By Ebbe Kernel, data mining researcher & writer
The world has witnessed a number of high-profile data breaches over the last couple of decades. While the impact of these breaches on individuals has been seriously underreported – lives have been destroyed by identity theft and other intrusions made possible by massive data breaches – they have highlighted a serious issue.
Many of the corporations involved in these breaches; Sony, Facebook, Equifax, and Target to name just a few, aren’t exactly small fish. The fines levied on them so far in punishment have amounted to the mildest of slaps on the wrist. They have not been effective deterrence and corporate complacency continues to keep cybersecurity professionals eternally frustrated.
GDPR
The General Data Protection Regulations were bought in across the EU last year in response to repeated incidents of corporate negligence resulting in data making its way into the wrong hands. GDPR fines are levied as a percentage of a business’s earnings, and everything so far suggests they are an effective deterrent.
British Airways and Marriott
In July 2019, British Airways and Marriott found themselves on the receiving end of the largest GDPR-related fine in history, by quite a considerable margin. The Information Commissioner’s Office (ICO), the UK body that deals with data protection laws, has fined BA $230 million for a breach of data involving 500,000 customers. The fine relates to the actions of British Airways between June and September 2018.
Meanwhile, hotel chain Marriott received a proposed $123 million fine for losing the information of 339 million guests. The data loss was first reported in November 2018.
Before a final decision is made, both of the businesses will be able to respond to the allegations before any final decisions are made. Predictably, both companies say they will appeal the fines. Researchers notice we’ll continue to see such a massive data breaches in 2019.
Keeping Your Data Safe Online
Keeping your data safe and your identity secure online should be easy. However, the unfortunate reality is that no matter what steps you take, you need to trust a business to look after your data properly. Fortunately, there are some things you can do that will hugely reduce your chances of having your data stolen and will enable you to avoid the most obvious traps.
Spotting a Fake Website or Email
Phishing attacks are a type of cyberattack that direct victims towards a malicious page that looks legitimate. Targets enter their login information, thinking they can log in to the service, and this is then passed on to the criminals. The most sophisticated phishing attacks can be very difficult to discern.
The most obvious sign that an email is a phishing email is that the address is spelled incorrectly or utilizes the incorrect suffix. You should avoid clicking links in emails, especially if you aren’t expecting them. It is very easy to set up a phishing email with disguised URLs. This means that even if you check the URL target before you click, you may find yourself redirected.
You should still always check what URL shows when you hover your mouse over a link. If the website you are being directed to is clearly wrong, you can avoid it.
The content within a website is another giveaway. If you are in doubt, navigate to the website you are viewing from the homepage in your browser and make sure that the page you are looking at matches the real thing.
Finally, check for the trusty padlock in your web browser that indicates the website uses a using a secure https connection before you enter any sensitive information.
Using a Proxy
Whenever a device connects to the internet, it is assigned an IP address. By default, this IP address is easily viewable to any server that your devices connect to. Even worse, IP addresses can be traced back to specific physical addresses. An IP address is required to get online, there’s no getting around the need for one.
However, by connecting to a proxy server before you connect to an internet server, you can ask the proxy to access the website for you. From the perspective of the website server, a proxy server is connecting to it and requesting websites in the same way a laptop or smartphone would.
With this being said, you should avoid free proxy services like the plague – they are the perfect way to steal your data. If you choose to use proxies, stick to reputable paid-for services instead.
If you want to improve your online anonymity, a proxy service will enable you to obscure your IP address. You can also connect via proxy servers around the world in order to circumvent region-blocking.
Get a Password Manager
Head on over to haveibeenpwned.com and enter your existing email address. Try a few of your previous addresses as well and see if any results come up. This website will inform you if your details are found in any hacked databases.
If any results do turn up, immediately change your password for that account and any other accounts that might have used the same password. This is a neat illustration of how a single breach can reveal the login credentials for multiple accounts.
The best solution to this problem is to use a password manager. There are lots of free and open-source options, and yes, in this case, you can trust the free options. Open source means that their source code is audited, vulnerabilities fixed, and minimal chance for any malicious activity.
Two-Factor Authentication
Two-factor authentication is an increasingly common security measure that you should take advantage of whenever you can. What this usually means is that an email or text will be sent to you with an activation code every time you log in. This means you need access to the code as well as the account password. Some 2-FA systems utilize a code-generating app like authy instead.
Staying safe online is mostly a case of exercising common sense. As long as you steer well clear of any websites that you aren’t completely certain about, or which are being presented from unknown sources. If someone you know sends you a strange-looking email with an unexpected attachment or link, confirm it is genuine before letting your guard down.
As long as you stick to the advice above, you can at least feel a little safer online.
About the Author
Ebbe is the data mining researcher & cybersecurity writer. He believes in data power and everyone’s freedom to become a self-starter. Also, he is here to help you stay anonymous online. Ebbe can be reached online at [email protected].
