exposing their private data to the world as they conduct business online. They are available in both free and paid-for versions. Security experts generally recommend choosing a paid-for service (they aren’t expensive) as they offer a higher level of security, are less likely to become unavailable due to high levels of use, and are available from a number of providers that have been independently audited to ensure that they are genuinely offering true privacy to their users.
Audit your privacy settings
Social networks and many other online services (such as cloud software providers) now almost universally offer comprehensive options for deciding how much of your own information you want to let escape into the wild. In the context of a social network, this includes details such as whether other users can find you by your email address or telephone number. Or, once they have found you, are they able to access other information that the network holds on you, such as data you have uploaded (pictures, videos, personal information, and so on) or data that it has generated, such as how you are using the network.
Chances are, if you’ve been using a site or service for a long time, as many of us have been doing now, you may have set these long ago and never bothered to go back and check them. Alternatively, they may all still be left on their default settings. Data Privacy Day (or Data Protection Day) is as good a day as any to pay an (at least) annual visit to the privacy settings section of your favorite social media account or suite of cloud productivity applications and ensure that other users can only see information about yourself that you’re happy broadcasting to the world.