Do you really need a Hallmark Holiday to remind you to be savvier with your personal information and more careful in your conduct online? Of course, you do not! Moreover, why would you alter your behaviour in this regard just for a week?
As this year’s National Consumer Protection Week begins, we find ourselves as citizens at a crossroads. Use this week as the catalyst for long-term change in our behaviour towards digital data, systems and cybercrime, or acknowledge it for a few days or hours and slip back into bad habits almost immediately.
Consumers are more protected and empowered by law in the digital age, yet we don’t do more to use of the protections afforded to us legally. We do it with regards to our physical safety and security, yet digital personal protection is not always considered to be equally important.
We’ve seen a surge in phishing attacks on consumers as cybercriminals step up their efforts to harvest valuable login credentials and personal information that can be used for identity theft.
We’ve seen ransomware rise, as trusting consumes find themselves – and their computers – duped into downloading and executing code that demands money with menaces for the return of the user’s operating system and data. Even if you pay, your sensitive information will still be harvested, even if the criminal does release the machine.
We’ve also seen major organisations suffer data breaches that have compromised personal financial and identity information. High-profile retailers, airlines, hotels, banks and online services have been affected by breaches in the last 12 months.
There’s a global cybersecurity skills shortage of nearly three million functions that need to be filled. That means that users can’t just blindly assume that the world around them is completely secure. Sadly, it simply isn’t and won’t be any time soon.
More power to consumers!
It’s not all bad though. We’ve also seen an enormous increase in the power that consumers have available to protect, defend and define how and where their personal information is used, stored and shared.
Legislation such as the EU’s General Data Protection Regulation (GDPR), the NIS Directive, the California Consumer Privacy Act, and the Philippines Data Privacy Act of 2012 are just a few of the more notable examples of law changes that have put power over consumer information back in the hands of the individual, while commanding public and private bodies to deliver a far higher standard of conduct.
Firstly, as a society we need to take our consumer rights more seriously with regard to our digital footprint, our digital data and our online relationships with sites and services. The consumer power that legislation such as GDPR has clarified, such as the right to be forgotten and expectations for data protection and incident disclosure, need to be used when appropriate. This is to keep sensitive information out of the reach of those who shouldn’t have it, as well as keep organisations honest.
You wouldn’t leave your car sitting outside your house overnight, unlocked, with the keys in the ignition, would you? If you have weak passwords, the same password across everything you use, or your passwords written down in easy view of other people, then you are basically doing the same thing digitally as inviting someone to steal your car.
Sort out your personal digital security. Change those passwords, don’t use the same password on two different logins (let alone across 50). Use a password logger tool to help you keep track of your more complex password history, as well as monitor to see whether your usernames and passwords turn up on any known lists of stolen or leaked information.
Finally – preach what you practice. Push your family, your friends and your colleagues to be smarter, safer and more secure online. But do it all the time – not just for one week a year!
- As director of cybersecurity advocacy for (ISC)2 in EMEA, Mary-Jo de Leeuw works to encourage corporations, governments, academia and others to collaborate on strong cybersecurity policies, legislation and education.