Data theft is a serious issue and major concern for everyone, from behemoths like Apple to bootstrapped startups and consumers. Recently, US military social media accounts got hacked, and you may also be aware of the famous Sony hacking case, and the list goes on…
According to a report by Privacy Rights Clearing House, in the United States alone, more than 600 million records containing sensitive information have been stolen since January 2005. This shows how pervasive the effect of data theft is and why data protection is crucial.To address this issue, an international effort was undertaken in 2008, declaring January 28th Data Privacy Day; to raise awareness and to ensure that data privacy anblog.d protection become a priority for online users.
We want to help spread the word about Data Privacy Day 2015 and that’s why we’ve created this massive post which will help you in several ways:
- You’ll learn about data privacy – how can you be and stay safe online and protect your identity
- We’ll cover the history of Data Privacy Day and show a nice shareable infographic with a lot of facts.
- If you’re a blogger or journalist and you’re looking for nifty quotes for your article – we have you covered. We invited 9 data privacy and security experts to comment and give advice on digital privacy and security. Among them are Robert Siciliano, Bruce Schneier and Rebecca Herold.
- The icing on the cake is our featured privacy round table discussion with Pulitzer Prize winner Byron Acohido and security journalist Fahmida Y Rashid who writes for SecurityWeek and PCMagazine.
Watch our featured round table with Pulitzer Prize winner Byron Acohido
*Transcript and show notes following soon.
Data Privacy Day – History
The 113th US Congress adopted a nonbinding resolution, S. Res. 337, in 2008 that supports January 28 of every year throughout the United States and Canada to be observed as the “National Data Privacy Day”. European nations signed the first international treaty concerning data privacy, Convention 108, on January 28, 1981. Since then, Data Protection Day has been celebrated on January 28th throughout Europe.
Personal data, financial records, intellectual property, and other valuable online information are the areas of interest that lure digital villains to steal, cripple and forge, leaving you and your business shaken. They further use this data to empty your bank accounts, misuse credit card details to initiate transactions against your name, or they can even sell your personal information to a third-party for a huge amount of money.
Hence, you need to establish strong security to save your data from these virtual pirates. Through robust data protection, you can safeguard your network, computers, and mobile devices so that valuable information is not misused.To summarize, Data Privacy Day is observed to:
- Educate consumers and spread awareness that will help them understand the risks and benefits of sharing personal information, showing them the various ways their personal information can be collected.
- Educate consumers by providing them accurate, simple, and reliable advice that ensures better protection and active management of their virtual lives.
- Inspire consumers to always consider the privacy implications of their online activities for themselves and others.
- Stir up businesses to look after their data and confidential information through clear discussion, and educate their staff about established privacy and security control.
Types of Data that Require Protection
The collection and dissemination of data through technology with the public expectation of privacy and the underlying personal, legal, and political implications are referred to as data privacy or data protection.
This concern will exist wherever personal, confidential, or other sensitive information is collected, stored,or shared―in the digitized world or otherwise. Privacy issues can derive from the improper or non-existent disclosure control of information. These data privacy and protection issues can arise due to various kinds of information. Some of these types are recognized below as:
- Posting Information Online – With the growth of social networking, more and more people are posting their personal information, images, and videos online, which, if not monitored and protected through strict privacy controls, can be hacked by online goons for their selfish interests.
Various search engines enable users to collect personal data about individuals easily across multiple sources through proper data mining. Nearly everything is accessible online today, so only a controlled amount of information should be presented on portals and sites.
According to an Identity Theft Report, approximately 15 million residents in the US are exposed to identity fraud activities each year, incurring financial losses of more than $50 billion. This is a clear example of why you need to be careful while posting your information online.
- Medical Records – Three major categories of medical privacy include: informational (the control over personal information), physical (controlling the physical accessibility to others’ information), and psychological (the respect of doctors for patients’ cultural and religious beliefs, values, and feelings). Due to potential damage to their employment or insurance coverage, an individual may not be comfortable revealing their medical records to others. Medical records also will allow others to access a certain degree of patients’ personal information.
- Financial Records -This is one of the most sensitive areas of information, which includes an individual’s financial transactions, amount of assets, stocks or funds, debts, and online purchases. Cyber criminals take great interest in these items, and gaining access to such information results in fraudulence and identity theft
- Geographical Location – Location-tracking capabilities through mobile devices are increasingly used by this generation and lead to user privacy issues as well. By tracing mobile information, a lot of personal and professional data can be collected about an individual.
