What is Data Protection and Why Is It Important?
While more or less confined to our homes and neighborhoods we’ve been living online:
Sharing more on social media platforms, doing online shopping, playing games, and attending online parties and meet-ups.
We’re also – rather suddenly – working from home.
Working from home is here to stay. Companies like Twitter have already announced that they will be canceling office space. And rather investing in technology to make off-site work a part of their business strategy.
Some non-tech workers find it much harder than typical tech-company employees to adapt to a fully digital work experience.
For them, it’s easy to blur the line between personal and work activities.
To mangle an old adage: There’s many a slip ’tween Facebook and spreadsheets.
A FEAST OF ACCIDENTAL DATA BREACHES
Any information that is accessed without authorization is a data breach. For example, when sensitive information is exposed through accidental or non-criminal means.
As in one instances, Facebook Data Breach-Millions Of Data were exposed on open cloud servers.
We often hear about big data breaches. We don’t hear about the epidemic of daily accidental data breaches and data theft by employees at small companies around the world. In fact, most companies never even discover these breaches.
Big breaches make headlines, but small breaches make the data trafficking world go round. Thus, Data protection is very important aspect in the today’s cyber space.
SMALL COMPANIES ARE THE LOW-HANGING FRUIT
While small and medium businesses (SMBs) yield smaller payloads. They are sometimes ridiculously easy to penetrate. In fact, many hackers use them as training exercises.
At the same time, SMB’s suffer from a mistaken sense of security thinking that they are too small to attract attention.
All companies store, at a minimum, the full names, Social Security Numbers, addresses, and bank account details of their employees.
Most companies store their customers’ credit card or payment details and other personal information which
are valuable on the black market.
WHY STEAL DATA FROM A SMALL BUSINESS?
Trade secrets are rarely a target, but your staff and customer’s personal details are worth money on the black market – especially credit card details and SSN’s.
Also, lower echelon criminals often learn the trade by using personal details to engineer malware attacks or execute spear-phishing campaigns aimed at other targets.
Consider this: one of your SMB customers may be a high-level corporate executive who has access to the kind of information that would allow hackers to penetrate that organization.
WHERE DOES THIS INFORMATION GO?
Information from undisclosed data breaches are generally used for monetary gains.
For instance, they sell, buy or kick down the road, and sell them again on the dark web, and tends to drift down and settle into the cracks and corners of the internet.
Your internet-enabled gadgets and appliances also gather intimate data on your lifestyle, daily activities, fitness, security, health, and shopping preferences every day. That information might be on sale after next week’s undisclosed data breach.
Nuwber is a data aggregator site that uses specialized search software to gather someone’s personal information on request. They obtain their information legally from your public and official records, social media, property records, criminal history, and more.
However, their clients are increasingly using Nuwber’s AI-powered search facility. In order to discover how much of their private information has inadvertently become public due to undisclosed data breaches.
PEOPLE ARE THE WEAKEST SECURITY LINK
Malware is malicious software that has been designed to access and disrupt the victim’s computer system and is usually delivered to the user’s computer via a phishing campaign.
Phishing agents often use a shotgun method to distribute a malware file or link to as many email addresses as possible.
Just a few of the possible threats (with many variants) are:
- Key-loggers: (criminals can read everything you type including account information,
passwords, credit card details, etc.)
- Ransomware: (criminals can encode your files and demand payment to unlock it.
There are many variants, such as a bogus pop-up notice from the FBI asking you to
pay a fine for watching pornography or even child pornography.)
- Botnet malware: (cedes control of your computer or phone to a third party so that your
device becomes a zombie/slave in a collection of internet-connected devices like Emotet. This
network can be rented out to cyber-criminals for use in other cyber-crimes.)
- Technical support scam: (A caller offers a seemingly legitimate technical support
service to unsuspecting users and talks them into handing over control of their
IT GETS WORSE WITH BYOD
Smaller companies may increasingly fall back on Bring Your Own Device (BYOD) policies.
Since most small businesses don’t have the IT know-how to set up safe servers and networks. They’ll have to rely on off-the-shelf networking and data storage services, and are also in grave danger of neglecting computer and IT support.
BYOD provides cyber-criminals with almost endless new opportunities to snoop and pluck.
Individuals may resist their employers’ well-meant security advice and protocols. A user may insist on downloading games or other risky software. Even may uninstall your carefully chosen antivirus program and replace it with a lesser product.
What about kids using the computer for their homework projects?
Who will stop non-employees from clicking links or pop-ups while they use the family computer?
EMPLOYER AND EMPLOYEE GUIDELINES FOR BASIC DATA PROTECTION
Since BYOD complicates an already multi-faceted data security problem. It is perhaps best left to companies who can afford to monitor and manage devices via a secure network.
Smaller companies’ best bet may be to provide their workers with separate, single-purpose devices for use under rigidly defined conditions.
- Data Security Training: All employees should receive formal data security training to help them navigate the numerous digital pitfalls they can expect to face. Training should cover security protocols and the physical aspects of office devices. Firewalls and antivirus software are not good enough when the computer user can be tricked into bypassing protection.
- Proper Security Measures: Business owners and managers must know what data they use and where to store safely. Also, must take all reasonable steps to secure that information. Enforce the use of a good (paid) VPN, which hides the user’s IP address and location but will also safeguard sensitive data when sending or receiving correspondence, or accessing remote data.
- Device Security: Secure all devices that needs your network or data. Including every desktop, laptop, tablet, printer, phone, VOIP equipment, IOT device, and especially the network access point.
CYBER-VIGILANCE MUST BECOME A WAY OF LIFE
The COVID-19 pandemic has changed our world in many ways, including offering cyber-criminals new opportunities.
Thus, the data of millions of businesses are at risk. Being exploitation due to inadequate or hasty security measures to survive the current economic upheaval.
Hackers will doubtlessly successfully penetrate many organizations in the coming months.
It’s time to get really paranoid. Hence, a proper steps for Data Protection for individual and SMBs needs a focus.