Data Privacy: Top Tips to Keep your Information Safe
Dr. Rebecca Wynn, CISO and Chief Privacy Officer
Happy International Data Privacy Day!
January 28 is Data Privacy Day, the signature event in a greater privacy awareness and education effort. Year-round, the National Cyber Security Alliance (NCSA) educates consumers on how they can own their online presence and shows organizations how privacy is good for business. NCSA’s privacy awareness campaign is an integral component of STOP.THINK.CONNECT.TM the global online safety, security and privacy campaign.
According to Security Magazine, a hacker attack occurs every 39 seconds – to help keep your data and information safe, we’ve outlined some privacy and password tips to follow below.
Advice for Businesses: Privacy is Good
Create a culture of privacy in your organization. Educate employees on the importance and impact of protecting consumer and employee information as well as the role they play in keeping it safe.
Top Three Tips to Build Trust:
If you collect it, protect it. Follow reasonable security measures to keep individuals' personal information safe from inappropriate and unauthorized access.
Be open and honest about how you collect, use and share consumers' personal information. Think about how the consumer may expect their data to be used, and design settings to protect their information by default.
Build trust by doing what you say you will do. Communicate clearly and concisely to the public what privacy means to your organization and the steps you take to achieve and maintain privacy.
Advice for All of Us: Safeguard Your Data and Manage Your Privacy
Personal info is like money: Value it. Protect it. Information about you, such as your purchase history or location, has value ‒ just like money.
Share with care. Think before posting about yourself and others online. Consider what it reveals, who might see it and how it could be perceived now and in the future.
Own your online presence. Set the privacy and security settings on websites and apps to your comfort level for information sharing. Each device, application or browser you use will have different features to limit how and with whom you share information.
Lock down your login. Your usernames and passwords are not enough to protect key accounts like email, banking and social media. Strengthen online accounts and use strong authentication tools like a unique, one-time code through an app on your mobile device.
Don't be lazy in creating your password.
Here are few important tips that can help you create a strong password.
Create a password that is not less than 10 characters and preferably 16 characters. Having a long password is often the best strategy to make it difficult for the hackers or algorithms to crack it. A long string of characters will make it challenging to guess the password for most programs that use a random combination of characters.
Avoid using a common phrase, your name, nickname or address. Many passwords in the list include common words, which are easily hackable using dictionary attacks. Other information such as your name, your pet’s name, DOB and street address might be easy for you to remember but is a piece of cake for hackers to crack your password. Best advice, don’t use them!
Use a mix of alphanumeric characters, numbers and special characters (symbols). One of the best ways to create a strong password is to use a mix of case-sensitive alphanumeric characters along with symbols. While it may be difficult to remember, there’s one easy way you can remember it. To create a password that is strong and yet easy to remember, use acronyms. Replace letters with their corresponding uppercase and similar special characters. For example, white lilies can be converted to “Wh1t3L%l&3$”.
Abbreviate a sentence. Come up with a sentence and pick the first or last letter of each word to form a password. Mix it with special characters to make it even stronger. For example, I hate being hacked all the time! Considering the last letter of each word, the password becomes – Ih3bgHd4tt!
Always use a unique password, never repeat. Never EVER use a password for more than one account, application or service. Always use a unique password. If one of your online services gets hacked, the hacker will try to use the hacked password for your other accounts. Never use the same passwords and just add a 1, 2, 3, etc., at the end.
Use two-factor authentication. Although not foolproof, a two-factor authentication adds another layer of security to your online account. You can use dedicated authentication apps or enable the code over SMS feature, which most websites offer today. Enabling this functionality might not guarantee 100% security, but is far better than relying on one single password.
NEVER store passwords in your browser. Storing a password in a browser is a bad idea. Those can be hacked in many ways. Also, some websites offer to save your address, credit card details, and so on, for convenience. If you accept that offer, you've put your personal data at risk. Who knows if the site is storing your details securely? Equifax didn't!
Consider using a password manager. Using a password manager and its ability to create complex passwords for you is an easy way to create unique passwords. Make sure your generated passwords are at least 10 or more characters long (preferably 16); all too many products default to a shorter length.
Change your passwords. Change your non-email and financial passwords at least annually. It’s easy to do using a password manager and it will generate long, complex passwords for you. Change your email and financial passwords at least semi-annually. Change all of your passwords when you leave a relationship such as a marriage or where you lived with someone. Shocking, I know, but better to be safe than sorry.
Implement an account lockout policy. When available, always use account lockout. It should initiate after a pre-defined number of failed attempts such as 3 or 5.
Notification of account change. When available, have an email or SMS message sent to you when your account has been changed, e.g. new password set, or account has been accessed.
Notification of last time account was accessed. Whenever possible, have your account show you the last time it was accessed. Request that feature be added to any account, application or service that doesn't currently have it.
DID YOU KNOW?
Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the January 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is observed annually on January 28th.
On January 27, 2014, the 113th U.S. Congress adopted S. Res. 337, a non-binding resolution expressing support for the designation of January 28 as "National Data Privacy Day." The National Cyber Security Alliance (NCSA) officially leads the Data Privacy Day campaign and is advised by a distinguished advisory committee of privacy professionals to help the campaign align with the most current privacy issues in a thoughtful and meaningful way.