Happy Data Privacy Day from Allendevaux & Company!
Today is Data Privacy Day 2022! Data Privacy Day celebrates the day the Council of Europe signed the world's first legally-binding data protection legislation and it's a great opportunity to reflect on your personal and professional privacy practices!
As an individual, here are some of the top tips for ensuring the security and privacy of your online information:
Enable multi-factor authentication (MFA): Most websites offer users the ability to enable multi-factor authentication (sometimes called two-factor authentication), which adds an additional layer of security to online accounts. By enabling MFA, a website will send you a one-time passcode via SMS, email, or an app which is required in addition to your password. This ensures that, even if some hacker has your password, they still can't get into your account!
Check your social media privacy settings: While social media is a great tool for connecting with friends, family, and colleagues, it can also inadvertently provide hackers with information about you which could be used to crack your password or steal your identity. For example, if you're friends with your mom on Facebook and her profile shows her maiden name,* plus your love of Thai cuisine and your pets are well-documented, someone may be able to use this information to guess the "security questions" for accessing your accounts! Make sure your social media privacy settings only allow people you know and trust to see your information. *For the record, I'm not saying you shouldn't be friends with your mom on social media.
Set up a passcode or biometric lock on your mobile devices: Our phones are no longer devices limited to calls and texts. Nowadays, they can contain a treasure trove of information about you, your work, and even your finances! Enabling a lock screen on your mobile device can ensure that no one can access this sensitive information if your device is lost or stolen. Some mobile devices will automatically encrypt their contents as well once you enable a passcode!
Use strong passwords and don't re-use them: I know, I know. This one is a huge pain and everyone is sick of hearing it. "How am I supposed to remember 30 different passwords that each need to have a number, symbol, and the name of a Renaissance artist??" But using the same, simple password for every account is a surefire way for hackers to steamroll their way through all of your private information--if they crack one password, they've cracked them all! One effective way to ensure you're using strong, unique passwords is to leverage a password manager (e.g., Dashlane or LastPass). Password managers can automatically generate strong passwords for you, store them securely, and even fill in login forms! Many of them are also cross-platform so your data is synched across your computer and mobile devices. Then, you only need to create one super-strong password to remember which protects all your other passwords.
Set up alerts for suspicious logins and charges: Many websites and services allow you to set up alerts if you appear to be logging in from an unexpected place (you live in Illinois but just logged in from Romania? Seems phishy...). Most banks also allow you to set up alerts for purchases in unexpected places or above a certain amount. These can be a great way to notify you if something suspicious is happening with one of your accounts.
Be skeptical: This one is very broad, but it has to do with questioning someone's motives when they ask for sensitive information. To be sure, there are certain activities which legitimately require sensitive information, but cyber criminals will often pose as legitimate organizations and ask for information. They like to put pressure on potential victims by saying things like, "Your account will be shut down in 24 hours" or "If you don't respond, you will face legal charges" as a way to make people react without taking time to consider the legitimacy of the request. When you see something like this, take a deep breath before you respond and look for clues that may indicate the request is from a scammer (e.g. an email says it's from "Bank of America" but the sender's email address is ni4aow4et87@americabank.icloud.ru).
These are some great ways to keep your personal and professional information secure as an individual. Organizations face additional challenges, including complying with regulations about privacy such as the EU's General Data Protection Regulation (GDPR), the UK's Privacy and Electronic Communications Regulations (PECR), and the California Consumer Privacy Act (CCPA). Allendevaux & Company employs experts in the field of digital privacy and security and we are passionate about helping organizations stay secure so they can maintain their customers' trust and keep focused on the services they provide (instead of trying to dig themselves out of a data breach/noncompliance hole).
To request more information about how Allendevaux & Company can assist your organization in improving its security stature, complying with privacy regulations, and achieving related industry certifications, please reach out to our Data Protection as a Service team by sending an email to dpaas@allendevaux.com. or through our Contact form.
This post was written by David Sutherin
Certified ISO 27001 Lead Implementer, CREST CPSA, CompTIA Security+
Senior Cybersecurity Analyst