The 28th of January is Data Privacy Day (or as it is widely known in Europe, Data Protection Day), and it also marks the conclusion of the first-ever International Data Privacy Week.
The goal of Data Privacy Week is to spread awareness about online privacy and educate users on managing their personal information. The day also encourages businesses to be more transparent about how they gather consumers’ data and how they use it.
South Africa is experiencing a rise in cybercrime and people are naturally becoming more concerned with how businesses use their data. A study conducted by the University of South Africa found that 83% of the respondents are concerned about protecting their data. Furthermore, 94% were especially worried about safeguarding their identity.
“Businesses are aware of customers’ growing concerns about data privacy and are responding accordingly,” says Riaan de Villiers, business analyst at LAWtrust Information Security. Many businesses take privacy and data security seriously, but individuals also play an important role in protecting their data. De Villiers offers some steps that individuals can take to protect their privacy online:
Make informed decisions about what can access your personal info
Many websites and mobile applications request permission to access your personal information in exchange for using their services, but few users fully understand the significance of such trade-offs.
“Some say data is as valuable or more valuable than oil. Your data certainly has value for businesses,” explains de Villiers.
Consider the amount of personal information they ask for and weigh it against the benefits you may receive in return. Be wary of applications that seem to be overstepping. There is no reason a simple game needs access to your contacts, messages, photo gallery or location. Ensure every app or website you use only has access to the information required for their services. In addition, uninstall apps you no longer use and keep your apps and software up to date to protect yourself against vulnerabilities.
2. Stay in charge – use your privacy settings
Check the privacy and security settings on web services and applications that you use. Once you are satisfied with their security measures, decide how much and what you would like to share. Furthermore, your mobile device and browser are now designed with privacy in mind and offer various levels of privacy settings to help you stay in charge.
3. Protect your data – update to stronger passwords
Data privacy and data security are intertwined. Adopting good security habits can help protect your privacy. Choosing strong, unique passwords for your applications and services is a good start. According to Statista, passwords that are at least eight letters long and combine an uppercase with a number and special characters are the hardest to crack – even for machines. Consider using multi-factor authentication (MFA) as an additional security layer, which can block up to 99.99% of automated assaults even in the case of a data breach.
However, individual responsibility does not absolve businesses of their responsibility vis-a-vis customers. The South African POPI Act is not without teeth. Companies face fines of up to R10 million or jail time for non-compliance.
“Instead of fearing punishment, businesses should focus on the benefits. Globally, companies that protect the privacy of their customers see it as a competitive advantage, and it helps to limit the damage caused by breaches,” concludes de Villiers.
Remember the 3-2-1-1-0 backup rule
From strengthening defences against ransomware to training employees in regulatory compliance, a vital part of any Modern Data Protection strategy is the ability to backup and recover data at any time. Data Protection leader Veeam advocates the expanded 3-2-1-1-0 backup rule as its best practice that all businesses should follow in 2022.
3: Maintain at least three copies of your data
In addition to your primary data, you should also have at least two more backup files for sufficient protection.
The chances of something going wrong on three devices at the same time is much smaller than two devices, especially when the primary backup is often situated close to the primary data. In the event of a disaster, the primary data and primary backup might be lost. The secondary backup should be situated away from the primary data as a contingency for when disaster strikes.
2: Store backups on two different forms of media
It is recommended that you store one of your backup copies on an internal hard disk drive and the other copy on removable storage media – for example, tape, external hard disk drives, cloud storage, etc.
Storing both copies of your backup on the same type of storage media increases the chance of losing all your backup data if an outage or cyber-attack affecting data stored on a specific media format occurs.
Alternatively, store your primary backup on internal hard disk drives of a physical server and the secondary backup on internal hard disk drives of a NAS where the hard disk drives on both systems are of a different brand, size and type.
1: Store at least one backup copy offsite
Keep at least one backup copy away from the physical location where the primary data and primary backup is located. It is recommended that you do not keep your second copy at the same physical location. This is because in the event of a disaster such as a fire or flooding, everything in that one location could be destroyed. If you stored your primary data, primary backup and secondary backup all in this same facility, it is lost forever.
For businesses without multiple sites, you can store a copy of your backup data in a private cloud via a service provider or in the public cloud.
1: Store at least one copy offline
It is recommended to keep at least one backup copy offline – disconnected from the network and away from any IT infrastructure. Examples of offline media include rotating external USB-disks, tape, and object storage with immutability.
If a hacker successfully gains access to your IT environment, everything on the network is potentially vulnerable. To fully protect data, keep an offline copy, protected using an encryption key, to prevent external or insider threats from interfering with it via the network. This is commonly referred to as an air-gapped backup.
0: Make sure you have verified backups without errors
Backups are only as good as the process being used to verify them. Firstly, backups must be monitored daily. Check whether there are errors and solve them as soon as possible. There should be zero. Secondly, make sure you can restore data from your backups by performing restoration tests at regular, recurring intervals.
