National Data Privacy Day is here, and the subject of data privacy has never been more critical to discuss than it is today.
We can't seem to go a week without a new data breach dominating the headlines. Earlier this month, it was revealed that a document called Collection #1, containing over 772 million emails and 21 million unique passwords, was uploaded to a popular hacking website. This capped off a year where major companies like Marriott were hit with data breaches, and others like Uber and Equifax continued to deal with fallout from their own earlier breaches. And despite the headline dominance and top-of-mind awareness, companies continue to fall prey to tactics that leave their data exposed and their customers at risk.
In honor of National Data Privacy Day, here are four insider tips for keeping your data privacy protected.
This first tip doesn't seem very insidery - it's probably the most frequently repeated advice given after every data breach - and yet the majority of people continue to ignore it. In one study, conducted by Virginia Tech University and password management company Dashlane, it was revealed that 52% of users used either the same password or modifications of the same password across multiple sites. Even more disturbing, they found that users would still reuse passwords on other sites even after a breach occurred.
There is no excuse for reusing credentials when applications like Dashlane or LastPass can generate, store, and autofill unique passwords for every website you use. These apps can be installed across browsers and devices, so you never need to worry about forgetting a password.
In an increasingly mobile world, the risk of losing technology with sensitive information is at an all-time high. For laptops in particular, extra security measures are essential to keeping your data safe.
One method for adding an extra layer of security to your laptop is Full-Disk Encryption (FDE), a method that encrypts all of the data on a disk drive and locks it behind a password. FDE is available on both Mac OS (through FileVault) and Windows Pro (through BitLocker), and ensures that your data will remain secure if your laptop is stolen. There are some trade-offs with FDE, mainly that the process can slow down the time it takes you to access data, but that's a small price to pay for bolstered protection.
Software updates can be annoying. No one likes getting hit with a mandatory system restart in the middle of the day, and it can be tempting to turn automatic updates off while thinking, “I'll remember to do this update when I'm not busy."
The problem is that it's easy to forget to manually run those updates, and out-of-date software can leave your computer vulnerable to malware and other cyber attacks. The trade-off just isn't worth it, so leave your automatic updates on at all times.
If you've followed cybersecurity breach news over the last year, you've likely noticed the term 'Magecart' popping up repeatedly. This collective of hackers and cybercriminal groups has been responsible for wide-ranging credit card skimming attacks on companies like Newegg, Ticketmaster, and British Airways, and their attacks are not limited to major corporations.
Magecart's tactics have been multifaceted, from breaching Newegg's payment system directly to exploiting a third-party plugin with malware to breach Ticketmaster. The wide variety of tactics are a helpful illustration of the holistic approach that businesses must take to keep their websites protected.
We could write multiple articles on the importance of and strategic approach to website security, and Matan GK from app security company Arxan has an excellent breakdown of every step that a business should take to avoid being the next Magecart victim. But at its most basic level, make sure you have a complete understanding of which third-party products are running on every page of your website, and stay up-to-date on data breach news to know if a third-party product has been compromised. Also make sure that you have a rapid response plan in place in the event that your website is compromised, so that you are able to react quickly and are not caught flat footed.
Above every individual tip, diligence is the top overarching lesson for protecting your data privacy. Diligence in protecting your hardware, diligence in protecting your software, diligence in staying current on privacy news and knowing the new ways that hackers are attacking companies. Keep data privacy top of mind, and you will always be prepared.