Prioritize Data Privacy: Don’t Get Burned!

Prioritize Data Privacy to Protect Your Company, Employees and Clients.

 

Maybe you can relate to a metaphorical question I often ask myself: Are there any fires I need to put out today? Or, when faced with smaller sparks of chaos on the horizon: What can I do NOW to prevent a wildfire later?

In my experience, prioritizing data privacy is the best way to prevent security-related incidents that can wreak havoc in the lives of your employees and clients.

As a cybersecurity leader whose team handles urgent problems on a regular basis, I know it’s not possible for humans to invest our time and energy into every cause the world throws at us. But data privacy is a top priority for me, and I believe it should matter to everyone. Keep reading to find out why.

Data Privacy Week

There are a couple of reasons why this is the perfect time of year to focus on data privacy. First January is the start of a new year. It’s all about new habits, new beginnings, and new goals. For more info on the basics of data privacy, check out this short article by the National Cybersecurity Alliance: What Is Data Privacy? (staysafeonline.org)

More importantly, January 21-27, 2024 is Data Privacy Week, an international effort led by the National Cybersecurity Alliance. The goal is to empower individuals and businesses to respect privacy, safeguard data and enable trust.

The theme for this year’s Data Privacy Week is “Take Control of Your Data,” which is something we talk about a lot with clients and colleagues at Ostra. Visit staysafeonline.org to access plenty of free resources and practical tips to better protect yourself, your business, and your employees.

What Factors Create “Fire Hazards” Online?

The digital age has made it easier for criminals to get their hands on private company data and personal information. It’s almost unbelievable to consider this: less than 30 years ago, most criminals could only commit fraud if they could steal wallets, retrieve hard-copy documents, or access electronic information from the inside.

Whether their target was an insurance company, bank, retailer, hotel, manufacturer, pharmacy, auto dealer, school, or private residence—they had to get inside a physical location, often past lock and key, to get that data.

How times have changed. Today, our smartphones and laptops are loaded with highly personalized apps—from fitness trackers to online shopping apps and cloud-based calendars. We do our research online, barely thinking about who is seeing our browsing/buying habits or how they may be monetizing this data.

We share personal details, often in real-time, on social media: birthdays, vacation destinations, or events we are attending. We conduct online meetings, use online banking, and make online dinner reservations. The list goes on.

Unfortunately, all these online activities leave a digital footprint. In addition, many public records are now available online. A passive approach to data privacy is like putting dry kindling in the forest. Cybercriminals only need opportunity and an internet connection to light a match that can lead to ransomware, identity theft, embezzlement, intellectual property theft, and more.

Real World Scenario

Let’s walk through a potential scenario. If I have your name and phone number, I can find lots of other info about you online.

Beyond basic Google, I could also pay a small fee to use a people search directory that might turn up some good dirt on you. After discovering your old addresses and mortgage info, I might even find a public record of a petty misdemeanor from two years ago when you got a parking ticket.

Being the brilliant scammer that I am, now I’m going to use ChatGPT to write a fake but very convincing letter informing you that your $200 parking ticket (which you already paid two years ago) is delinquent and past due. My very convincing letter also states that you owe $1200 and if you don’t pay immediately, you’ll face criminal charges.

Now, you’re terrified. If I’m lucky, you’ll pay me the $1200 without thinking twice.

This fictional scenario is actually something that happens all too often. Unfortunately, scammers can facilitate even scarier scenarios by digging up information that is a lot more personal or embarrassing than a parking ticket.

Aware vs. Scare: What Can You Do?

At this point you may be thinking: If my basic information is already on the internet, is there really anything I can do? Scammers are going to scam people no matter what, right?

These questions are a great example of why fear tactics don’t help anyone. Around this time last year, I shared some thoughts about the importance of cybersecurity awareness—as opposed to the polar extremes of apathy and paranoia, which both lead to inaction. To dive deeper into this topic, read this blog: Awareness Leads to Action: Why Data Privacy Matters (ostra.net).

While it may be both unrealistic and impractical to completely erase your digital footprint, there are things you can do to stay safe online:

• Opt out of data broker lists. Don’t make it easy for data/information brokers to collect and sell your data. They research both online and offline sources to get your personal information, which is perfectly legal—unless you opt out! This takes a little footwork but can be worth the effort. Learn more here: How To Opt Out of Data Broker Sites (identityguard.com)
• Stay aware of what you’re opting into. Yes, you should actually take time to read the privacy policy! The National Cybersecurity Alliance has a great article on this topic: Take Control of Your Data (staysafeonline.org)
• Increase awareness – Google yourself and be aware of what’s out there about you and your family. The more you know, the less likely you’ll be scammed. Always be careful about pictures and info you share—whether it’s via social media or an online form.
• Stay vigilant. The Internet is a powerful and useful tool that can be used for good, but it can also be used as a weapon by scammers and threat actors. Stay cautious, and don’t let your guard down. Don’t click on links or jump to action before vetting the source. This article has additional tips on what all individuals can do to stay vigilant: Take Control of Your Data (staysafeonline.org)

Data privacy is our shield against exploitation in the digital world. By minimizing opportunities for misuse, we empower ourselves to protect our personal, professional, and financial well-being.

Curious about how Ostra can help you protect your employees’ and clients’ personal data? Contact our Trusted Cybersecurity Team to start an honest, down-to-earth conversation about data privacy.