Data Privacy Day is an initiative of the National Cyber Security Alliance (NCSA). Since the signing of the 1981 Convention 108, it has become an annual event celebrated every January 28. This day is particularly important because it is the only legally binding international agreement on data and privacy protection. The first celebration in January 2008 in the United States and Canada. However, over the years, Data Privacy Day has become a global celebration. The theme of the 2020 celebration was ‘Own Your Privacy’.
Data Privacy Day celebration is still under-celebrated in Africa. The reason may be because Africa only started exploring its digital space in the last two decades. However, inasmuch as the continent’s digital technology is still growing, it faces the same threats as developed economies that are far ahead. According to reports, data breaches continue to grow each year. Consequently, personal and business information, as well as valuable data, are at the mercy of hackers. Data Privacy Day helps to spread awareness on the growing privacy risk as well as educate citizens on how to protect themselves. Explaining the importance of Data Privacy Day, executive director of NCSA, Kevin Coleman said,
“With the tremendous growth of businesses collecting and using personal data and millions of customers putting private information online, Data Privacy Day works to encourage businesses to improve data privacy and security practices and educate consumers about the many ways their personal information can be used and shared.”
Highlight of Shocking Data Breaches of the Last Decade
To further emphasize the importance of data privacy day celebration, it is important to highlight important data breaches in the last decade. According to a report by Business Insider, 10 of the 15 largest data breach in history happened in the last decade. Consequently, some of these breaches helped shape the implementation of stricter consumer data protection policies.
Uber breach happened sometime in 2016. However, it was only disclosed in 2017. The breach exposed the personal information of over 57 million drivers and customers. The attackers stole personal information including phone numbers and email addresses. Also, the attackers were demanded $100,000 ransom. In the end, Uber was fined $150 million for concealing the breach.
A British political consulting firm, Cambridge Analytica, in 2018, harvested the personal data from the profile of millions of Facebook users for political advertising purposes. Consequently, Facebook was fined $663,000 which was the maximum fine at that time.
These are the two attacks that stood out for us. You can read about more of these data breaches from Security Boulevard. The simple lesson to learn from these attacks is that no organization on any digital space is totally immune. If large organizations in countries with sophisticated technologies could be hacked, you can only imagine what will happen to Africa’s young digital space. However, most African governments are only thinking about exploring digital economies without also weighing in on data privacy protection.
Awareness on Popular Techniques Attackers Use to Harvest Personal Data
As technology grows, hackers are also advancing their approach. Phishing was the most prominent hacking technique in the past. However, today there are more techniques. In line with the awareness goal of Data Privacy Day, here are the popular techniques hackers use to steal personal information from individuals and companies.
This is an email sent with the intention of obtaining sensitive personal information including driver’s license, bank account information, and so on. There are two ways they can do this. In the first method, the attacker can send a seemingly friendly message to lure you in. However, with subsequent replies, they send you phishing emails. In the second technique, they will send you an email with a link where you will have to insert your personal information.
What you should do
The first thing you should do when you receive a suspicious email is to check the address of the sender. Never click on links in emails you don’t recognize the sender. Other pointers to a phishing email include:
- Sense of urgency
- Grammatical errors
- Attachments with unknown file formats
- Email doesn’t address you by your first name, rather uses a generalized salutation
Have you ever received a call from an unfamiliar person who is requesting your personal information? Well, that could be vishing. With the growth in social media and people easily giving out personal information on social platforms, hackers don’t need to do hard work to know a bit of you—and gain your trust in the process.
What you should do
- Don’t give out personal information over the phone even if the person knows your full name.
- If they claim to be calling from any organization, visit the organization to verify yourself
This is the mobile phone version of phishing. The attackers will send you a text message with an offer or with a URL to visit. At other times, there will be a phone number that you are to call.
What you should do
- Don’t visit links in text messages from an unknown sender
- Never reply text messages from unknown sender especially when they have a tone of urgency
- Do not send your personal information through a text message
How to Improve the Security of Your Data
Most African nations have a large population of digitally illiterate citizens. This is particularly making it easier for attackers. Out of ignorance, many Africans expose their personal information. Also, many organizations in Africa lack a strong digital security apparatus which makes them an easy target. Some of the ways individuals and businesses can increase their digital security include;
- Use a strong password: A strong password consists of upper and lower case characters, numbers, and special symbols. Avoid using easy to crack passwords like ‘12345’ and ‘password’.
- Use encrypted messengers: Have you noticed that before you send a message to a contact on WhatsApp, you will see a message telling you that it is protected with end-to-end encryption? Using unprotected messengers can increase your risk to attack.
- Lock your phones and computers: Misplacing your phone or computer can lead to data compromise. Locking your smartphones and computers can keep this at a minimum.
- Take back your data: Peradventure you already provided your personal information to social networks upon sign up, you can go to your settings and delete them. The European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) makes it mandatory for websites to allow the delete of personal data on request by the person.
- Use a good antivirus: A good antivirus will frequently scan your computer for malware or suspicious activities. They can also block you from accessing suspicious links.
It is important for African nations to start celebrating Data Privacy Day on a larger scale. The awareness from the celebration will make more Africans aware of the risks they face.