As we approach January 28, Data Privacy Day (DPD) or #PrivacyAware Day, it is important to refresh our understanding of how we manage our privacy. Celebrated annually, #PrivacyAware Day is led by the National Cyber Security Alliance in an effort to empower individuals and businesses to respect privacy and safeguard data. As a featured nonprofit partner, Identity Theft Resource Center (ITRC), takes a look at how data privacy has been affected recently and the efforts needed to remedy the situation.
Increase in the number of records exposed containing personally identifiable information
The ITRC has been tracking public disclosures of data breaches since 2005, and we will release our latest 2018 End of Year Data Breach Report on January 28 in conjunction with DPD. Of the watershed moments we noted, while the number of breach incidents is less than in 2017, the ITRC saw a 126 percent increase in the number of records exposed that contained sensitive, personally identifiable information. With data breaches continuing to pose a problem year to year, consumers should be wary of handing out personal identifying information now more than ever. The public has to stop asking what if their data is breached and instead ask when will their data be breached.
Continued exploitation of usernames and passwords through credential cracking
The exploitation of usernames and passwords by nefarious actors continues to succeed due to the increase in credential cracking activities – not to mention the amount of data that can be gleaned by accessing accounts that reuse the same credentials. Consumers should always take precaution with their personal information, including only giving it to the parties who absolutely need it. There are several actions consumers can take to ensure they are well protected against potential data breaches and other scams. This could include not reusing passwords, two-factor authentication and limited account creation.
Businesses also need to take steps to ensure their cybersecurity is protecting employees and any sensitive customer information they might store. Businesses should educate their employees about popular phishing scams and provide training in safe online practices. They should also safeguard company and personal information with firewalls, safe network choices and verified third party partners. CyberSecure My Business™ offers interactive workshops to help small and medium-sized businesses learn to be safer and more secure online.
Consumers and businesses alike need to hold companies responsible for storing their personal information to the highest standard of cybersecurity
With more and more personal records exposed during breaches, companies need to take action to avoid a breach in the first place. Furthermore, when companies announce news of a breach, they need to do a better job of defining what that means for their customers and their data. Glossing over breached data by referring to it as “employee records” or “customer information” does not allow those affected to take the appropriate steps to protect themselves.
It starts with us, the advocates for consumer education and industry decision-makers; we must create systemic change starting from within. We need to provide resources to the public that can be both widely accessible and easy to use, like the free ID Theft Help App, in order to affect real change on behalf of victims of identity crimes. The ITRC will continue to advocate for the best practices in cybersecurity to be applied globally; however, criminals are always evolving and even the most secure companies can fall victim to data breaches. We’re calling on industry, government and other advocates to take better, stronger and faster proactive and reactive steps in protecting the sensitive information they collect.
The Identity Theft Resource Center is a 501(c)3 national nonprofit providing free assistance to victims of identity crimes.