Protect Data Security & Privacy

In this rapidly expanding cyber world, data is the most important currency. Whether it be a malicious hacker  looking for ways to steal user data or a group of multinational corporations collecting user data without authorization; both are guilty of stealing user data in the eyes of Data Protection and Privacy Laws.

In recent years not only cybercrimes have taken a hike, but we also see big data companies like Facebook and Google being called in court for hearing over user privacy concerns. From the start, data security was the primary concern of the user, while data privacy has become a topic of debate as more and more companies are accused of abusing the privacy of digital users.

Data security and data privacy are two different terms that can get confusing sometimes so let’s clear them out. To put it in simple terms, data security is about safeguarding user data while data privacy is about safeguarding user identity. The differences, however, go further deep.

The purpose of data security is to prevent unauthorized access from hackers to user data. Data security usually involves authentication and authorization, blocking malicious users, and maintaining the integrity of the data. To secure user data, different practices are employed like using antiviruses, blocking access to networks through firewalls, encrypting data, to name a few.

On the other hand, data privacy is the measure of how much user data is private. If an individual’s date of birth, for instance, is made publicly available, this is bad data privacy practice. Malicious users can use this data for social engineering attacks. Similarly, when you blindly agree to terms and conditions while signing up for an online service, you are agreeing to give up your data to that service provider. That particular service provider then holds the rights to sell this data to advertisers, use it for data mining, or for any experimental purposes, it all depends on privacy policy.

It is quite possible that you can have good data security without data privacy but it’s very difficult to imagine data privacy without data security. Why, because you can achieve pretty neat data security through steps like authentication and authorization but if some third party is managing this data, then there is a possibility that it might not be private. In contrast, if your data is private, yet you do not follow security protocols and an unauthorized user can access it, that obviously defeats the purpose of having private data. That is why users should follow both good privacy and security practices to protect their data and their identity.

Here are some good data security practices that you can follow to secure your data:

Multilayered Approach: Using simple authentication with a username and a password is a dated approach. Users must use at least two-factor authentication so if the attacker bypasses the first layer of security, their access can be restricted to the second layer.

Encryption: Use data encryption to secure your data so that if an attacker gets their dirty hands on your data, they will not be able to access it. There are different types of encryption available based on your use-case like for storing local data or storing data on the servers.

Always Backup: Regularly backing up your data can help you overcome some unforeseen situations. For example, if a virus deletes your data or you delete it accidentally then it is easy to recover it from the backup.

Classification of Sensitive Data: Access to sensitive data like user credentials can be restricted by isolating this data into a more secure place. This secured location should only be accessible to authorized users. This method adds an additional security layer to classified data.

Data Usage Policy: Data usage policy is a set of rules and regulations that defines the correct and incorrect usage of data as well as penalties for violating any of these rules. Data usage policy gives a clear idea about the users, their privileges, their access types, and the conditions for data access.

Restrict Privileges: Not every layman needs administrator-level authorization. Restricting the privileges can reduce the impact of damage in case of a data breach. Only give required permission to the users and restrict any unauthorized access to sensitive data based on the role of the user.

Credential Management: Do not use the same password more than once and never use the default password. It can be very hectic to remember so many passwords so you can use the password managers to do the job for you.

Generate System Logs: System logs can be very useful during the investigation of a data breach or a security audit. Not only can log files help to pinpoint security problems, but they can also serve as a tool for system troubleshooting.

Regular Software Updates: Software developers continuously monitor their software products for any vulnerability and whenever they find one, they quickly release a patch for it. So keeping your software up-to-date can help you fight against everyday threats.

You can follow these privacy practices to protect and secure your digital privacy:

VPN: Choosing the right Virtual Private Networks can help you hide your identity from your Internet Service Provider. But selecting the right VPN is not easy. Many VPNs log your internet traffic, which negates the primary purpose of using VPNs. So investigate well before choosing a VPN service, read their privacy policy if they keep the logs or not. Additionally, you can go with one of many open-source VPN providers which are very transparent in their ways of operation.

Social Media Privacy: Step away from social media as much as you can. Social media platforms are the biggest source of data privacy violations. Every time you post something online, it describes your personality, shows your likes and dislikes. Social media companies use this data to sell it to customers to run personalized ads on their platforms. Also, a random guy you just met in the metro doesn’t need to know your birthday so, be aware of what you share online and with whom you share.

Operating System: Windows and Mac OS are both design to collect user data. It means pretty much everything a user does on an operating system, it was being tracked and sent back to the company. Linux is a good alternative for desktop operating systems and there are a vast amount of Linux Distros that you can pick from. While, for mobile operating systems, you need to be an advanced user to change it. So, if you are an advanced user then there are also open-source operating systems available for mobile devices.

Browser & Search Engine: Browsers are the primary source to connect you to the internet, so they have a large attack surface. Turning on incognito mode doesn’t stop your browser from spying on you. Google might be the biggest search engine, but it collects data in many ways so try switching to something private like DuckDuckGo. Use privacy-friendly browsers like hardened Firefox and Brave. Last but not least, do not use your browser to save passwords rather use a password manager.

Messaging & Email: The benefit of a Google account is that it gives you a complete suite of services but the con to that is it collects user data as mentioned earlier. Gmail is also no exception, so switch to something more privacy-friendly like ProtonMail or Tutanota. WhatsApp has a similar story. Despite its claims of end-to-end encryption, WhatsApp also shares data with its parent company Facebook, which is notorious for abusing user privacy. Signal and Threema are two of the most privacy-friendly alternatives.

Openness: If your organization manages user data then you should be very transparent about your accountability for user data. Do not misrepresent and be clear while describing these policies rather than using vague wording so that users can clearly understand your intentions. Do not change your initial privacy policies without the user’s consent and give them enough time if they want to opt-out.

Accountability: Satisfy your user by prioritizing their data protection and that your organization will stay committed to its policies. Ensure the user that your organization takes the responsibility to safeguard user data and keep it secure from unauthorized access.

Recent years have seen not only a rise in cyberattacks but also an increase in concern about the way big data companies handle individual user data. Just like security, privacy is also the fundamental right of the digital user. Users should practice this right and protect their data from both malicious attackers and companies which offer free services but collect user data in return.

By following a few simple guidelines and switching to more free and open-source software solutions, users can save both security and privacy.

Talk to a Cybersecurity Trusted Advisor at IRM Consulting & Advisory