In 2017, a writer for The Economist made waves by claiming that data was now more precious than oil. Others have agreed. They’ve argued the value of data beats both gold and money. At the same time, we are giving it more and more of it away for free.
Why? Well, more of us feel comfortable trading private data for online convenience. Experian’s 2019 Global Identity and Fraud Report found that 63 percent of Americans were willing to share medical data for login ease. It also found 70 percent were willing to share to help apps provide them with better service.
Those consumers wanted more than login ease. And some shared data so that the apps could make their accounts safer from hackers. In all these cases, users share personal information as the price of admission. Researchers call this a “pragmatic” trade-off. First, consumers look for the perks of handing over data. Then, if they derive value from the app, they contribute data. Consumers still want to enjoy the rewards of these applications. They just don’t want to worry their data is falling into the wrong hands.
We live with increasing data security threats. But there are also practical moves we can make as we venture into the new data economy.
Here are the four biggest trends in data security. There are also five key ways you can protect yourself.
Cybersecurity Awareness is Growing
With more data out there, keeping it safe has gone mainstream.
Privacy startups are sprouting up, competing to help users keep their data private. They advocate vaults, data assistants, and protocols to help users control sensitive data. Tech giants are also trying to keep customers happy with new privacy policies.
By summer 2021, Apple began asking permission for apps in its store to track users. But most users were unwilling. In fact, 96 percent declined to opt-in. In 2022, Android users will see privacy labels on their apps, too.
Data Awareness Grows
Some timely events spurred our cautious behavior:
- Police used facial recognition software and cell phone location data at protests. At Black Lives Matter and U.S. Capitol protests, arrests relied on this data. Both sparked debates about surveillance.
- California spent its first year with a new data privacy law. Golden State residents could request the data companies hold on them. Many did. They saw the kind of data companies had collected on them, which served as a wake-up call.
- The Federal Covid Data Privacy Act raised questions about health and location data. Contact tracing apps used both. They checked transmission and social distancing compliance. But many people were skeptical. A Washington Post and University of Maryland survey found only 17 percent of Americans said they would “definitely” use tracing apps.
- According to the Cognyte Cyberthreat Intelligence Research Center, more than 60 percent of companies suffered a ransomware attack last year. That is double the number of the year before.
- Remote workforce companies to see more potential risks at higher costs. Average data breach costs soared during 2020 and 2021 to $26,659 per incident.
The more people become aware of holes in their privacy, the more they demand lawmakers’ help. Protections are emerging. But global rules need global enforcement. That makes consistent standards tough to achieve.
Legal Advances on Data Privacy
Most laws stem from one landmark legislation. The European Parliament introduced its General Data Protection Regulation in 2018. GDPR replaced a loose patchwork of national laws.
The law heralded an era of similar legislation in other countries.
In the U.S., California’s Data Privacy Act was the first in the US, but more states followed. Colorado and Virginia have also passed broad laws. Increasing legislation is one of the most common current data privacy trends. Other states are also working toward passing laws. Commonly proposed provisions are the right to access, opt-in, and the right to delete your own data.
This year, legislators reintroduced the Data Protection Act in Congress. It seeks to establish a personal data protection agency for Americans. We’re not there yet. But its introduction shows a desire to fix internet privacy at the federal level.
Other countries followed digital privacy trends. For example, Brazil started enforcing its own data law. It now covers 2,000,000 people. Asian countries also passed laws defining privacy protections. This year, countries like Japan, South Korea, and Singapore made updates to their existing laws.
People welcomed privacy laws. Companies were not so sure. For years, they struggled to comply. They were aided by slow initial enforcement. But by 2021, hefty fines, like Amazon’s €746,000,000 fine, put companies on the alert. News of the penalties also means data privacy trends drive even more demand for company accountability.
Privacy laws are not going away. By 2022, privacy laws will cover half the world’s people.
Cybersecurity Threats are Shifting
Cyber threats have changed in the past two years. Remote work has strained network use. There is now more sensitive data than ever flying across the internet. At the same time, data has become more vital to companies. They are investing in storing it, using it, and sharing it. It has become a prime target.
Here are the biggest threats:
Cybercriminals and Hackers
In July 2021, T-Mobile announced a data breach. The scope of the leak was unprecedented.
Fifty million customers had their data leaked. And that wasn’t the only big breach. T-Mobile victims are one-sixth of the global total so far in 2021. By September, 281,000,000 were affected. That’s 85 percent of the U.S. population.
For the first time, the president spoke about cybersecurity. He called it a national security priority.
But attacks continued.
In February, hackers accessed the water treatment system in Oldsmar, Florida. They were able to add dangerous amounts of lye to the local water supply.
In May, hackers compromised the Colonel Pipeline. They cut off the gasoline supply to the East Coast. It meant oil and jet fuel could not get to stations as far away as New York. Colonial eventually paid $5,000,000 in bitcoin to regain access. Most of that money has been recovered by the FBI.
