In this perfect world we live in, businesses, governments, and other organizations are all honest and get cybersecurity right. They have all the knowledge and resources on their side, and all the data comes together in their systems, so of course they take proper care of everyone’s data. I mean, why wouldn’t they, right? What’s there to worry about?
Sarcasm aside, if we take a look at the facts: on the one hand, organizations actually do quite a bit in terms of cybersecurity. Recent statistics show that the average spend on cybersecurity is about 5.6% of overall budget. A lot of that was spent on perimeter defense; keeping computers, operating systems, and software up to date; creating backups; and limiting access to corporate information. While that’s all well and good, it’s still not a guarantee that hackers won’t get access to sensitive data – especially when it comes to insider attacks.
The simple fact is that there’s no such thing as a silver bullet with cybersecurity.
Now, on the other hand, we have organizations that live from selling user data by offering “free services” in exchange for users’ personal information. Some of them are in a monopoly position that they can leverage to get users to agree, albeit reluctantly, that more and more of their data be collected, shared, and sold. They’re able to do this because users have no alternatives to turn to that offer a similar service and have the same size user base.
While many people are either apathetic or blissfully unaware about what can happen to their data, the fact is that it’s their privacy, credit score, and even physical safety at stake. Keeping that in mind, the most important thing is to spread cybersecurity awareness. This is equally true for employees of a company as it is for us as private individuals.
But honestly: How aware are private individuals these days?
According to statistics 35% of people use weak passwords and 55% of people use the same password for the majority of services they use.
And what’s worse, 97% of people are unable to identify a phishing email and therefore can’t even recognize malicious behavior.
There are three steps to changing that. Regardless of age or other circumstances, it is critical that we all:
1) Become aware of and understand the risks facing our data. Everyone should know:
- How high the chances of a data breach are
- That you will not always be aware of a breach and sometimes you won’t be informed at all
- How your personal data can be abused and what the consequences are if someone, for example, steals your identity in order to change your party affiliation, take out a mortgage in your name, and open 15 new credit cards.
Once consumers become aware of these risks and understand why data protection is important - only then will they have a chance to do something about it.
2) We have to understand our rights.
While regulations like GDPR made a lot of noise in the industry, many consumers are still unsure what to do to exercise their new rights and how to find out if companies are compliant with recent regulations.
Only with comprehensive knowledge of your rights will you be able to create a plan and execute your personal data security strategy. And finally,
3) We should know our options. That means:
- Knowing what concrete steps you can take to protect your privacy
- Knowing where to find out how your data is being used
- Understanding, for example, what the right to be forgotten means and, more importantly, how to exercise that right
Consumers have to make sure that they only give data away to organizations they’ve proofed and that take the proper measures to protect data. That means actually reading the terms and conditions before clicking “agree,” deciding which data processing to allow, and ensuring that their data is pseudonymized and sufficiently protected.
Here we come to the conclusion many people won’t like: this means a lot more work - not only for companies and organizations, but for every single one of us.
You have to be clear about what you want, what parts of your data you’re willing to “sell” to get free access to services, and for what services you’re better off paying for.
This is only possible with knowledge and a personal strategy.
That’s why I think any kind of event like a national consumer protection week is great - because the best way to make sure our data is safe is to educate people.