Why It’s Important, and Why You Should Protect It
There were 1,244 data breaches in the United States alone in 2018, and that only includes the incidents that actually get reported. It’s no wonder then that only 12% of survey respondents report feeling confident in the ability of the federal government to protect their data online.
In today’s increasingly digitized world, it’s crucial that you take steps to protect your sensitive data online—in this brief guide, we’ll show you how.
Cybersecurity threats are quickly becoming a normal part of contemporary life. More than ever before, our lives are intertwined with internet-connected devices due to the rise of smartphones, social media, dating apps, and online banking.
As we become more deeply connected with our electronic devices, we expose ourselves to more cybersecurity threats and opportunities for third-parties to exploit our data for financial gain. The concept of data privacy has to do with how we handle pieces of information (“data”) with respect to their worthiness for confidentiality.
Not all data is created equal. For instance, you might be comfortable sharing your name with a stranger. However, you’re probably less likely to share your home address or your place of employment. That’s why it’s important that we create standards and routines that keep our sensitive personal data private.
In common parlance, data privacy refers to critical information relating to one’s personal or professional life. Often, these data are dubbed “personally identifiable information” (PII) for its ability to reveal who you are in real-life. Common examples of PII-related data include your:
In the case of businesses, data privacy is equally concerned with preserving sensitive information related to the day-to-day operations of the company. A private corporation, for example, will want to protect any data pertaining to their research and development (R&D), trade secrets, balance sheets, income statements, or—worst of all—their customers’ data.
In the hands of malicious actors, sensitive data can be exploited to extort them of money or intellectual property. There are also many instances of personal data such as photographs or banking information being used as blackmail by cybercriminals and hackers.
Although data theft can wreak havoc on an individual or a business, it’s even worse in the case of hospitals and health service providers. In 2019, hospitals were the primary targets of ransomware attacks by black-hat hackers with 17 hospitals and clinics affected. Since user data is so valuable to healthcare organizations, ransomware victims often pay millions of dollars to retrieve the data stolen from their possession.
With the advent of new information technologies, we’re presented with more conveniences than ever that save us time and energy. Likewise, we’re also presented with as many vulnerabilities for identity theft and cybersecurity attacks by hackers compromising our devices or our networks.
It’s no wonder, then, that a recent PriceWaterhouseCoopers report found that 69% of consumers believe that companies are susceptible to cyberattacks and hackers. More than ever, businesses and their customers are concerned with the safety of their information and whether their data privacy rights are being respected.
In the same report, a slim minority of respondents (10%) claim that they feel they have total control over their personal data. From this, one might assume that consumers are looking to government authorities and regulators to tighten restrictions on how their data can be used.
However, the opposite is true, with 72% of respondents claiming that businesses and the private sector are better-suited to protect their data than government actors.
The solution is that private sector businesses must go the extra mile to protect their customers and user’s data. Since consumers are putting their trust in companies to preserve the integrity of their data, it’s crucial that they respect the preferences of their customers or else consumers will shift to other options in the market where their data is safer.
Recent developments in the private sector have attempted to address consumers’ demand for more comprehensive data privacy independent of the government. The Open Web Application Security Project (OWASP) is a nonprofit organization that has developed a covenant for cybersecurity and software specialists looking to further data privacy regulations.
OWASP encourages those who work with sensitive data to adopt measures and protocols to safeguard personal information from potential theft or exploitation. This is doubly true of security specialists who work with secure data transfers because data packets can be stolen and tampered with at any node in the network in which the forwarding IP address operates.
The unfortunate truth, however, is that there is very little real privacy online. Data sent via the Internet is subject to theft and scrutiny by government authorities and black-hat hackers. However, there are precautions that businesses and individuals alike can take to keep their data as safe as possible.
Privacy-minded individuals can take steps to keep their information safe from watchful eyes. Fortunately, you don’t need to encrypt your data before a dozen VPN layers or buy a supercomputer that can encrypt all the data your computer receives in an instant. Instead, there are simple techniques you can adopt to keep your PII out of hacker’s hands, including:
Ultimately. It’s your responsibility to be a good steward of your personal information. If you care about preserving your data privacy, follow the basic tips outlined above to provide yourself with basic protection against data and identity theft.
Ransomware is a relatively new form of malware in which the attacker threatens to publish the victim’s personal information or indefinitely restrict access to it until the victim pays a ransom. In most cases, ransomware hackers utilize techniques collectively called “cryptoviral extortion” to make it impossible for victims to retrieve their data without the hacker decrypting it.
