Data Protection Day 2021: Six Best Practices for Your Users

In Canada, the United States, and many other countries around the world, January 28 marks Data Protection Day. This thematic day highlights the impact of technology and data protection on all aspects of the user in their everyday life. It's also a great opportunity for organizations everywhere to help their staff take ownership of the best practices most important to data protection awareness.

Even though they are more digitally connected than ever, people are often unaware of the intricacies of data protection and how they can keep their information secure. Data Protection Day aims to spark thought and discussion about data protection at home, at work, and on the go.

Protect your employees, coworkers, family, and friends from privacy breaches and identity theft. Share with them these essential tips that will help them spot and avoid phishing and social engineering fraud, as well as other forms of cyberattacks.

What is data confidentiality?

Data privacy encompasses any aspect of when, how, and to what extent sensitive end-user data may be shared online with third parties. Examples of sensitive information are a person's name, address, and contact details. Data relating to online or real-life habits, from social media posts and shares to financial transactions, is also included.

Why is data privacy important?

In many countries around the world, data privacy is considered a fundamental right, protected by regional or industry-specific regulations. One of the best-known regulations in this regard is the UK's General Data Protection Regulation (GDPR).

Organizations that implement robust and transparent data privacy practices gain the trust of their customers because of the ways they process, store and share user data. If sensitive information is not secure or if users have no control over how their data is used, it may be sold to advertisers without their consent or, worse, exposed. in the event of a data breach.

Six best practices for the end-user to ensure data confidentiality

To keep sensitive information secure at all times, there are six best practices that anyone can put into practice when sharing professional or personal data:

1. Know what is considered personal information

Personal information is defined as data that can be used, on its own or in combination with others, to identify an individual.

The following are examples of an individual's personal information:

• Name, address, and date of birth.
• Passport or driver's license number.
• Medical, criminal or financial history.
• Ethnic or racial origin.
• The IP address, if it can lead to a person.
• DNA, fingerprint, or voice.

Protegent Security recommends sharing this data or other types of personal information only when necessary, and with recipients that you know and trust.

2. Beware of phishing attempts

Any phishing email attack is designed to trick unsuspecting people into taking certain actions. These actions can range from clicking a malicious link or downloading and installing malware on a device, to respond to a request for personal information for extortion.

When you receive and reply to an email, always consider these best practices:

• If the identity of a sender can not be verified, do not open the email. If you know where it came from, but the email sounds strange, you should be careful. If you are unsure of the sender's identity, call them by phone to confirm the validity of the message in question.
• Never click on links embedded in unsolicited emails as they could lead you to an unsecured web page or trigger an unwanted download.
• Never provide confidential information in response to an email. No reputable organization will request this type of information by email.
• Upon receiving an email claiming that you have won a prize or are eligible for any discount, and the offer seems too good to be true, it sure is.

3. Don't be fooled by the two close cousins ​​of email phishing: voice phishing and text message phishing

Other social engineering methods are designed to trick users into providing their personal information, calling or communicating with an organization or person, or installing malware by clicking on a link or opening a file. Here are a few :

• Text message phishing.
• Voicemail phishing.
• Social media accounts are compromised or controlled by cybercriminals.

These fraudulent communications may appear to come from the government (revenue agency, census office, or law enforcement) or someone you know whose account has been hacked. For example, a vocal phishing offensive that older people should know about involves a request for money made over the phone on behalf of their grandchildren.

The general precautions listed in the previous section regarding phishing emails also apply if you receive an unusual communication by text message, phone, or social network.

4. Report any email fraud you spot

You can go to your IT department, your email provider, or other governing body, but the important thing is to always act proactively to counter phishing, even in your message box.

The majority of email providers have built-in mechanisms that make it easy to report email fraud. It is possible to activate a button or similar feature to report a phishing attempt on email platforms like Outlook, Gmail, Yahoo, and many others.

5. Follow the necessary steps to secure your online shopping

Online shopping has become an important part of our everyday life. It is therefore essential, more than ever, to secure your sensitive information on e-commerce sites or third-party transactional platforms.

Be sure to take the following steps to secure your online shopping experiences:

• Validate the legitimacy of the site. If you're shopping at a new site that you're unfamiliar with, check its legitimacy using these methods:

1. Examine the URL, paying attention to domains and subdomains, and making sure the address begins with "HTTPS: //". The "s" indicates encrypted communication between you (your browser) and the website. A closed padlock also implies that the transaction is secure.
2. Dig a little deeper to find the details of the certificate.
3. Look for the seals of approval from third parties like security service providers.

• Beware of identity theft and associated fraud. According to the FTC, the total cost of identity theft in the United States is approaching $ 50 billion each year. The average cost per person for personal information theft or misuse is $ 4,800. In Canada, nearly 45,000 people were victims of fraud in 2019 alone, resulting in losses of $ 96 million in the process.
• Use multi-factor authentication when you can. Many online businesses require you to create an account when you pay for your order. If you choose to do so, then create a strong password and enable multi-factor authentication when this feature is offered. Also, avoid saving your payment information on websites. It may be convenient to do so, but the risk is not worth the risk if you do not shop frequently from this site.

6. Do not use public wifi connections

Sometimes it is tempting to use open wifi networks to shop online. Whether it's for an impulse online purchase or just the ease of using an in-store wifi network to save time, never provide your address, credit card information, or any other personal information on an open network. For added security, use a virtual private network, or VPN, to protect your data transfers and limit external tracking of your activities. Find the total security to protect your data from online fraud.