View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 28, 2015updated 22 Sep 2016 11:44am

8 ways to celebrate Data Privacy Day securely

What better way to celebrate Data Privacy Day than with 8 expert tips on how the consumer and enterprise can protect and secure sensitive data.

By Ellie Burns

Happy Data Privacy Day! Today is all about awareness, an international effort to encourage Internet users to consider the privacy implications of their online actions and motivate all companies to make privacy and data protection a greater priority.

With that in mind, CBR is kicking of the celebrations by looking at 8 ways to ensure your data remains private and secure.

1. CEOs – privacy is more than a ‘security’ issue

In an open letter written today, Silent Circle and Blackphone co-founder Phil Zimmerman urges global CEOs to focus on privacy, noting its differences from ‘security’. Zimmerman wrote:

"…when I see what happened to Sony recently — the data stored on their servers leaked to the world — my mind goes to that difference between privacy and security.

"I’m sure Sony had firewalls and VPNs, intrusion detection and antivirus, policies and procedures — all the usual artifacts of corporate information security. Those things securely delivered a mountain of information to Sony’s servers, where it was lost all at once."

"When it was lost, the privacy of Sony’s partners and employees went with it. That’s what corporate privacy is — the privacy of the people in and around the corporation. If we focus on their privacy rather than the corporation’s security maybe we can make better choices."

"Many kinds of information don’t need to be stored for long, or at all. If only participants keep a copy of their correspondence the company can’t lose it. Imagine how much worse the damage of a security breach would be if companies routinely kept years of recordings of all employees’ phone calls."

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

2. Education is key

Richard Anstey, CTO EMEA at Intralinks, highlighted the importance of education when protecting data. He said:

"Many people bring bad security habits from home into business. So educating consumers isn’t just about protecting them, but protecting our economy.

"Telling people to use strong passwords may even be counter-intuitive as it creates a false sense of security which people bring to work."

"When dealing with very sensitive information, such as IP, people need to know about very secure measures, such as information rights management. Security is about knowing what the danger is and how to deploy the appropriate level of protection."

"If we want a truly data-secure society we need to start by ensuring people know what value their data has, then they can make informed decision about how to secure it"

3. Be password smart

Jason Hart, VP Cloud Services, Identity and Data Protection at Gemalto, stated that the humble password is a key area to approach with caution.

"You should refrain from using the same password across multiple accounts. By doing this you prevent cross pollination – where cyber criminals use the same password details to facilitate data breaches across multiple organisations."

"Of course with so many online accounts and different passwords to remember, it’s challenging to remember a different one for each, so even better would be to replace these with One-Time Password (OTP) authentication."

"In my opinion, there’s no such thing as a strong password – static passwords all carry the risk of being hacked. OTP technology is the strongest protection for users. It can generate highly secure one-time passwords to authenticate users, often they will just have to remember a PIN number in order to retrieve a new password."

4. Personal privacy hidden in plain sight – apps

Symantec’s recent survey on mobile app behaviours highlighted how – 63% of consumers are willing to trade some of their privacy away for a free app. The company warned, however, that "free" rarely comes without a cost. The company advised:

"Personal and sensitive data is the currency for information and content in today’s digital world. Most app users are unaware of the privacy tradeoffs that come with access to popular apps."

"Consumers should educate themselves about mobile apps before download by reading reviews and determining permissions. Additionally, consumers should keep in mind that managing app permissions is different with iOS, which allows greater control, than Android."

5. Beware the human touch

Tony Pepper, CEO of Egress, commented: "In light of recent attacks on Sony and Xbox, it would be easy to make the assumption that ensuring data protection is all about managing external threats."

"However, this couldn’t be further from the truth: our recent Information Commissioner’s Office FOI request revealed that 93 per cent of data breaches occur as a result of human error."

"Businesses must start looking closer to home if they want to prevent data breaches. Mistakes such as losing an unencrypted device in the post or sending an email to the wrong person are crippling organisations.

"In fact, our ICO FOI data shows that a total £5.1m has been issued for mistakes made when handling sensitive information, whereas to date no fines have been levied due to technical failings exposing confidential data."

"Human error will never be eradicated as people will always make mistakes. Organisations therefore need to find ways to limit the damage caused by these mistakes. To address this problem, policy needs to be supported by user-friendly technology that enables safe ways of working without hindering productivity – while also providing a safety net for when users make mistakes."

6. No such thing as a free lunch

You know the saying, there’s no such thing as a free lunch? I like to think it’s the same with Wi-Fi." Gemalto’s Jason Hart stated.

"I recently demonstrated in a 5 News investigation how easy it is to hack into a coffee shop’s free Wi-Fi and gain access to the devices connected to it and view their email addresses, bank account details and other locations they connect to the internet to – be that home or work."

"All this, without their knowledge. Therefore, people must be more cautious about connecting to public Wi-Fi and the security risks of doing so."

7. A proactive not reactive approach is needed

Antoine Rizk, VP Go-To-Market Program at Axway, comments on why businesses need to take a proactive approach to data security to stand a chance of winning in the battle against malicious hackers and data breaches:

"A reactive approach to security breaches just won’t cut the mustard anymore. In an increasingly connected world, with the Internet of Things moving from buzzword to reality, businesses need to proactively monitor their data flows to prevent costly data breaches."

"However, many large organisations still wait for something to go wrong before addressing the flaws in their security strategies; a move that backfired in some of the most infamous security breaches of 2014."

"This year, connected devices will not only work their way into our daily lives but also our enterprises. BYOD will quickly evolve into BYOIoT, with employees bringing wearable devices into the work place."

"For such increased enterprise mobility to open windows of opportunities for businesses, without paving the way for hackers to access private data, security must evolve at the same rate as the devices themselves."

"Organisations also need to know what data employees are bringing into and taking out of the office to ensure that malicious attacks and conspicuous activity is blocked."

8. Purge unused apps

Keeping the focus on apps, Symantec asked: "Did you download an app and never use it? Delete it!"

24% of consumers admit they don’t really know what they agree to when downloading an app. But many apps access sensitive, personal data stored on mobile devices without a reason to do so.

Symantec advised: " And just because you don’t use an app doesn’t mean it isn’t collecting information from your phone. To protect against privacy risks, consumers should regularly delete apps from their devices that they don’t use."

 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU