Tomorrow, January 28, marks the annual Global Data Privacy Day, an annual reminder of the importance of safeguarding personal information in our always-connected society. With the boundaries between the online and offline realms becoming increasingly blurred, we find ourselves generating an unprecedented amount of data about ourselves, our loved ones, and our personal lives.
While Data Privacy Day provides an opportunity for individuals to reflect on their own data privacy practices, it is also a call to action for the cybersecurity industry as a whole. As our dependence on technology and its influence on us continue to grow, it is imperative that we take a proactive approach to protecting our personal information.
It is no longer enough to simply be aware of the potential risks; we must take concrete steps to mitigate them.
It is increasingly clear that the cybersecurity community must raise awareness about the wholesale lack of policies and systems that actually protect consumers’ data. High-profile breaches at tech companies, as well as internal turmoil at major players like Twitter, have shown that personal data is constantly at risk of being exploited by threat actors, mishandled by employees, or even sold for profit. It is the responsibility of the cybersecurity community to educate the public about these risks and empower them to take steps to protect their information.
As cybersecurity practitioners, we have a responsibility to educate our loved ones on the best ways to protect their personal information online. This starts with the basics of good cyber hygiene, such as using strong passwords, enabling two-factor authentication, and regularly updating security software on devices and apps.
It’s also crucial to stay informed about the latest phishing, fraud, and social engineering scams, so that individuals can avoid bad actors looking to exploit vulnerabilities in their online activities. And when friends and family members tell us about a new app or service they’ve started using, we should encourage them to read the terms and conditions carefully, understand how the app makes money, and what it is doing with the information it collects so they can make an informed decision about whether or not to share their personal information with the company.
It’s critical for consumers to stay vigilant as online platforms and social media apps, especially those that are “free,” still do come at a cost. Algorithms designed to direct users to apps, and keep them there longer, often work in manipulative ways that do not align with users’ best interests, collecting detailed and sensitive data that can be used to target people via phishing emails, propaganda, and/or controlling/accessing devices.
As cybersecurity leaders, we have the responsibility to raise awareness of these practices and give users the tools to make an informed decision about their data and online activity.
For too long, American consumers have shared their data with corporations online without the shield of effective, holistic data privacy legislation, and the cybersecurity industry can take advantage of the current heightened data privacy concerns to demand long-lasting and comprehensive legislation from our elected officials that will hold data collectors accountable. Despite ongoing legislative efforts to ban TikTok on U.S government systems, a wide-reaching bill targeting data collection and usage practices of all consumer apps will ultimately benefit users more than action taken against one singular app.
If there is one thing for people to take away today, it’s that data privacy and protection is not someone else’s problem – and we can have a direct, positive impact through our own individual choices and collective action.