Steps that You Can Follow to Secure Data Privacy
Here are couple of steps you can take to ensure your private data is safe.
- Ensure using password protection and restriction as the first steps to establish sturdy data privacy. Avoiding the use of passwords is quite similar to leaving your home unlocked, which invites goons to steal your data and breach privacy.
- An easy way to monitor the information about you online is to use the Google Alert setting for your name. Just enter the name and the variations of it, so you will be notified whenever you are mentioned online.
- When you are not using your online accounts, make sure that you sign out of them. This will reduce the amount of tracking on your web activity as well as prevent the next user from snooping through personal details This is especially important when you are using a public computer.
- Avoid giving out email, phone numbers, zip code or other personal details which may prove to be vulnerable later on. These can get the hackers close to your secured information, helping them steal it.
- Encrypting your device is essential to establish strong data protection. Encryption refers to monitoring and scrutinizing the contents through an encryption key before it gets to your hard drive. On a Mac machine, FileVault does the job,while Bitlocker needs to be used by PCs for proper encryption.
- To establish hard security on your smart devices, remember to turn on the two-step authentication in your email account – which will ensure that even if a stranger gets your password, he or she will not be able to sign into your account.
- Try to make most online purchases through cash, avoiding online transactions that seek your bank account details.
- Restrict what you post online through privacy settings on social networking sites so that all the information that you post is shared and accessed by the known network.
- Browser history and cookies need to be cleared on a regular basis, thereby reducing the risk of exposure regarding your behavior and activities online.
- Resort to an IP Masker such as Tor to hide online whereabouts. This ensures that your online activities are not easily tracked or followed.
- Install the compatible anti-virus for your system and continuously update it to secure all your activities on your device, from online browsing to downloading files.
Data Privacy Day is a reminder to of all us that these steps will help reduce cyber-crimes and keep us safe. In the words of Michael Kaiser, NCSA’s Executive Director,“With so many of our day-to-day activities carried out online, Data Privacy Day seeks to inspire everyone to manage their digital lives with concrete, simple, and actionable steps.”
What Data Security Experts Have to Say About Privacy
We asked the top data security experts what’s their take on current privacy issues in our digital society. You can read their comments and advice below covering a wide range of areas, from personal online privacy in social networks to business data protection and the Internet of Things. Make sure to take out your notepad and jot down some ideas.
Byron Acohido – Pulitzer Prize Winner
As a business owner you bear the burden for security.Three vital principles to live by:
—Know your data. It is vital to know what you’ve got and how it is being protected. That should lead to an ongoing dialogue about keeping up with best security and privacy practices.
—Communicate with your employees. All employees must fully grasp what constitutes unacceptable behaviors, and monitoring tools and policies can both support productivity and coverthe gaps.
—Vouch for you partners. Control access to sensitive data and apps. Limiting and monitoring partner access can be done in smart ways.
Byron Acohido, ThirdCertainty.com
Fahmida Y Rashid
It’s easy to get discouraged about how much control you really have over your data when large companies are storing them in servers out of your control or sharing with third-parties you know nothing about. But there are things you can do, such as thinking about what kind of things you post on social networks, restricting your privacy and security settings on your accounts, and turning on security and privacy features in browsers. If you have a choice between using a software or online service that offers you security features and one that doesn’t, reward the company that recognizes privacy.
Fahmida Y Rashid
The erosion or privacy is as a result of significant changes in how consumers connect via social coupled with the fundamental shift from print advertising to online advertising. The current state of privacy will continue to erode unless consumers recognize they have a choice and their actions and inaction is what determines the outcome.
Robert Siciliano, IDTheftSecurity.com
Data is a byproduct of computing, and as computers increasingly permeates our lives both the amount and intimacy of this personal data increases. This data is increasingly collected by both industry and government. Our privacy will continue to erode unless we recognize that we have both a political and a marketplace choice to make, and that only deliberately choosing privacy will ensure that we have privacy.
Bruce Schneier, CTO of Co3 Systems, and author of “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.”
