Data protection is more important than ever: Tips for action27-01-2021 Author: Jan Tissler
The aim of “data protection day” on January 28th is to increase awareness about this topic – both among companies and end users. We've put together a summary of just how important it is and what you can do to prevent attacks.
The topic of data protection has become increasingly important over the last few years, and for good reasons. An example: According to an analysis by Risk Based Security, there were fewer data leaks in the first three quarters of 2020, but the number of data records affected also reached new record levels: 36 billion between January and September alone. Overviews of the biggest data leaksin 2020 are equally staggering.
In this respect, the Council of Europe thought to suggest “Data Protection Day”, which was first celebrated on January 28, 2007. The date itself has even older origins: in 1981 the European Data Protection Convention was passed on the same day.
Forty years ago, however, no one could have predicted the copious amounts of data that would be generated in the future.
Why is this important?
Some people might think that their own data is not that important. But it should always be kept in mind that individuals can become an entry point for a larger attack. In which case you yourself (or your company) are not the actual target, but rather the weakest link in a long chain.
It would be disastrous, for example, if your own email account were to fall into the wrong hands: not only would it be possible to contact any of the people linked to your account, but all associated logins could also be reset.
Those who reveal a lot about themselves also become more susceptible to “social engineering”. More on that in a moment.
The principle of data economy
In the meantime, the General Data Protection Regulation (GDPR) has created new rules and regulations at a European level that are based on important principles. This includes the principle of “data economy”. The underlying concept is that any data not saved, cannot be exposed in a hacker attack.
This is why companies should only query, save and process the data they actually need. And end users can decide for themselves what to reveal or not. This means, for example, only filling in mandatory fields on a registration form, possibly not registering at all or providing elaborate information, where possible.
Proper data protection
The other basics of data protection include secure passwords – the longer the better. Ideally, a password manager is used here: Not only does this type of software make automatically generated, secure suggestions, it also saves them at the same time. This means you won't be tempted to use the same password more than once.
The security of your own accounts can be further increased through two-factor authentication. When you log in, not only must you enter your password, but also a randomly generated code received via SMS, for example.
Nowadays it's also important to encrypt information and its transmission. What was once intended for counter-espionage is now part of everyday life. Most website connections are therefore encrypted by default.
Encryption methods themselves have different levels of security. This is similar to door locks: from the padlock on the garden gate to the heavy vault door, there are similarly a wide range of options depending on the application. We go into further detail about different encryption methods here..
Back door attacks
The most secure door will be of no use if it is accidentally left open or if someone is tricked into letting an attacker in. Emails are still one of the typical gateways.
For example, phishing is when a message is made to look as though it has come from a known sender. This may be one of your own contacts, but very often a company. This type of email explains, for example, that you need to secure your account or take some other kind of very urgent action. If you click on the link to register, you land on a fake page that appears deceptively real, on which all entries end up with the hackers.
“Social engineering” is when the attackers take advantage of our willingness to help and pretend to be a colleague or customer in need. Disturbingly, these emails and calls are no longer as easy to recognize as they once were. On the one hand, attackers have smartened up over the years, and on the other, they increasingly focus on a company or even a single person within an organization. The messages can be personalized accordingly.
At the same time, nowadays we have an increasing amount of data in the nebulous “cloud”. We don't always know exactly where it is and how it's protected. Such services are naturally very interesting targets for “cloud jacking”. In particular, it helps to take a very close look at who is entrusted with what data.
And last but not least, ransomware is still a very prevalent topic. In this case information is encrypted by the attacker and only released after a ransom is paid. In addition to general protective measures such as a virus scanner on your own computer, backups are also considered a defense mechanism – provided they are not also victims of encryption. In the Risk Based Security report cited above, 21 percent of attacks are based on ransomware.
“Data protection day” is more important than ever. Every year, more and more information is collected in more and more places. Some we consciously submit, other types are invisibly generated through our use of apps and services. The attacks are becoming more sophisticated and specialized at the same time.
Data protection concerns everyone, no matter how important you take yourself and your information.