Data Privacy Day occurs every year on January 28th in Canada, the United States, and many other countries worldwide. The day highlights the impacts technology and data privacy have on all aspects of an end user’s daily life. It’s also an excellent opportunity for organizations everywhere to help their workforce grasp the most important data privacy awareness best practices.
Despite being more digitally connected than ever before, most individuals are unaware of the intricacies of data privacy and how they can keep their data secure. Data Privacy Day aims to get people thinking and talking about data privacy at home, work, and on-the-go.
Protect your employees/coworkers, family and friends from privacy breaches and identity theft—share these essential tips that will help them detect and avoid phishing and social engineering scams, as well as other cyber-attacks.
What is Data Privacy?
Data privacy encompasses any aspect related to when, how, and the extent to which an end user’s sensitive data can be shared with third parties online. Sensitive information can include a person’s name, address, and contact information. It also covers any data connected to real-world or online conduct, from social media likes and shares to financial transactions.
Why is Data Privacy Important?
In many countries around the world, data privacy is considered a fundamental right and protected by either regional or industry-specific regulations. One of the best-known examples of data privacy regulations is the U.K.’s General Data Protection Regulation (GDPR).
Organizations that enact robust and transparent data privacy practices can build trust with customers based on how they process, store, and share user data. If sensitive data isn’t secured or if users can’t control how their information is utilized, personal information can be sold to advertisers without their consent or, worse still, exposed in a data breach.
6 Data Privacy Best Practices for End Users
To keep sensitive information secure at all times, here are six data privacy best practices that everyone must practice in both a professional and personal data sharing capacity:
1. Know what is considered personal information
Personal information is defined as information that can be used independently or with other information to identify an individual.
Examples include a person’s:
- Name, address, and date of birth.
- Passport or driver’s license number
- Medical, criminal, or financial history
- Ethnic or racial origins
- IP address, if it can be traced to an individual
- DNA, fingerprints, and voiceprints
Terranova Security recommends that you only share these and any other types of personal information when absolutely necessary and only with recipients you know and trust.
2. Beware of phishing attempts
Any phishing email attack aims to trick unsuspecting individuals into completing any number of actions. These can range from clicking on a malicious link or downloading and installing malware on your device to requesting personal information for extortion.
Whenever you receive and respond to email messages, consider these best practices:
- If you cannot verify a sender’s identity, don’t open the email. If you know where the email came from, but it seems a little strange, exercise caution. If you’re unsure of the sender’s identity, reach out to them via phone to confirm the message’s validity.
- Never click links embedded in unsolicited emails, as they may open an unsecured webpage or trigger an unwanted download.
- Never reveal confidential information in an email message. No reputable organization will ask for that type of data via email.
- If you receive an email proclaiming that you’ve won a prize or are eligible to receive a special discount, and the deal sounds too good to be true, it probably is.
3. Don’t be duped by phishing’s cousins, vishing and smishing
Other social engineering methods built to entice users to give up personal information, call or contact an organization or person via phone, or install malware by clicking a link or opening a file include:
- Smishing (text messages)
- Vishing (voice messages)
- Social media accounts that have been compromised or are controlled by cyber criminals.
These fraudulent communications can appear to be coming from the government (IRS, Census Bureau, or law enforcement) or from someone you know whose account has been hacked. For example, a successful vishing campaign that senior citizens should be aware of is a grandchild’s phone call asking for money.
The general precautions listed in the previous section about phishing emails also apply here if you receive unusual communications via text, phone, or social media.
4. Report any email scams you encounter
Whether it’s to your IT department, email provider, or another governing body, make sure you’re always proactive against phishing, even in your personal inbox.
Most email providers have built-in mechanisms that make it easy to report an email scam. The “Report Phishing” button and similar capabilities can be enabled within platforms like Outlook, Gmail, Yahoo, and many other email clients.
You should also know that most countries have a governing body that deals with phishing email scams.
- In the United States, the email can be sent to the Cyber Security and Infrastructure Agency
- In Canada, report the email to the Canadian Anti-Fraud Centre
- In the United Kingdom, email scams can be reported to the National Fraud and Cyber Crime Reporting Centre.
5. Take steps to secure your online shopping
Online shopping has become a huge part of many people’s everyday lives. However, this also means that securing your sensitive information on e-commerce sites or third-party transaction platforms is more important than ever before.
Ensure you take the following steps to secure your online shopping experiences:
- Validate that the site is legitimate. If you’re shopping at a new site you’re not familiar with, check its legitimacy using these methods:
- Check the URL, paying close attention to domains and subdomains and ensuring it begins with “https://.” The “s” indicates an encrypted communication between you (your browser) and the website. A closed padlock also indicates a secure transaction.
- Dig in and find the details of the certificate.
- Watch for seals of approval from third parties such as security vendors.
- Beware of identity theft and related fraud. According to the FTC, the total cost of identity theft in the United States approaches $50B per year. The average per-person cost of personal information theft or misuse is $4,800. In Canada, nearly 45,000 individuals fell victim to fraud in 2019 alone, losing $96 million in the process.
- Use multi-factor authentication wherever you can. Many online stores will ask you to create an account with them as you check out. If you choose to do so, create a strong password and enable multi-factor authentication if it’s offered. Also, avoid saving your payment information on any website. The convenience of doing so may not be worth the risk if you’re not a frequent shopper of the site.
6. Don’t use public Wi-Fi
You may be tempted to use open Wi-Fi networks to shop online. Whether it’s online impulse shopping or only using in-store Wi-Fi to save time, don’t trust your address, credit card information and anything else personal to public Wi-Fi. For added security, use a Virtual Private Network (VPN) to protect data transfers and limit external activity tracking.
Building a cyber-secure corporate culture
Regardless of industry, size, and location, any company can be a target for cyber criminals. This means that, to safeguard data, you need to focus on building a cyber-secure corporate culture. January 28th is a perfect day to kickstart a year-round focus on data privacy and security awareness.
Take advantage of the Data Privacy Awareness Kit to launch your data privacy awareness program. This kit gives you access to a free interactive course and various communication tools, helping you build cyber champions who can lead by example, keeping the data privacy dialog going year-round.
While January 28th is a critical day in raising awareness of data privacy, don’t stop the conversation as of January 29th. Exciting and engaging data privacy awareness training, simulations, and communication can help keep the conversation going year-round.
You can also take advantage of these NCSA Data Privacy Day resources to keep people talking and thinking about data privacy:
Learning About Data Privacy
Measures such as the General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA) help raise awareness of the need for data privacy. More and more people are realizing how large corporations are leveraging their personal information.
While these recently enacted laws have created a substantial online buzz, many people do not understand how these policies impact them. For more information on how organizations and individuals can uphold respective data privacy best practices, consult the GDPR and CCPA pages on Terranova Security’s website.
Companies must talk about data privacy to build a security-aware culture. When your employees understand how websites and companies are using their data, they are more likely to think twice about sharing their personal data and credentials online.
By putting data privacy front-of-mind, it’s much easier to get employees engaged with how and why cyber security awareness is essential. This has a trickle-down effect of raising awareness on how important it is to think twice before agreeing to share personal data.
How To Make Data Privacy A Year-Round Focus
Data Privacy Day is critical in raising awareness and getting conversations started about data privacy. However, to really develop a data privacy secure culture, you must make data privacy a year-round focus.
When people know the risks associated with sharing their data, they think twice about giving up their personal information.