Protecting your data to ensure data privacy is crucial for both enterprises and individuals, especially with the number of hackers and cybercriminals continuously rising each and every year.
In this age of social media and internet 4.0, with just a little bit of digging, we can find personal information about virtually anyone online: email address, phone number, full name, where you go to school, and even your physical address.
On the other hand, these cybercriminals are always seemingly one step ahead of regulations and laws, so we must take proactive actions in protecting our own data privacy.
What Kinds of Data are Potentially Compromised?
You may be surprised by how much of your personal and other information is potentially available on the internet. Here let us discuss some of the types of information that is commonly available on the internet and how cybercriminals can leverage it:
1. Your full name, physical address, email address, social security number (SSN), medical records, educational records, employment records, date of birth, and more.
Cybercriminals can use PII to impersonate you online and perform various identity theft attacks (more on this below).
It is important to note that GDPR considers personal data all data where the link between the personal data and an identifiable individual is not so tangible, or where the individual can also be identified indirectly.
2. Electronic conversations: your IMs, emails, and text messages are stored on the service provider’s server somewhere.
Imagine if someday Facebook’s server is breached in one way or another and all your Messenger messages are leaked.
Hackers can also use your account’s contact to send spam and phishing attacks (impersonating you to trick someone you know). Also, hackers can potentially intercept Zoom conference calls, among other online conversations.
3. Browsing data: we all know how various websites are using cookies or other methods to track our browsing activities for advertising purposes or otherwise.
Hackers also target this data, and there’s always the potential of breaches in the future.
How Identity Theft May Affect You
For individuals, the most common and most dangerous impact of a data breach is the theft of personally identifiable information (PII) or personal data. This allows cybercriminals to impersonate you online or blackmail you to leak some sensitive information and ask for money.
In an identity theft attack, the attacker may:
- File a false tax refund return using your stolen social security number (SSN) and intercept your refund before you file the real return.
- Using your insurance policy’s details to trick a healthcare provider to send fraudulent bills to your insurance company.
- Opening new credit card accounts with your personal information, and use the new credit card to purchase things in your name.
- Applying for government benefits.
How to Protect Your Privacy Online
Now that we’ve learned why protecting data privacy is important, we have to start protecting both our devices and the networks we’re in by implementing the following best practices:
- Always use strong and unique passwords: a basic but very important approach. Don’t use the same password for all your accounts, or you will be vulnerable to credential stuffing attacks.
- 2-factor authentication: enable 2FA on your accounts when the service allows. For example, Google’s services are all 2FA-enabled.
- Don’t download and install suspicious apps: only install official apps that are available on Apple App Store or Google Play Store.
- Update your software/apps regularly: software manufacturers release security patches for a reason. Make to update your OS/software/apps as soon as updates are available.
- Use anti-bot solution: various credential stuffing and data breach attacks are made possible with the use of malicious bots.
- Uninstall old and unused apps: pretty self-explanatory, they may contain security vulnerabilities and can be a gateway for hackers to access your data.
- Deactivate autofill: autofill is a convenient, time-saving feature, but it’s also a potential vulnerability that hackers can exploit. Hackers can easily find PIIs like your name, address, phone number, and more if your autofill data is stored in an unsecured location (and chances are, you don’t know where they are stored on your computer).
- Use VPN: ideally, every time you have to use public Wi-Fi, but at least when you are sharing important/sensitive data and make sensitive transactions
Financial and Reputation Damages
According to Cybersecurity Ventures, the financial losses tied to cybercrime will rise to more than $6 trillion every year by this year (2021).
The financial impact of a data breach can be devastating for virtually any company, including compensating affected users, investigation costs, investment into new security infrastructures, and potential legal fees. Obviously, a high-profile data breach will also significantly impact the company’s valuation and share price.
Adding to that new data protection laws, like GDPR set strict rules about data breaches. However, arguably the long-term and sometimes permanent reputational damage is more serious.
Various researches have suggested that 30% of customers will stop doing business with businesses that have suffered from data breaches. In this age of social media, people can easily check a business’s track record, and this damage can be long-lasting. That is, the company might find it difficult to attract new customers and investors.
Protecting your privacy online should be one of the priorities when it comes to your online behavior. Being mindful of the data you share on social media, the passwords you use, and the security of your information will help you protect your private information.
As far as companies go, they will need to implement proper technical and organizational measures to avoid data breaches, protect personal data, maximize the ability to detect data breach when it occurs, and minimize the consequences.
As you can see, it’s no longer an issue exclusive to big enterprises and organizations, but everyone might be targeted by cybercriminals.