Every January 28th, data security groups from around the world host Data Privacy Day events. In the United States, the National Cyber Security Alliance (NCSA) organizes events to raise awareness of data privacy and how important it is in today’s connected world. This is especially important with the implementation of the GDPR (General Data Protection Regulation) in the European Union last May, which was designed to empower individuals to learn what personal data is being captured and stored, to take back that data if necessary, and protect identities. Similar legislation is expected to arrive in the United States and other countries soon.
Since one of the key pieces of the GDPR allows individuals to request personal data from an organization that is storing it, of course hackers are finding loopholes. The regulation advises companies to check who is requesting the information, but doesn’t mandate how to check identity, which means that hackers will soon find (or have already found) ways to try to use indirect ways to steal your personal data.
This Data Privacy Day, the focus is likely to be on advising companies on how they can fight fraud through behavioral biometrics and AI to ensure that people requesting personal information are who they say they are. For individuals, there are some good guidelines that anyone who uses a computer, smartphone or tablet should take to heart.
1) Take the time to visit StaySafeOnline.org on Data Privacy Day. The site has resources for both businesses and individuals.
2) Stop. Think. Connect.™ This simple mnemonic should go through your mind every time you use one of your devices to connect to a site or company, either through a browser or app. What it means is that before you commit to connecting to any online information source, stop, think about the connection you’re making (Is it a valid address? Am I being asked for information that I should not divulge? Should I click on website links in emails?), and only when you feel sure that your personal information is safe, then make the connection.
3) Change your passwords often, and take advantage of strong authentication methods when available.
When it comes to passwords, the NCSA recommends some simple methods to secure accounts:
- Make your password a sentence at least 12 characters long. Focus on positive sentences or phrases you like to think about that are easy to remember (like “I love black cats”). Many websites allow spaces in sentences, making sentence passwords even easier to remember.
- Have a separate password for each account. Having a unique password for each unique account makes it difficult for cybercriminals to use one email address and one password to steal your identity. If you have too many accounts to remember all of the passwords, at least separate work and personal accounts, and make sure that critical accounts for financial services have the strongest passwords.
- Write passwords down and keep them safe. Sure, you can request a password reset, but a better method is to keep a list that’s stored in a safe and secure place away from your computer. For those of you who have literally hundreds of online accounts, use a password manager like 1Password, Dashlane or Kaspersky Password Manager to keep track those passwords.
Of course, our Apple devices are getting better at fortifying online accounts. When you can, NCSA suggests that you lock down your login. This means enabling the strongest authentication tools available, such as biometric methods like Touch ID and Face ID, security keys, or one-time codes available through an app on your mobile device. Usernames and passwords are simply not enough to protect key accounts like email, banking, and social media.
If your email providers, online services and financial institutions offer strong authentication through two-factor authentication (2FA) or other methods, take advantage of them. NCSA offers a comprehensive list of companies that provide different types of two-factor authentication for online services, and suggests that your request 2FA if your providers aren’t on the list.