In the 2010s, the prevalence of ransomware attacks grew precipitously. There were over 181.5 million reported ransomware attacks worldwide in January 2018 alone. Of note is the CryptoLocker ransomware attack which extorted over $18 million from victims between 2013 and late 2014 via pre-paid cash vouchers or bitcoin.
Law enforcement agencies around the world, including Interpol, the Federal Bureau of Investigation (FBI), the UK National Crime Agency, and the US Department of Justice all actively collaborate to investigate and take down ransomware attackers. For instance, a joint law enforcement operation code-named Operation Tovar successfully ended the CryptoLocker ransomware virus after isolating the root file in May 2014.
In virtually all cases, ransomware attackers demand payment in the form of popular cryptocurrencies such as Bitcoin, Ether, or Litecoin. Since cryptocurrencies allow for anonymous transactions without the use of third-party intermediaries such as banks and payment processors, cryptocurrencies are the payment method of choice among ransomware hackers.
Backing up your sensitive data is perhaps the strongest defense against hackers and thieves who pose a threat to your data privacy. When you back up your data, you create an insurance policy of sorts for your data by providing an alternative access route in case your PII is compromised by a malicious third-party.
Plus, backing up your data to a remote, cloud, or on-premises secure file sharing system hedges against the risk of natural disasters, hardware or software failures, or plain old human error. The unfortunate truth is that anyone can lose their sensitive data if they aren’t careful, and creating a second or third copy of their data can come to the rescue in case of an emergency.
A 2018 survey found that 67% of all data losses were due to hardware and technological failures, which can be prevented by backing up your data to a separate hard drive or cloud storage solution. The fact remains that your data privacy can be breached even if you don’t make any mistakes or human errors—so, you should take care to protect yourself by investing in a data backup option.
Having a second copy of your data strips ransomware attackers of their power to extort money from you. Unless the ransomware attackers are able to hack into your backup data storage device, you will have no need to pay the attacker for your information because it’s already readily available.
To further protect your data from ransomware hackers you should ensure that your backed-up data is subject to end-to-end encryption. When data is encrypted, cybercriminals are forced to decrypt the information using advanced cryptography which necessitates a great amount of computer processing power—an investment that may not be worthwhile for an attacker.
The General Data Protection Regulation (GDPR) and other data protection regulations and laws help protect individuals’ data and require data owners to follow potentially costly requirements. The GDPR establishes strict legal standards that govern how personal data can be shared and stored.
Under the GDPR, the cost for violating data privacy regulations ranges from approximately $22.5 million to four percent of the organization’s annual revenues, whichever is greater. Notable fines imposed under the European Union’s new GDPR include $222 million and $120 million levied against an airline company and hotel multinational, respectively.
Under the new law, companies that hold individuals’ data must report any instance of data breaches or identity theft to European supervisors within 72 hours of the breach taking place. This way, compromised data is not left in the dark and individuals can be made aware of whether their data is in the hands of malicious actors.
In the United States, the California Consumer Privacy Act imposes regulations resembling the GDPR on companies that collect individuals’ data. Upon entering into force in January 2020, the Consumer Privacy Act seeks to strengthen Internet protocols and standards to prevent data breaches and exploitation.
Today a new era is dawning in the world of digital privacy. Under California’s act, as well as the GDPR, any data breach must now be disclosed to regulators. California’s data privacy bill, which was passed unanimously by both houses of the state legislature, restricts the data-harvesting practices of technology and social media companies—in doing so, they also limit the amount of data that can be stolen and exploited from consumers.
In 2019, the US Federal Trade Commission levied an unprecedented penalty ($5 billion) against social media company Facebook following eight distinct privacy-related violations. In today’s world, private corporations have more access to our data than ever, and unless we hold them accountable we may end up with our data stolen or sold to malicious parties.
If you don’t take care of your data, you may find yourself victim to black-hat hackers who steal and encrypt your data so you cannot access it unless you pay a ransom. Fortunately, you can prevent data theft by using strong passwords, backing up your data to an external storage device, using a secure file sharing service and being cautious about who you divulge your personal information to.
With the passage of Europe’s GDPR and the California Consumer Privacy Act in 2018 and 2020, respectively, achieving cyber resilience has never been more important. Although private corporations and organizations are now required to comply with comprehensive data privacy regulations, individuals must also maintain responsible data privacy habits to ensure that their data doesn’t end up in malicious hands.