Privacy and security are often assumed to be identical, but they are not3 min read . Updated: 13 Feb 2020, 08:54 PM IST
All it takes is one click on a wrong link for your data to fall into the hands of a cybercriminal
With the growing impact of technology on our lives, privacy and security have often made people anxious. As large enterprises adopt Big Data, Internet of Things, and cloud, security has become crucial. Data is indeed the new oil and personal data has never been more easily available.
When you connect to public Wi-Fi or a public network, the apps and websites you use collect your personal information under the pretence of serving better ads, which could be mined by data aggregators and sold to anyone willing to pay. We often hear news about corporate databases getting hacked, releasing thousands of names, email addresses, and banking information. All it takes is a click on the wrong link and your computer could send all personal data to cybercriminals.
Interpreting Privacy and Security
Privacy and security are often assumed to be identical. However, they are not. Knowing the difference may help you protect yourself in an increasingly digitized world.
Security deals with measures put to protect digital data from unauthorized users, like cybercriminals and hackers. It also focuses on types of information assets that an organization collects. For example, while a home security system protects the integrity of your house, data security protects your valuable data and information like passwords and documents.
Privacy deals with protecting personal information. It refers to the rights with which one controls the usage of personal identity; focusing on information like names, addresses, Aadhaar numbers and banking credentials. For instance, the privacy policies that one is required to adhere to when downloading applications.
What is the threat?
Information is being collected at an extraordinary rate, companies have become aggressive in selling you more products, wanting insights into what drives you and what events occur in your life, to offer relevant products.
For example, in a financial institution, its employees across the country may have access to all customers’ account details, so customers can access them by visiting a branch in their home-town, or halfway across the world. However, privacy only allows access when a business need arises; say if you want to access your account. Privacy stops employees from viewing a neighbour’s account details or the balance of a famous personality out of curiosity — though they have complete access to the data.
Businesses also face threats of malicious ransomware, unpatched vulnerabilities, and security bugs. Small businesses are more likely to encounter cyber-attacks. Large companies move data between servers in different global locations. Storage and other resources in cloud are often deployed and configured with a range of tools and default set of configurations. There are chances of breaches, and accidental exposure of cloud resources.
How to secure your data?
Individuals should be responsible enough to not randomly share data. Companies handling data must ensure that they process it securely, and if required, access it by approaching the court. Governments should create a safe and easy data management environment. Consumers should diligently safeguard themselves while giving access to personal information. Here are a few measures consumers can take:
•Understand the policy documents and implications of data shared while registering on websites or applications
•Use two-factor authentication to control access to sensitive systems and data
•Limit sharing of personal information online or with data brokers
•Secure the data on smart devices with security software and use safe networks for data sharing
Businesses too should take measures to secure their data. Cybercriminals are finding newer ways to make money, with account takeovers and business email compromise attacks. Email protection is essential to help in email filtering, spam blocking, encryption, etc. Employees too must also be informed and guided. A continuous, customized training and simulation platform will facilitate recognizing subtle clues to stop email fraud, data loss, and brand damage.
With growing dependence on advanced technologies such as artificial intelligence and machine learning, we can expect businesses to find new profitable ways to use the data and expect rogue agents to find new ways to exploit vulnerabilities.
Murali Urs is country manager at Barracuda Networks