This week is Data Privacy Week, with this year’s event theme being “take control of your data.” Hosted by the National Cybersecurity Alliance, Data Privacy Week (and Day) is an annual outreach event that focuses on a different theme each year.
“With this year’s theme of ‘Take Control of Your Data,’ Data Privacy Week holds a mirror to how much information we share about ourselves online,” explained James Dyer, threat intelligence lead at Egress. “Cybercriminals use open-source intelligence (OSINT) to create plausible backstories in seconds, usually utilizing social media profiles to gather information about a victim’s career, hobbies, and habits. With valuable personal insights, threat actors will then ask chatbots to write the most persuasive messages, and even use AI software to help create payloads and speed up delivery.”
Dyer recommends a first step to taking control of your data is to hack yourself. Go to a search engine and search your name and your common usernames, to give yourself an idea of what is readily available online about yourself. You can even do reverse image searches of pictures of yourself.
He says that depending on what you find during that process, it may be wise to review what you’re posting on social media, and maybe even make your accounts private.
“Two other easy steps to better your data privacy are to limit the amount of email newsletters you sign up to and terminate or deactivate old and unused social media profiles to give attackers fewer opportunities” Dyer said. “Narrowing the amount of information readily available on the internet and minimizing the possible attack routes will make it tougher for cybercriminals to take control of your data.”
Jillian Testa, director of strategy and risk at the MorganFranklin Consulting Cybersecurity Practice, added: “Don’t skip the fundamentals. Like with most cases, it’s the simple things that tend to be the most important and impactful, but often easily neglected. It is along the lines of your mom telling you to eat your vegetables. The simple fundamentals you know you need, but which might not be the most exciting or engaging. When it comes to securing data, many companies often skip over the fundamentals until it’s too late and already negatively impacting the organization. Doing so makes the job of security much more difficult, extensive, and costly than if the proper foundation had been built from the beginning.”
Her recommendations for a strong data privacy program include aligning it with your business strategy, identifying your data and where it is located, and having executives lead by example by following the same good data practices they expect employees to follow. “Setting up a strong data culture is essential for maintaining good data protection,” she said.
Greg Clark, director of product management at OpenText Cybersecurity, also added: “Data privacy week is an important reminder to organizations, individuals and businesses alike to safeguard their data and maintain compliance. It is also an opportune time to take privacy to the next level … In today’s increasingly digitized world, a modern data privacy program needs to unify data discovery and protection to improve privacy and security postures. By modernizing and taking data privacy to the next level, organizations can remediate risk and ensure compliance and the responsible use of data while reducing their power consumption and carbon footprints from managing data. Most importantly, gaining control over data creates an opportunity to strengthen trust with investors, boards, business partners and customers in the face of increasingly stringent regulations and a complex security landscape. Upleveling data privacy should not be overlooked – organizations should take control this data privacy week to safeguard their data.”