Another cyberattack disabled a hospital database system in San Diego. Scripps Health lost records for nearly 150,000 patients to hackers. Patient records, social security numbers, driver’s licenses, and names were all leaked.
Ransomware is the most common attack.
It starts when hackers hold computers or data hostage and demand cash. Many companies choose to pay up. After all, they need their computers. Most companies cannot afford to have systems locked down for days or weeks.
A notable 2021 attack involved IT service Kaseya. As a service provider, the company had access to many of its customers’ computers. This meant that hacking into Kaseya got hackers into 800-1500 other companies’ computers.
This “supply chain” attack was a warning to other companies. Ransomware affected the targeted company. But it also targeted all companies who do business in their network. Even those companies’ customers could succumb.
Ransomware attacks rose 158 percent in the US between 2019 and 2020, and in 2021 they show no signs of slowing. For organizations, that has meant leaps forward in data security awareness. Cybersecurity experts have learned the value of keeping systems updated. They have also developed plans for what to do (besides paying a steep ransom) when systems go down.
Third-Party Cookies and Trackers
Ad services put third-party cookies on your computer. When you visit sites, cookies track your movements. When you visit a new site, you may see ads for a site you visited long ago. That’s the magic of third-party cookies.
Advertisers like third-party cookies. After all, data from tracking helps them deliver ads they believe you’ll like. The trade-off is that cookies will follow you around the internet, collecting data on you. Where you go, what you click, and where you live are all up for grabs.
But as new laws make companies ask for permission to use them, more browsers are phasing them out. Browser teams are replacing them with other trackers.
We’re seeing more digital options like Google’s Federated Learning of Cohorts. This tracking system groups users with similar interests into groups. FLoC lets the Chrome browser collect and sell data. However, that data is about multiple people. It does not identify individual users.
Another future option comes from Universal ID 2.0. It’s an open-source project helping anonymize user data. Using a single provided email address, the service encrypts all personal data.
In the coming years, you’ll still see first-party cookies from websites you have visited. When shopping or browsing, ads reminding you where you have been can follow you to other sites. Without third-party cookies, companies will have to keep track of their own customers.
Ironically, this could put users at risk since it involves companies storing more data than ever. In any event, users will have some say in who collects their data and which sites they wish to exclude.
The Rise of IoT
The Internet of Things (IoT) is here to stay. A few years ago, the IoT industry reached $100,000,000,000. According to Statista, it is set to reach eight times that by 2025. That’s big. What does it really look like? Picture adding over 100 gadgets to our networks every second.
IoT devices are a growing cybersecurity concern. For one, they come with weak password protection. Many users fell victim to hacking in 2016 because of this weakness. Mirai malware program logged on to IoT cameras using common usernames and passwords. The result? Four hundred thousand devices because “enslaved zombies” doing the malware’s bidding. The malware disabled Amazon Web Services and many corporate clients.
Yet, the attack did not help raise cybersecurity awareness around IoT devices. The numbers are rising. In the first half of 2021, $1,510,000,000 billion IoT breaches occurred.
Most often, the attacks control devices and force them to mine cryptocurrency.
Make sure your home network has security since these lightweight devices don’t. Look for encryption, firewalls, or virus scanners. For even better protection, run devices on a different network than other computers. That way, an attacker gaining access to the device cannot access sensitive data on other devices.
Unsecured Web Browsing
Secure sites use an HTTPS connection. That last “S” stands for “secure.” It shows that the site owner installed a security layer certificate on their site.
The certificates are free and simple to use. They prove that the browser encrypts data flowing across that connection. Shopping sites that take credit cards should always have this security.
But visiting sites that don’t take credit cards is also a risk.
Unencrypted browsing is like having a two-way conversation in public. Anyone could be listening in. If they can hear you, they can interpret your message. In this case, your communication with a website could uncover all kinds of personal data. Using HTTPS encodes that conversation, so it is meaningless to eavesdroppers.
Don’t want your ISP or your employer to hear about it? Use a secure browser.
Cybersecurity for Beginners: Tactics You Can Use
Here are the most important steps you can take to increase your privacy online. You may want to share data. Let’s make sure you are sharing only with the organizations you choose.
Install a Privacy Browser and VPN
In many browsers, you can surf using a new window in private mode. This feature hides browsing history on a shared device. But your ISP can still track you. And the more companies you share data with, the more likely that data will be compromised.
A better way to ensure privacy is by using a browser designed for it. Privacy browsers watch for more than third-party cookies. They can see newer tracking techniques, like fingerprinting. There are plenty of free and paid browsers to help:
- Opera: The first browser with a built-in proxy. It cloaks users’ IP addresses when you are surfing.
- Epic Privacy Browser: Like Opera, a built-in proxy hides your IP address from other sites you visit.
