Millions of people are unaware of and uninformed about how their personal information is being used, collected or shared in our digital society. Data Privacy Day is a time to inspire dialogue and empower individuals and companies to take action.
While it is important that your organization implements policies, procedures, and technology to protect your data, it is also important that you do your part. The Identity Theft Resource Center‘s Annual End-of-Year Data Breach Report revealed that there was a 17 percent increase in breaches over 2018. There are several actions you can take to protect yourself from falling victim to the next attack.
Protect your personal information as if it was money.
One of the most common misconceptions that individuals and small to medium sized businesses (SMBs) have regarding their personal information is that non-financial data has no value. It is a misconception that only financial information like payment card numbers or bank accounts has monetary value to data thieves. This leads to one of the most common growing concerns called credential stuffing.
Credential stuffing is not new, but it has exploded since 2018. The theft of email addresses and passwords from businesses of all sizes fuels credential stuffing attacks where criminals use automated systems to attempt to access accounts at a business using the stolen information. Why? Because up to 83 percent of individuals use the same password and email for more than one account. So long as people use the same credentials for multiple sites, credential stuffing will continue to be an issue.
Limit the information being collected on you.
Unless you trust a site, don’t give your address, password, or credit card information. Look for indications that the site uses SSL to encrypt your information. If it seems suspicious, leave the site. Although some sites may require you to supply your social security number (e.g., sites associated with financial transactions), be especially wary of providing this information online.
Always be conscious of any emails asking you to click, download, or reply.
While using cookies may be one method for gathering information, the easiest way for attackers to get access to personal information is to ask for it. By representing a malicious site as a legitimate one, attackers may be able to convince you to give them your address, credit card information, social security number, or other personal data. See The Scary Truth Behind Phishing Attacks for more tips on phishing emails.
Organizations should be taking proactive steps from “behind the scenes” to help protect employee and client data. It is important to keep virus protections up to date, actively monitor for spyware and malware, and implementing an overall layered cybersecurity approach to include BCDR, employee training, patch management, unified threat management, and more. An easy way to keep data security at the top of mind is to sign up for our weekly cybersecurity tips found here.