Data Privacy Day – 5 Ways to Secure Data
Data Privacy day is celebrated globally on the 28th of January. The goal of the day is to increase awareness on ways to secure data.
Some things like employing a password manager, and being aware of what is personally identifiable information can go a long way to improving your own data protection, and securing your personal information online.
This year, Brush is committed to celebrating Data Privacy Day by sharing some ways to secure data online.
5 Ways to Secure Data and Enhance Data Protection
1. Enable 2 Factor or Multi-factor Authentication
When it comes to the world of social media and online shopping one of the most effective steps everyone can take at securing their account is to enable to additional security options offered for authentication.
2 Factor or Multi-factor Authentication will require when you log into your account that you enter something you know (like your password) and something you have. The something you have could be a code texted to your mobile device or generated through an app like Authy, or a fingerprint scan.
These additional steps make it harder for someone who has maliciously gained your password to access your account.
According to the Cybersecurity and Infrastructure Security Agency (CISA), “Implementing MFA can make you 99% less likely to get hacked”.
For accounts like social media, banking, online shopping, this one step can enhance the protection of your personally identifiable information immediately. It’s not a silver bullet, but it significantly increases your protection.
2. Use Strong and Unique Passwords
The days of using Password123 or 123456 as your password should be long gone, yet many users still use very common passwords.
One of the easiest ways to ensure that your personally information online remains secure is strengthening your passwords.
By extending your password length from 8 to 12 characters you can immediately make it more challenging for someone to hack your password.
According to research done by Hive Systems, the average time to crack an 8-character password would be 39 minutes.
However, if you increase your password length to 12 characters you can increase that length of time to 3,000 years.
The Easiest Way to Secure Data
One of the easiest ways to increase your password length without sacrificing being able to remember it is to create pass phrases.
These phrases can help make it easier to remember and recall your password.
We recommend our users choose 2-3 things that are unrelated to each other and have some great ways to help with password memory.
If a website requires additional complexity, you can always build it into those words with things like a number or symbol in place of a letter.
Another best practice for data protection is to make sure that you aren’t using a single password for everything.
The risk when we do that is that if a privacy leak happens on one site, all of your personal information is now at risk.
3. Be Watchful for Phishing and Smishing
Phishing has become a much more known element in recent years.
Threats have evolved intensely beyond the original “Nigerian Prince asking for money” schemes.
These phishing scams now can vary from laughably bad, to extremely sophisticated attacks.
The best prevention and protection for date privacy is to be watchful from the beginning.
Smishing is a gaining traction as another common attack approach risking individual and corporate data privacy.
These attacks will target users via SMS or text message and ask them for funds, gift cards, access.
In either case, the most important thing to do is pause and verify before you click or send anything.
According to Statista, there are over 611,800 known Phishing sites detected worldwide.
Red Flags to Avoid as a Way to Secure Data
- A request that doesn’t make sense given the circumstance. Would your CEO really text you on your first week and ask you to go purchase $500 gift cards from Walmart for him?This should be a red flag.
- Email addresses that don’t align with the sender.We see email addresses spoofed often in these attacks where it will say one name like Jen Dalton as the sender.Upon inspection the email address behind it is something similar to 128848@notbrushclaims.com.
- Another common attempt is to gain access to someone’s email history and send a spoofed email in reply to a valid former conversation.The red flag to watch for here would be a reply to a conversation in a time frame that doesn’t make sense.(i.e. Asking you to look at an invoice when you haven’t worked with that vendor in over a year)
- Suspicious URLs are one of the easiest ways for threat actors to try and gain access to your data.Hovering your mouse over links to view the underlying URL can be a quick verification. If it’s not an expected email you should validate it externally.An example would be an email saying your Facebook account request was processed but you don’t recall requesting one. Instead of clicking the link, log into Facebook directly.
4. Browse Safely to Keep Personal Information Online Secure
One of the most common risks to personal information online these days is unsafe browsing behavior.
This can be as simple as storing passwords into your browser settings, instead of using a password manager.
Password managers can offer a much deeper level of security than locally stored passwords.
Another common mistake that can lead to malware is not running an ad blocker.
Many news sites especially those that run off some of the commercially available ad providers can be exposed to malware threats within the pages that the ads point to.
Sometimes the malware will be in the form of a Zip file or other downloadable item.
Bleeping computer explains in their recent article, these files can be cleverly disguised to try and bypass anti-virus.
4 Easy Ways to Secure Data When Browsing
- Avoid clicking on anything you’re unsure of
- Use a password manager
- Never downloading anything from unknown sources
- Keep your Ad Blocker enabled.
5. Recognize Personally Identifiable Information (PII)
Knowing what is and isn’t considered PII is important when dealing with your own or someone else’s information for business.
Within the frame of reference that the National Institute of Standards & Technology (NIST) lays out we consider it things such as:
- Name
- Social Security Number
- Date or Place of Birth
- Mother’s Maiden Name
- Bio-metric records
- Or any other information linked to someone’s medical, financial, educational or employment records.
The General Data Protection Regulation (GDPR) also includes any location specific information, cultural information and social identities.
In years to come data protection regulations will continue working to give individuals as much protection as possible.
Even with privacy legislated we still can take measures to protect our own and others data when we’re handling it.
When sending your own personal data, use an encrypted email service and be sure you are confident the individual you’re sending the data to really needs it.
At times you are handling other individuals personally identifiable information we have a responsibility to comply with the regulations and standards.
4 Ways to Secure Data as a Business
- Redact documents wherever possible.
- Enforce rules to ensure only individuals with an explicit need for a particular type of data have access.
- Leverage pseudonymization to data that is stored.
- Apply encryption to data being transmitted and stored in your care.