Each year, January 28 marks a global effort to highlight one of the most important aspects of our digital world: data privacy.
That’s because the first legally-binding international treaty dealing with privacy and data protection, Convention 108, was ratified by the Council of Europe on January 28, 1981 — 40 years ago today. Americans commemorate the signing with Data Privacy Day, while Europeans observe the same anniversary as Data Protection Day.
Whatever you call the day, in the 40 years since the signing, the importance of data privacy has probably never been higher than it is today.
Data privacy is all about the proper handling of data, including how it should be collected, stored, managed, shared, and deleted. Various laws guide data privacy, depending on your location, but organizations need to have internal policies as well.
Around the world, data privacy laws are generally intended to give individuals knowledge of — and control over — how their data is viewed and used. For this to be possible, organizations must practice data security, meaning that they take measures to prevent unauthorized third-party access to data.
Personal data is relied on by organizations for daily operations, including everything from providing services to tracking customer behavior and buying habits. But in the hands of cybercriminals, that same data can enable identify theft, fraud, and other crimes. And data growth is explosive — doubling in volume every two years — making its protection both more challenging and more vital every day.
Data Privacy Day / Data Protection Day is an annual reminder of the importance of securing our digital footprints, and a call-to-action for smarter and more responsible management of personal data.
Modern data privacy challenges
Acronis recently published the Cyber Readiness Report 2020, which revealed the results of its survey of 3,400 IT managers and remote workers across 17 countries. Among other questions, this research explored the key cybersecurity and data protection challenges that businesses are currently facing with remote work in a world shaped by the COVID-19 pandemic.
Between the findings in this report, and the insights gleaned by ongoing monitoring from our Acronis Cyber Protection Operation Centers (CPOCs), there’s cause for concern around data security — and, in turn, data privacy:
- Over half of global companies adopted new data privacy tools last year. The rapid shift to a work-from-home model forced organizations around the world to quickly embrace new technologies. Many businesses lacked sufficient enough time to properly research and vet their solutions of choice — as well as the budget to work with proven vendors and to train employees in the software’s proper usage.
- Password stuffing was the second-most common type of cyberattack in 2020, second only to phishing. In these attacks, cybercriminals use lists of compromised user credentials to gain access to the user’s accounts on other tools or websites, based on the principle that people often reuse usernames and passwords across multiple services. Many individuals created new accounts for applications that enable remote work, and cybercriminals have reacted quickly.
- Around 80% of global companies have no password policy at all. Even among those that do, the resultant passwords are often weak: 15–20% of corporate passwords include the company’s name. Cybercriminals are aware of this weak security, which helps explain why the number of brute-force attacks skyrocketed in 2020. SolarWinds — now notorious for the supply-chain attack that compromised their Orion platform to breach multiple U.S. government agencies late last year — was allegedly warned multiple times by cybersecurity analysts that their internal data privacy practices and weak passwords (like solarwinds123) were leaving the company exposed.
- Thirty-one percent of global companies are attacked at least once per day. Companies in India reported the steepest attack rate, with the United States and the United Arab Emirates rounding out the top three. Meanwhile, 9% of companies reported being targeted by cyberattacks at least once per hour.
- Companies lose $400 billion to hackers each year. As of April 2020, the average amount paid by companies to settle ransomware attacks had climbed to $111,605. As steep as these price tags may be — and as strong as the inclination may be not to cooperate with cybercriminals — the operational, financial, and reputational costs of permanent data loss can be fatal to a business.
Many companies have gaps in their data privacy procedures, and awareness among individual users continues to lag, with employees being less likely to follow safe data practices when working from home. The risks are real: privacy breaches may lead to costly downtime, steep fines, and significant reputational damage. Acronis CPOC analysts expect the financial impact of data exfiltration to soar in 2021, owing in large part to poor password hygiene and lax cybersecurity habits of remote workers.
Securing your digital future
As more and more aspects of our lives take place in the digital sphere, it’s increasingly important for individuals and organizations to understand data privacy — and to take steps to safeguard their personal information online.
To that end, modern businesses are encouraged to strengthen the authentication requirements around access to sensitive data. Best practices include:
- Multi-factor authentication (MFA), which requires users to complete two or more verification methods to access a company network, system, or VPN.
- User and entity behavior analytics (UEBA), which uses statistical analysis to help quickly identify breaches by monitoring for behavior that deviates from normal user activity patterns.
- Adoption of a zero-trust model, in which all users are required to authenticate themselves and continuously validate their security to access and use company data and systems.
Given today’s fast-changing cyberthreat landscape, safeguarding your data, applications, and systems requires comprehensive cyber protection — the integration of data protection and cybersecurity. That means balancing the Five Vectors of Cyber Protection: safety, accessibility, privacy, authenticity, and security (SAPAS).
While data privacy is just one part of the puzzle, it is a particularly important consideration given the damage that can be caused by not protecting private personal or business-critical data.
As the world marks 40 years of Data Privacy Day / Data Protection Day, we encourage everyone to observe the holiday by redoubling their efforts and adopting a modern cyber protection approach to safeguarding their data.