Why Data Security is the Need of the Hour?
A Complete Guide to Data Security and Some Tips That Might Help You Protect Your Precious Data.
Data security, in simple words, can be defined as the security of some private information that a person or an organization, under normal circumstances, is not willing to disclose in public. For instance – you are comfortable telling your name or height to a known person but when it comes to your ATM pin you are not comfortable sharing it.
Due to the increase in cases of data breaches, companies and governments around the world have become meticulous and are paying more attention to data security. If you compare the current scenario with, say, a decade ago, you’ll find that things have changed drastically.
With more and more people shifting towards the digital world of social media and the Internet, it has become quite difficult for the companies and the start-ups to store the ever-increasing private data of people, while ensuring that it is safeguarded from the hackers.
With the advancements in technology like faster computer and high-speed internet connections, which are a boon to hackers, the public’s data is at stake and many companies don’t even have a planned response mechanism in case of a cyber-attack.
Over the years, more and more people are getting aware of data breaches and are eventually taking steps to protect their private data, though there are some areas where we people need improvements.
Data breach 101:
In the 21st century, the technology is advancing at a very speedy rate and as the AI advances there comes a lot of risk to your private data. With all these advancements in the cyber world and the gadgets that we use in our day to day lives, though we feel that all our private data is safe and password-protected and is only accessible by us, the reality is not as many of us expect it to be. Most of the data breaches that occur in our day to day lives, for instance, all the spam emails, banking frauds, social media accounts being hacked and many more are generally due to our ignorance towards some important instructions, which we must pay attention to.
The following points highlight the general data breach reasons:
- First and the foremost point is that due to the major advances in Artificial Intelligence and Machine Learning, which are very easy to use and are quite fascinating, but these cool features come at great risk to our data. For example – The face unlock feature that comes in almost all the latest smartphones is very fascinating but due to this feature, we are giving away our facial data and our fingerprints (which are crucial elements of our identity and are used for all sorts of KYC verifications). The data could be stored in the company’s database without us even realizing it.
- Secondly, most of the banks have their apps for a transaction and net banking which most of us use in our smartphones, when we log in to these apps using our account information, this information gets stored in the banking software.
A security breach on the bank’s database can result in the leakage of all this private data. Not only this, after all the transactions are made, most people leave the apps logged in.
In such a case, the data can be accessed later on, which can prove out to be an expensive mistake. So, it is advised that you log out of the banking app as soon as you are finished with your work.
- What many people don’t realize is that the banking apps that we use on our smartphones keep a record of the data that we enter in the form of cache, and even after years, that data can be accessed using some special software and a bit of knowledge about hacking. This is the major reason people are advised to do their banking work on their desktop or PC rather than doing it on a mobile app as we can delete the browsing history of a website but it is difficult to root a mobile phone to delete all the app-related cache.
- The spam emails that most of us see daily are mainly targeted towards our occupation, interests, etc. These e-mails are planned accordingly to target our weak points so that we fall for these traps easily.
- One more thing through which our voice data, our search history, and our interests can easily be retrieved are the smart IoT (Internet of Things) devices that have become quite popular recently. These devices record our voice data and also store most app-lock passwords so that these apps can be opened by these devices on our demand with ease.
Now that you know some of the reasons why a data breach might occur, let us have a look at some of the most popular and scandalous breaches to date.
Major Data Breach Incidents:
- Facebook Data Breach Incident:
On the day of 28th September 2018, Facebook publicly announced that the accounts of nearly 50 million people had been compromised and to date, it is not known who accessed this data and to what extent was the data compromised. The data breach was not fixed until 20th August 2018, and as a result, Facebook had to force the reset of around 90 million user accounts.
- Chinese Apps Data Breach:
At the beginning of the year 2019, the US President Donald Trump was eying on the Chinese company Huawei due to the trade wars between China and the USA.
Finally, in May 2019, the President banned the Chinese company from doing any trade with American organizations such as Google, Qualcomm, and Intel, due to which the company suffered major losses.
Here, the company accused of spying on the US citizens and stealing/selling their data via their products, though no hard proof was given by the US Government to address this issue.