Data Privacy Day is a day for governments, businesses, all other types of organizations, and all individuals to think about the importance of maintaining privacy in an increasingly connected world. Governments are at pivotal time in history where many, such as the UK and the US, are considering the removal of privacy in the name of safety. Governments must realize that there are ways to have both, it is not an either/or choice. Businesses and organizations need to consider implementing privacy protections into their services and products as a business necessity that will improve their business, not something that takes away from business.
Especially when they are creating new online services, apps, and smart gadgets that will become part of the Internet of Things. And every person must decide that their privacy is important to preserve; they must demand government , businesses and organizations to implement policies and processes that will enable privacy preservation. But people cannot solely depend on others to maintain their privacy. They must also be proactive and willing to learn how to protect their own privacy by being wiser online when sharing information, by recognizing scams and social engineering schemes, by knowing how to change privacy controls in their computing devices, and by implementing strong security and privacy controls within their own personal wireless networks. Everyone must address privacy in today’s hyper-connected data world.
The “Internet of Things” (or connected objects) started to infest our houses and offices. Plenty of new gadgets are built to help us in our daily life but are also a new threat for our privacy. When you connect a new device on your home network, it will make a bridge between your private life and the manufacturer. Think about a smart thermostat which will control your home heating system. It will also know when you’re at home… or not! What’s your way of living, your habits. Like cloud solutions, risks must be properly assessed before connecting them to the Internet (which is often mandatory). Such “smart” devices are not so smart…
Xavier Mertens, blog.rootshell.be
There are only three true privacy threats: The first is the private sector. Any non-government, commercial, not for profit, free or for fee site operator that posts or collects any information that is personal or sensitive in nature is a potential privacy threat. Next is the government or public sector. Government agencies that surveil, collect or publish any information that is personal or sensitive in nature is a potential privacy threat. The final threat is you. You are ultimately responsible for containment or leakage of far more personal information than you imagine quite simply because most humans are social beings. We often seek companionship or communities and share with these without pause. Public-private-personal partnerships are necessary to protect privacy.” –
Dave Piscitello, securityskeptic.com
Our society has become in a very short time digitally connected and the consumers didn’t have the time to understand the implications of data privacy on their lives. We can be sure that every provider of an online service is doing everything legally possible to obtain maximum information about its users.
This is person related information, as well as information that the user is voluntarily (or not) sharing with others in online platforms.
Because many people don’t take their online actions seriously or don’t understand the consequences, they tend to act differently in their online life than in their offline life. If I would have to give just two pieces of advice that one should remember about privacy, they are:
- When online, don’t tell or share with anyone something that you wouldn’t also tell them loud in a room full of people listening.
It sounds scary? Think that re-sharing your comment with the entire world is usually one click away.
- Once you publish or upload something online, independent of your security and privacy settings, it doesn’t belong just to you alone anymore.
It also belongs to the provider of the service.
Imagine that if they have a security leak or a breach, your personal digital belongings can land in the wrong hands. Now it is more important than ever that the connected users understand that their data is there to stay, possibly forever. And sometimes, this is not what they want.
Sorin Mustaca, IT Security Expert, Author of the free eBook: “Improve your Security”
Data security is not only about protecting data at rest, it’s also about protecting data in transit. One of the best tools for protecting information as it is transmitted across a network is TLS (Transport Layer Security). However, using TLS securely requires proper configuration. Recent vulnerabilities such as BEAST, CRIME, BREACH, LUCKY 13, RC4 Weaknesses and POODLE have resulted in changes in TLS configuration best practices. When using TLS to protect data in transit, make sure it is configured with the latest best practices.
Nick Sullivan, cloudflare.com
If the Internet is an accelerator, data privacy is like car brakes that enable us to both drive fast, and safely arrive at our destination in one piece.
Dan Lohrmann, securitymentor.com
When you enter information into a website the privacy of that data depends on 2 things:
- the policy the organization controlling the website publishes and abides by
- the technical controls they have put in place to maintain security
These are some of the questions anyone concerned about their privacy should be asking websites that store or process information that should be kept private.
Every year we see massive increases in how scammers and criminals are using personal information to attack businesses and the everyday person. What can you do? Educate yourself, use critical thinking and be prepared ahead of time to know how you will handle these attacks, not if but when they occur. This is the only way to stay safe from an intended attacker.” – Christopher Hadnagy, CEO Social-Engineer, Inc. SocialEngineer.com