VIP Apps Consulting

Digital Security – Tips for Protecting Your Privacy and Security

The sudden shift to remote work in response to the COVID-19 pandemic has brought new risks and security challenges for organisations. A study by CrowdStrike showed more cyberattacks in the first six months of 2020 than in all of 2019. At the same time, the recent last WhatsApp controversy highlighted the growing fears about data privacy. Many users worried that their data could end up with Facebook and sifted to other competitors with higher data protection, abandoned WhatsApp after the messenger service changed its privacy policy. With data breaches making the front pages every month, organisations need to continuously improve their data policies and models.

Organisations need to achieve sound privacy practices to protect businesses and customers. These changes demand that companies improve their plans and procedures and ensure that their systems are compliant. Forward-thinking organisations implement privacy by design. Privacy by design is an approach to systems engineering that seeks to protect individuals’ privacy by integrating considerations of privacy issues from the beginning of developing products, services, business practices, and physical infrastructures. This requires organisations to proactively address their obligations by designing data governance roles, processes, policies, and technology with privacy in mind rather than reacting to current and forthcoming privacy legislation. In doing so, organisations improve risk and reputational management and encourage greater transparency and data-driven decision-making across their business.

What is Data Security and Data Privacy?

The terms data security and data privacy are often used interchangeably. However, it’s important to understand the distinction.

Data Security protects data from compromise by external attackers and malicious insiders. It’s the set of standards and different measures that an organisation takes to prevent any third party from unauthorised access.

Data Privacy governs how data is collected, shared and used. Data privacy revolves around how data is legally collected or/and stored and all the regulatory restrictions such as General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).

In a nutshell, data protection is focused on protecting assets from unauthorised use, while data privacy defines who has authorised access. Data privacy controls are mostly given to users. Users can usually control which data is shared with whom. Data protection is mostly a company’s responsibility.

If we look at the numbers in 2020 on the GDPR breach notifications and fines, there was a drastic increase in enforcement actions by DPAs across the EU. EUR272.5 million (about USD332.4 million / GBP245.3 million) of fines have been imposed for a wide range of infringements of Europe’s tough data protection laws, according to international law firm DLA Piper. The aggregate daily rate of breach notifications in Europe experienced double-digit growth for the second year running with 331 notifications per day since 28 January 2020, a 19% increase compared to 278 breach notifications per day for the previous year. In 2020 alone, 278 breach notifications per day. And considering some of the larger fines issued, DPAs (at least for the time being) are focusing on user consent.

Data security is a growing challenge, and ensuring your company’s data is safe is an on-going effort. To keep your information secure, you need to evaluate your system strategy to stay on top of the latest developments.

Data Breaches and How to Prevent Them

Data breaches that affect hundreds of millions of people are far from uncommon. About 3.5 billion people saw their personal data stolen in the top two of the 15 biggest breaches of this century alone. According to recent statistics, identity theft accounts for 65 per cent of data breaches worldwide. Only in 2020, globally, 30,000 websites were hacked daily, and in Q2 2019, ransomware attacks peaked with a 363% YoY growth. Hackers use very sophisticated tactics. According to Cybint, 95% of cybersecurity breaches are caused by human error. That’s why you must train your employees and make them aware of the common threats and how they can avoid them. These are some areas you should consider when training your employees:

Clicking Without Thinking Is Reckless
Just because you can click doesn’t mean you should. Beware of flashy click-bait content and odd request. A recent report from a cybersecurity company found that the Covid-19 and the pandemic was the main theme of nearly 16.5 million threats and attacks launched against its customers in 2020. Before clicking, researching online can prevent hackers from getting your information.

HTTPs Everywhere
“S” in the HTTPs means Secure. The difference between HTTP and HTTPs essentially means whether the data is encrypted in network traffic or not. There will always be some sites that are HTTP that you should be aware of in terms of any information exchange with those sites goes unencrypted in the network traffic vulnerable to being interpreted along with the metadata (the contextual data of the interaction) to piece the picture. A browser plugin that forces you to check/proceed if you encounter any HTTP sites will be of great help. e.g. Https Everywhere.

Strong Passwords
Although somewhat obvious, easy-to-crack passwords remain one of the most common reasons why data gets stolen. Most of the data breaches happen through what’s called a Brute Force technique. This means it’s easier to crack your password with fewer permutations.
a. Set your password with a minimum length of at least 12 characters containing a combination of numbers, letters (Capital and small), special characters and avoid familiar words such as someone in the family or obvious dates.
b. Check if any of the passwords you are using is already on the hacked list. If so, refer to the previous point.
c. Check your password’s strength and see how long it would take for a hacker to crack your password here.

TOTP/2FA
Complex passwords are great to protect you from Brute Force attack, but if the data breach happens directly with your online service provider, then no matter how hard a password you set, it is compromised if the service provider hasn’t used salt and hash. Check all the online services you use and see if two-factor authentication is available. Most key online services already have this, but you need to enable it for your account. Mostly this would be under the account setting of the service. It could either be Time based on a one-time password (TOTP) with generated token through a phone app such as Authy, Microsoft Authenticator, Google Authenticator, 2FA or at the least token sent to your mobile.

TOTP = Time-based One Time password (The likes of soft and hard security tokens)
2FA = 2 Factor Authentication (Generally framework to describe the additional layer beyond password)

Malware and Phishing
These are common reasons why internal security breaches occur.
Users can be victims of a Malware, which as Microsoft explains, is short for malicious software and is typically used as a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network, whether it’s a virus, spyware, et al.
Phishing attacks are also frequent. As Kaspersky explains spear phishing is an email or electronic communications scam targeted towards a specific individual, organisation or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.

Secure Your Router
Most router manufacturers set a default admin password that can be easily known through the internet. And router manufacturer can be identified from the broadband provider (mostly).
• Change your router admin password to something complex
• Change your default Wi-Fi name/SSID something cryptic – Most of the Wi-Fi signals reveal your broadband provider and indirectly your router manufacturer.
• Do not broadcast your Wi-Fi name/SSID – When you want to connect your device for the first time, you would have to choose Others when selecting the Wi-Fi and then type the SSID and password. This is only once, and after that device remembers, and auto connects.
• Enable a guest network through your router administrator login for any guests to separate the network boundary between home connections and guests.

Browsing via Public Wi-Fi
Whenever you connect to public Wi-Fi through Coffee shops, Pubs etc.., then everything you do online essentially can be tracked by a Wi-Fi provider and a clever hacker if the network is not secure. If you don’t have a VPN service, avoid using secure online services such as email, banking or anything that needs username/passwords directly when connected to public Wi-Fi.

Update Software and Operating Systems
Software and operating system know what elements became vulnerable for hackers, so they release updates that address these problems. You need to keep your systems and software patched and current. Both your operating system and your anti- virus application must be updated on a regular basis. Hackers are always ready to use any vulnerability, so you should make sure that all your software is updated on time.

Get more insight like this
in your inbox

Subscribe to our mailing list and get industry and technology insights and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

The form collects name and email so that we can add you to our newsletter list for updates. Checkout our privacy policy to learn how we protect and manage your submitted data.

Get more insight like this
in your inbox

Subscribe to our mailing list and get industry and technology insights to your email inbox.

Thank you for subscribing.

Something went wrong.

The form collects name and email so that we can add you to our newsletter list for updates. Checkout our privacy policy to learn how we protect and manage your submitted data.