Due to the company’s good relations with China, it was preferred to ban the company on US soil, rather than waiting for the proofs.
Another major China-related scandal that happened recently was India banning around 118 Chinese apps, including the world-famous game PUBG Mobile.
These apps were banned because they were transferring Indian users’ data abroad, allegedly to China, without proper authorization.
- Bug in Google Plus:
Google, the technology giant, launched a social networking site named Enter year
Google Plus that allowed people to interact and do other social media stuff.
However, on November 7th,2018, an update came through that exposed the personal data of around 52 million people and the bug was not fixed till about 6 days later on November 13th, 2018.
The exposed data included all sorts of private data regarding the user, such as their occupation, email addresses, passwords, etc.
- Cambridge Analytica Scandal:
Cambridge Analytica data scandal is one of the biggest scandals of all times whereby data of millions of people was collected through Facebook and even their private chats, and then this collected data was sold, to target specific voter groups to influence the US elections.
This company made an app in 2013 and they started collecting private data through this app, claiming it to be academic research.
In 2015 the first complaint was filed against the company and many more complaints followed suit in 2016 and 2017.
But finally, in 2018, the data breach was exposed by Christopher Wylie (a former Cambridge Analytica employee) and the company had to be shut down, and then after all this, Facebook also confessed to giving the company the rights to view and store the public data and even the private conversations of the users.
Healthy Practices to Avoid Data Breach
According to the Information Commissioner’s Office (ICO) around 1500 incidents under the classification of “Cyber Security Incidents” have been reported, and that too only in the first quarter of 2020.
Though the number of cases has declined as compared to the last year, still the people continue to fall victim to these cases.
Out of all these reports, around 200 were related to phishing. According to the Fourth Annual Study on the Cyber Resilient Organisation, only 23% of the companies have a cyber-attack response plan, which is a very small percentage considering the present scenario.
According to the renowned security consultant Frank Abagnale, the password and username authentication system of many companies is so outdated that it can easily be cracked. There are many small things to which we don’t pay attention and often fall victim to Data breaches.
Given below are some points that highlight some of the general things which we can do to protect our data and ourselves from the ongoing frauds:
- Firstly, we should try to avoid using simple passwords for our devices, such as laptops, smartphones, etc. And we should also avoid using unreliable safety features like the face unlock.
- Secondly, for banking and other related work, always prefer a desktop device rather than a mobile device.
- If you are a technology geek, it is advised that you should learn how to root a mobile phone and gain super-user access to your device, so that all the data can be deleted easily. This should especially be considered in case you are planning to sell your phone and don’t want anyone recovering your private data later.
- The basic thing that most of us miss while installing an app is the Terms and Conditions and the permissions that we grant to these apps. For an instance, while we install Google Maps, it asks for your permissions regarding the storage of your location data (which at times may be necessary). But from that, it also asks us the phone, contacts, and storage permission which we generally grant to it in a hurry without even thinking much about it. However, we should refrain from this behavior and only grant the necessary permissions to an app and that too after properly reviewing it.
- We should keep a regular check on the permissions granted so that we are safe from any kind of data breach.
- Also, refrain from using the same password for multiple platforms. This ensures that in case one of your accounts’ data, including the password gets exposed, the other apps and their data doesn’t become vulnerable. Not only this, it is advised that one should change their account passwords frequently so that even if there’s a breach that you were unaware of, chances are that changing the password might prevent further leakage of your data.
- Before clicking on any email and giving out your private data on the Internet, make sure you think it through several times before doing so. If you suspect something can be a scam, chances are that it most definitely is.
In the end, the most important tip— Educate yourself technologically. In this digital age, each person should be aware of their digital rights, and how to protect these rights. Follow some of these steps that we mentioned above, stay alert online and chances are that you will most probably avoid getting breached.
About the Author:
Kushagra is a second-year student at VIT Bhopal learning CSE with a specialization in cybersecurity and digital forensics. Kushagra is a self-motivated person who believes in continuous learning and skill development and enjoys learning about the digital world.