OK, that was snarky and sarcastic, but probably not too far off the mark for the way most observe the day. If you’re reading this blog, you likely have more than a passing interest in cybersecurity or security awareness. Many of you have all your fingers Hans Brinker-like plugging holes in the dike. But instead of saving Holland from a watery deluge, you’re trying to stop a flood of phishing attempts and keeping the bad guys out of your systems. Celebrating Data Privacy Day can feel a little back burner-ish on your priority list.
Good cyber hygiene is a good first step
But that’s not to say the basics of good cyber hygiene touted on Data Privacy Day can’t make a big difference in the core challenges business and security awareness advocates face. Practicing basics build security muscles, which may prevent a family member from clicking on every survey popping into their social feed. Or it might compel a finance manager to think twice about the suspicious email from the CEO urgently ordering $250,000 to be wired to another company.
That icky no control feeling
Most of the privacy buzz today is reflective of the confusion and out-of-control feeling people have over their personal information. A KPMG survey released in August 2021 found that 86% of U.S. adults have a growing concern about data privacy. Four in ten also stated they don’t trust companies to ethically use their data. How about considering a few suggestions to take back control this Data Privacy Day?
There is no excuse for not updating your privacy settings
The National Cyber Security Alliance (NCSA) is the lead dog on Data Privacy Day and it has excellent tools available to involve your organization. NCSA also built a page with links for updating your privacy settings on most of today’s leading devices and apps. I’ve blocked out an hour after work to do this. You should try this since NCSA took away all the hard work.
Privacy meetups. Just add donuts.
The International Association of Privacy Professionals (IAPP) is extending its privacy awareness-raising efforts for the entire month of January. That’s commitment! KnowledgeNet chapters around the world are organizing meetups to network and share experiences. You can check its site to find a meetup near you. If you’re looking for simple tactics to raise privacy awareness at work, the IAPP encourages bringing donuts for a quick stand up to generate discussion and thank employees for safeguarding privacy. I can get behind anything that includes donuts.
Free protection tips
Infosec receives many requests for quick and easy tips organizations can share with employees and families. You can download free posters like 10 Ways To Protect Your Personal Data and post them in the office breakroom. Better yet, put a copy of it in each employee’s desk or workspace. With a donut. Taking even a little action can make a difference in your privacy and security. Even a technology dinosaur like myself has implemented a lot of these tips. If I can do it, you and your workforce can. Here are my five new habits for 2020 Data Privacy Day. Try them with me:
Careful what you click
Infosec regularly sends me phishing simulations to stay sharp, But I can point to the 2021 Data Privacy Day as the time when I decided to knuckle down on checking emails and not clicking on every link simply because it’s there. Nigerian Princes must miss me terribly. Super important surveys from nobody I know on social media? Nope. Nada. I quit. I mean really, folks. Do you need these?
Plug the Bluetooth siphon
I also got in the habit of turning Bluetooth off when not in use. That was an embarrassingly easy habit to acquire and it should slow down the amount of my information siphoned from my phone.
Patch, patch, patch
I’m going to be more conscientious to quickly update patches sent by the companies and apps I use. Updating patches can do a lot to keep the boogeyman away.
Authenticate, authenticate, authenticate
Adopt two-factor authentication on everything I can. I’ve also declared 2022 as the year to start using a password manager. Because at this point — what am I waiting for?
Dean Wormer approved
I told you about knuckling down and not clicking email links. But in 2022, with a nod to the Animal House movie, I’m redoubling those efforts with double-secret probation checking on links. Trust me, that’s funny. Google it. After all, social engineering has been on an upward trend since 2017, and more than 80% of those incidents includes phishing, according to Verizon’s 2021 Data Breach Investigations Report. We’re not going to resolve the larger questions about balancing the personal information we give away in trade for the convenience of using the apps and devices that have become part of our lives. But if nothing else, how about using 2022 Data Privacy Day for making a few changes that will move your personal privacy needle. Take 15 minutes to encourage your team members to plug up a few of their information leaks. Confetti and balloons not necessary, but highly recommended.