Have you ever experienced loss of very sensitive corporate data and there was nothing you could do to recover it? All the data gone just like that! Do you think about who might have access to your data, where it’s being stored, or if it’s being shared without your consent? You are not alone! Data privacy or information privacy is what we all want to know, but it cannot be discussed without Data Protection. Privacy is about authorised access, who has the data, and who defines it. Data privacy is a legal issue, while data protection is a technical one.
Allow me to take you through a short story.
It feels like yesterday when my friend called me from work one evening in September 2018; I nearly jumped out of my seat when she told me her boss had been robbed off corporate data. The attackers were so sophisticated that they impersonated her boss and gained access to the company’s information. Apparently, they had been sending him emails like “Do you want to relocate to Canada, Germany or France? Click on this link to get a free ticket”. You are probably familiar with this type of clickbait as a lot of us have received, and still receive emails like this. It was not until the attackers had encrypted the organisation’s data and requested a ransom that they discovered how the breach happened. You’d think things could not get any worse, but they realised that the only available backup for restore was that of six months ago as the backup server in the environment wasn’t working properly. The security and backup team had sleepless nights trying to recover the lost data. Just imagine what they had to go through.
Since data is the most important asset we have, it means we need to be conscious of who and where we share our information. Information relating to health, account details, and ideas ought to be kept confidential. Social media is the largest data collector with the likes of Google, Facebook, Twitter, etc. having all our information in their database. We agree to the terms and conditions ignorantly because we do not have a choice if we want to use the product. However, how do we know what is being done with our information? How about what happens if the company experiences a data breach?
Since data is the most important asset we have, it means we need to be conscious of who and where we share our information.
Data privacy should be the concern of every individual and organisation, which leads us to the question of – How can we effectively secure our data and protect our information from unauthorised access?
Here are a few ways you can achieve this:
- Implement zero-trust policy, whereby you don’t trust anybody and give the right amount of access to users to perform specific tasks assigned to them.
- Implement multi-factor authentication which allows the users to specify a second level of authentication after they have inserted their credentials (Username and Passwords) before they can be granted access to corporate data.
- Avoid clicking links or attachments; especially from unfamiliar email addresses. Click-baits are one of the easiest means attackers use to get access to your data.
- Avoid public networks, and more importantly, don’t send any sensitive information over public WiFi. Regardless of the urgency, this is not advisable. However, if you must, you can read this guide on how to use public WiFi securely, and still keep your data private online.
- Download and install software or applications from reliable sources only. Ensure that it is a secure site with “https”. Also, check reviews and ratings to be sure it is a valid site.
- Always backup your data to prevent data loss. By backing up your data, you can always recover it, especially when it is stored in the cloud.
- For organisations, implementing a strong anti-ransomware/malware like Sophos Intercept X which uses machine learning and deep learning to detect threats, and instantly block them from your corporate network is advisable. Intercept X also provides root cause analysis which tells us when, where, and how a device was compromised.
Now that you know the ways with which you can keep your data private, we hope you take necessary measures, and avoid losing sleep over how to keep your data private.
Happy Data Privacy Day to you!