- Firefox: Nonprofit Mozilla developed Firefox with an open-source script that users can configure. From the get-go, Firefox blocks social media trackers, cookies, and fingerprinting. You can use add-ons to beef up security and block all ad trackers.
- Tor: Developed for the U.S. Navy, Tor is the best-known privacy-focused browser. Tor uses a multiple-relay system to obscure user identity. Tor encrypts your data three times across three nodes, giving Tor high privacy marks. It also makes the browser slow.
- DuckDuckGo: It’s known for its search engine, but DuckDuckGo also has a browser, too. It blocks third-party trackers and forces an encrypted SSL connection when possible. There is also a privacy score for all the sites you visit so you can make decisions about how much data to share.
- Safari: Apple’s default browser offers private browsing. It uses DuckDuckGo for search. It also provides anti-fingerprinting protection and separates tabs into different sandboxes.
Some of these browsers encrypt communication between you and the sites you visit. But none can reach beyond the browser to secure all files you may be uploading and downloading. A Virtual Private Network does. You can use one on your computer and browse safer no matter which browser you choose.
VPNs can cover all your devices, so make sure there’s a compatible app. Check whether a VPN works well on all your devices—for example, check for iPhone compatibility.
Use a Password Manager
Many of the privacy browsers offer password managers. That’s an added perk. They can be handy. But if you have many devices, you’ll benefit from stand-alone password apps, which combine a simple user interface with strong security.
Strong random passwords are the key to security online. Experts also say to change them often. But this has real-world drawbacks. You can forget where you wrote them down. You can get confused when forced to change them every few months.
Too often, users resort to repeating passwords to keep their digital lives in order. These apps are better. Some benefits of password managers include:
- Auto-filling passwords at the sites you visit without typing them in
- Having many vaults for individual family members
- Using two-factor authentication
- Sharing encrypted passwords online
- Sharing passwords without revealing the password
- Generating random passwords with high strength
- Alerting you when sites have breaches
Enable Two-Factor or Multi-factor Authentication
Using two-factor (2FA) and multi-factor authentication (MFA) safeguards sensitive accounts best. Hackers who can get passwords for these accounts will still not be able to gain access. That makes 2FA and MFA valuable. It protects your data from phishing schemes. It also protects against large-scale data breaches.
Experts blame the lack of 2FA for the Colonial Pipeline breach. In that case, hackers were able to steal company passwords. With 2FA, they could not have done anything with them.
2FA is available for many apps. But you won’t be able to enable it across your devices and accounts. Check to see whether you can take advantage of 2FA in banking, finance, and email apps.
Use Anti-virus Software
Since 2009, Apple machines include XProtect free. Windows machines use Defender. This built-in program is great. But it’s often the first target of attackers. Many computers use it. As a result, many hackers want to find their weaknesses. That’s why Batten recommends Aura, which adds a security layer on top of built-in solutions.
Free antivirus software has other limitations, too. It helps to know how the program scans for threats.
The software uses many tools to stop malware:
- Malware databases: Built-in virus scanners look for thousands of known malware files. Companies update the databases often. But they can only document viruses they already know. Why? New malware does not end up in a database automatically. Someone must identify it. Microsoft and Apple each have their own databases.
- Heuristics: Attackers try to trick virus scanners by encrypting their files. This helps them hide from antivirus software. Enter logic-based scanners are called heuristics. Their job is to uncover suspicious files and remove them. XProtect does not use heuristics.
- Running programs in sandboxes: A sandbox separates files from the rest of the operating system. New files run in the sandbox first. Defender and XProtect use sandboxing. Apple opens files from Safari in a sandbox as well as apps from the app store.
- Machine learning: The best programs can detect new malware. This advanced tactic protects users from brand new threats. In Defender, machine learning operates in the cloud and gives instant information to users.
Macs and PCs need their own protection. A home with both will need two programs.
Sometimes these default options protect well. Others say they wish the built-in databases were larger and updated more often. Paid software can offer more. For instance, ransomware databases are often large with paid software. Paid options offer an edge in other areas, too:
- Customer service
- Better parental controls
- Better detection rates
- Bonuses like identity theft protection
Educate Yourself on Cybersecurity Threats
The pandemic saw a tidal wave of threats as remote networks emerged overnight. We are a year and a half into the new networked normal. Privacy awareness is still playing catch-up. In some ways, companies and consumers both need education on cybersecurity for beginners. Education on data security threats helps everyone add the protection they need.
Handing out data is here to stay, but so is a movement for data privacy. In the end, organizations will tempt us to share more and more. Many will offer value for our data. Many will enrich our lives.
And we will share even more in the coming decade–by 2025, we’ll have generated ten times the data we have today.
If we start securing our networks and privacy rights online now, that reality can serve us. We’ll get better apps, better information, and a more secure life in exchange for our data.
But it starts by paying attention to the online security gaps of today. Take our quiz for a personalized recommendation about your household’s online security. Learn more about Batten and how you can be prepared for a digital breach.