28th January: Save the Date. Save the Data!

Safeguard your data before it gets corrupted and lost

On 26th January 2006, the Council of Europe decided to launch a Data Protection Day on 28th January that is to be celebrated every year. Two years later, the U.S. and Canada started celebrating the day and declared 28th January as the Data Privacy Day. Today, it is globally celebrated to spread awareness to the individuals and the companies to be familiar with the risks related to the protection of the data and the rights in this respect.

Data Privacy Day reminds us of the value of our data and the rights for data transparency. It is the day that tells us to re-evaluate and identify the flaws in how we have been collecting, sharing, and using the data. The day persuades us to find a way to patch the loopholes so that our valuable data do not get tampered with malicious malware, misused, or lost.

Thankfully, we have come to see another Data Privacy Day, but before we dive into ‘why this day is important’, let’s have a look into what happened during the same period last year and how it went, to realize the importance. 

It was during the same time last year that every nation became aware of the new virus, the COVID-19, that came as the most shocking period and the most challenging crisis for almost everyone since the second world war. The pandemic reminded us that nothing should be taken for granted and also left every private and government organization struggling to perform business operations. 

The period forced the organizations to make transitions with the working format by adopting work from home policy. It did speed up the technology adoption, however, it also created a situation where organizations had to sacrifice the cybersecurity protocols to enable work from home policy.

According to a survey, 85% of CISOs said that they had sacrificed cybersecurity to quickly enable remote work during the times of the global lockdown.

As every coin has two sides, the pandemic had also come up with two circumstances. One, the struggling stage for every organization in running a smooth business operation. Second, a golden opportunity for cybercriminals to take the advantage of the situation. 

In fact, the cybercriminals left no stone unturned and took full advantage of the pandemic. It created an opportunity for them to deploy cyberattacks and exploit vulnerabilities in an organization’s IT infrastructure and gain access to confidential data or steal money.

Since at least March 2020, a group of hackers has immersed themselves without detection inside the computer networks of several U.S. government agencies. The hackers exploited the U.S. government agencies including The Treasury Department, The Department of Homeland Security, and The National Institutes of Health. The breach victimized 18,000 SolarWinds customers including hundreds of companies.

A tweet from Senator Mitt Romney related to the cyberattack (Source: Twitter)

Digging deeper into the incident indicated the root to be SolarWind’s tool Orion, which is used by several government agencies and large corporations. The hackers introduced malware into the tool when the update for the tool was released between March and June 2020.

Since the hackers were inside the computer networks for several months undetected, it is uncertain how much amount or what kind of sensitive information has been exposed in the cyberattack.

No Organization is Immune to Cyberattack

Every organization, irrespective of its size, can become a victim of a cyberattack. It was last year in July when almost every part of the world was imposing a nation-wide lockdown to control the wide-spread of COVID-19. The popular microblogging platform Twitter came under a cyberattack.

Twitter Support informed the users about the incident (Source: Twitter)

The hackers targeted a group of employees with a phone spear-phishing attack. They used the credentials of the employees with access to tools which resulted in compromising the Twitter accounts of major companies and individuals. 

Reportedly, hackers targeted 130 Twitter accounts and tweeted from 45 accounts including Bill Gates, Elon Musk,  Barack Obama,  Jeff Bezos,  Joe Biden,  Kanye West, and  Mike Bloomberg to promote a bitcoin scam. The hackers also accessed the DM inbox of 36 Twitter accounts.

The malicious actors not only hacked the U.S. government agencies and Twitter but also accessed the privacy of the users. And this is where the question arises why data privacy matters.

Why is Data Privacy Day Important?

In this era with the rapid advancement in technology, having relevant data is the key to the success of any organization. Unsurprisingly, it is known as modern oil. Almost every organization is collecting and combining the data in order to put the right content, in front of the right person, at the right time, and on the right platform. 

The data is collected from the users or customers who submit their personal information trusting the organization or the business. But when the same data goes into the wrong hands, the worst possibilities can happen. A data breach at government agencies, as stated above, can put the nation’s top credentials in the hands of a hacker.

A data breach at a social networking site like Twitter resulted in cybercriminals misusing for scams. A breach in an organization can put the employee’s personal information in the hands of hackers who can use it for other malicious activities such as identity theft.

Users submit their credentials and personal information to the companies with the trust of receiving a better service and with the trust that their data is safe and secure. So, disregarding the size of a company, it is the responsibility of every organization to safeguard this data at any cost.

That’s why data privacy is introduced and why nations observe Data Privacy Day to prevent every individual and organization along with the employees against data breach.

Effective ways to protect your data and celebrate Data Privacy Day:

  • Enforce and strictly follow a strong password policy. Strong passwords consist of eight or more characters and a combination of lower case, upper case letters, numbers, and symbols.
  • Keep the software and systems up to date with the latest security patches. Recent updates come along with the security patches that allow your organization to secure and protect the data.
  • Conduct proper testing services like vulnerability assessment and penetration testing. It helps in identifying cyber threats and categorizes the threat level, based on its level of sensitivity, value, and criticality to the organization.
  • A data breach can result in the eradication of all your organization’s data. So, it is an important initiative to back up the data so that it can be easily recovered in case of a data breach or a server crash.
  • Provide cybersecurity awareness training for the employees with tools like ThreatCop. Make employees aware of their responsibilities towards data security by making them aware of cyber threats and preventive measures to combat them.
  • In order to protect the data, one of the best practices your organization can initiate is to encrypt both secondary and primary copies of data. It allows you to protect the data confidentiality when it is stored on computer systems and while transmitting on the internet or other computer networks.
  • It is everyone’s responsibility to protect the data. So, spread the awareness of securing sensitive information and credentials to every individual and organization.

Let’s not wait for another data breach to take place or another Data Privacy Day to remind us of how important our data is and why we need to protect it. But let’s start today to implement cybersecurity measures in order to safeguard our data and fight against cyber hacks and threats surrounding us. 

Turn Your Employees Into A Cyber Threat Shield!

Make your employees proactive against prevailing cyber attacks with ThreatCop!

The post 28th January: Save the Date. Save the Data! appeared first on Kratikal Blog.

*** This is a Security Bloggers Network syndicated blog from Kratikal Blog authored by Richard Singha. Read the original post at: https://www.kratikal.com/blog/28th-january-save-the-date-save-the-data/