The digital revolution has brought unprecedented changes to the way we communicate, operate, and live our life. The Internet is helping us perform most of our day-to-day activities and functions with ease and much faster turnaround time. It therefore not a surprise that the same Internet is being misused by people with criminal mindset in carrying out illegal and unlawful activities such as identity theft, cyber-extortion, theft of credit card/bank account details etc. The rate of cybercrimes has increased exponentially over the past few years. Cyber attackers can target either you or your company and you may not even know it until much after the attack has been carried out.
This is where data security comes into play.
Data security is the process of protecting and securing your private and sensitive data from unauthorized access, misuse and corruption.
Each one of us has data/information that is sensitive, private and personal, information such as date of birth, address, bank account and credit card numbers, passwords, important files, pictures, videos on your laptop/phone/computer etc. Your personal data is always at the risk of unauthorized access and misuse. If ignored, these threats could cause serious loss of your money and reputation.
Common Security Attacks You Could Face:
Some of the common data security attacks that one could face in your day-to-day life:
- Email spam and phishing attacks. A spam email is an unsolicited email sent to your inbox. Usually, these emails are related to advertisements, promotions etc. and could contain links to the websites that could be dangerous. Phishing attacks aim at stealing your personal and private information such as passwords, bank account and credit card numbers etc. These attacks are typically carried out by spoofing emails that appear to have come from a legitimate source.
- Identity Theft – An attacker could steal your personal identity and/or financial information and use it to commit fraud.
- Loss of privacy due to the use of social networking sites – Your profile page, posts or other activities on social networking sites could accidentally leak your personally identifiable information (PII). A classic example of this is people posting their personal information such as date of birth, address etc. on their profile which is readily accessible to attackers.
- Malware attacks – Your laptop and computer could get attacked by a malware. Typical malwares are viruses, trojans and spyware. Virus is a malicious program that replicates itself and corrupts files and folders on your laptop. Trojan is a program that looks like a genuine application but provides backdoor entries to other malicious programs that steal your data. Spyware programs aim at collecting data about users and their behavior such as Internet browsing history etc. They could get installed with or without your permission.
Steps You Can Take To Protect Your Data
While it is important to understand how your personal data can be at risk or accessed to be misused, it is also important to understand what you need to do to prevent the same. Below list highlights some of the actions that one needs to take to protect personal data:
- Understand the significance of data security and data privacy and the consequences of not protecting your data.
- Use strong passwords. Store your passwords in safe and secure password vaults.
- Avoid using public computers and WiFis to access sensitive and private data.
- Protect your laptops and computers from malware, spybots, virus and phishing attacks. Ensure that you install anti-virus, anti-malware, anti-phish and Internet security softwares from reputed providers only.
- Do not provide your personal information such as bank account numbers, passwords etc. in a reply to emails sent by unknown or spammy senders.
- Limit the information you post on your social networking handles. Totally avoid posting personally identifiable information on your social networking handles.
Data Security For Your Organization
Every organization has data/information that is sensitive, critical and classified to its business. Such information comprises financial and accounting data, product design docs, trade secrets, future plans, employees data etc. Leakage of classified information to competitor(s) poses serious financial risks to its business. Apart from this, an organization also has to ensure the CIA triad for it data:
- Confidentiality – data has to be protected from unauthorized access
- Integrity – data has to be protected from spurious and malicious updates.
- Availability – data is accessible to the relevant stakeholders as and when they need it.
Next section describes the common attacks faced by an organization.
Common Attacks Faced By Organizations
In addition to the common attacks such as Virus/Malware/Spyware Attack, Email Spam/Phishing Attacks etc. an organization could face the following attacks that breach the confidentiality, integrity and availability of data:
- Distributed Denial of Service (DDos) – The goal of this attack is to make a service or application unusable. The attacker bombards the services/application with thousands of requests simultaneously from different locations. For example, suppose you have a website for online food ordering and delivery. An attacker could send thousands of fake “View Menu” requests to your website within minutes, thereby making the website slow and practically useless for genuine users.
- Man-in-the-Middle (MITM) – This is a cyberattack where an attacker positions himself between two communicating parties to eavesdrop on the messages they exchange.
- Advanced Persistent Threats – These are attacks where an unauthorized user gets access to sensitive data by using advanced and clandestine hacking techniques. These attacks are hard to detect and sometimes attackers continue to access data for a prolonged duration before getting detected.
Organization Data Protection Measures
Following are some of the preventive measures that an organization could implement to ensure securityof its data:
- Identify what data and information get generated in your organization. Classify the data based on its sensitivity and criticality.
- Protect sensitive data by applying encryption/decryption. To prevent data loss, ensure it gets backed up regularly at a safe location.
- Protect hardware (storage, computational processors etc.) against virus, malware and spyware attacks by installing good Antivirus & Internet security Sofwares.
- Protect networks by installing strong firewalls. Firewalls protect networks from malicious attacks initiated from outside. Ensure that end-to-end traffic is protected using TLS and SSL certificates.
- Protect data from internal threats such as accidental leak of data and/or human errors. Ensure that strong data access protocols and policies are enforced within your organization.
- Conduct periodic audits and reviews of the information security practices. Hiring a third-party security expert and going for the ISO 27001 certification is also beneficial.
As the adage goes, prevention is better than cure. Indeed. Same holds for data security as well.
Did you notice any corrections to be made on this page? Submit your feedback here. We will take the necessary action.