Tomorrow marks the 9th annual international Data Privacy Day, celebrated across the US, Canada and Europe. First conceived as 'Data Protection Day' to commemorate the 1981 signing of Convention 108- the first legally binding international treaty dealing with privacy and data protection- the annual event is aimed at encouraging awareness and education for consumers about the use of their personal data, and getting businesses to open up and be honest in return.
But just how much have we as an international community learnt about data privacy since 2007? The day's tagline of 'respecting privacy, safeguarding data and enabling trust' couldn't be more ironic in the post-Snowden era when mass data breaches, privacy rows and snooping revelations seem to have become weekly occurrences. We've got cookies and tracking codes stalking our every move, and we take it for granted that whole business models are based on the buying and selling of an individual's information online.
We've learnt that governments could be willingly flaunting our rights to privacy in exchange for security protection, and that whole ecosystems of hackers and criminals are poised to exploit our digital lives for reasons even less benevolent.
Looking back at 2014, we saw an alarming number of data breaches which showed no signs of slowing down throughout the year. High profile breaches included brands such as Domino’s Pizza, Dropbox, eBay and the Central European Bank. The Breach Level Index showed that in the first half of 2014, there were 559 breaches worldwide with 175m customer records stolen, a figure that went up by 233% year on year from 2013.
But despite today's fire-and-brimstone headlines about data breaches, the problem with cyber security is that nobody is feeling the pain of the problem. Consumers know their credit cards will be replaced and they will not be responsible for financial losses. Breached companies know their stock prices will bounce right back and consumers will continue shopping at their stores.
According to a Pew Research survey conducted last year, 62% of people were concerned about their online privacy, but only half had taken the trouble to delete their online cookies in the last month. Even fewer have changed any of their online settings.
With that in mind, Jason Hart, VP cloud servoces, identity and data protection at Gemalto and a former 'ethical hacker' for 20 years, explained how we can turn those concerns into action, and at least get some basic protections in place when going about our business online.
It starts, not surprisingly, with being smarter about your passwords. Though we all know we should not use the same password across multiple accounts, it's easier said than done, but by doing this you prevent cross pollination – where cyber criminals use the same password details to facilitate data breaches across multiple organisations.
'Of course with so many online account and different passwords to remember, it's challenging to remember a different one for each,' says Hart. 'So even better to replace these with One-Time Password (OTP) authentication. In my opinion, here’s no such thing as a strong password – static passwords all carry the risk of being hacked. OTP technology is the strongest protection for users. It can generate highly secure one-time passwords to authenticate users, often they will just have to remember a PIN number in order to retrieve a new password.'
Not being tempted by free Wi-Fi is also a wise move.
'I recently demonstrated in a 5 News investigation how easy it is to hack into a coffee shop’s free Wi-Fi and gain access to the devices connected to it and view their email addresses, bank account details and other locations they connect to the internet to – be that home or work,' says Hart. 'All this, without their knowledge. Therefore, people must be more cautious about connecting to public Wi-Fi and the security risks of doing so.'
And it's hardly surprising that mobile devices are becoming a popular target for hackers, since around 60% of internet access is now mobile.
'The challenge with these devices is that because they connect to the cloud, data ends up being stored in multiple places (the cloud, the mobile, etc.) and this gives the hackers multiple attack points to use. Therefore, unless security controls are in place and companies understand the location of where the data is being stored, there is a greater risk that these devices or their data could be breached.'