Every Day Should Be Data Protection Day
Monday the 28th January marks this year’s Data Protection Day (or Data Privacy Day in the States), which is a reminder to everyone about the importance of protection in our data-driven world. It’s great to have a ‘day’ to focus awareness on such an important subject, although we reckon you should be thinking about data protection every day! Websites are at the sharp edge when it comes to the controlling and processing of personally identifiable information (PII), therefore it is vital to be proactive when it comes to cyber security. This is both from the website perspective, and from the website user’s perspective.
The General Data Protection Regulations came into force in 2018 to help protect individual’s personally identifiable information and prevent the use of data where no legal basis for processing exists. It is illegal to use someone’s data (either directly or through sharing) without their explicit consent. (There are many facets to the consent element of the regulation - you can divulge the lot here). Have you updated your website policies to take into account GDPR? Are you still emailing people, yet you can’t demonstrate consent? GDPR gives all of us the right to the protection of our data, you can ask any business that communicates with you or you believe holds your data, where and when they got it and you have the right for it to be deleted. The Information Commissioners Office (ICO) are ready to fine any business breaching GDPR – you can check out the fines they’ve been dishing out here.
Phishing & Malware
Phishing for data is extremely rife and can occur by email, by phone or by spoof websites – you really have to take the approach to never respond to a request where you provide PII and passwords when asked. If you choose to log in somewhere, don’t follow a link, go directly to the site and never disclose your access credentials. Be wary of emails that come from someone you know, but you get the feeling that something isn’t right, e.g. their use of language or the fact that they’ve emailed you at all! This can mean their email has been compromised or spoofed and you are being phished. Always use a virus scanner and firewall to protect your computer, as this reduces the chance of receiving phishing emails. Having a scanner on your computer means that you have a better chance of detecting and blocking a virus that may have found its way onto a website or email attachment.
The bulk of hacking actually follows phishing, where the back-end of a website is compromised because passwords were obtained. Once the hacker has access to the website they can place Malware and other content to cause problems. It’s always best to keep passwords secure using Keypass or some other vault type of password database rather than saved on the device, and be vigilant to avoid phishing!
The very basic of measures that should be in place on all websites is data encryption using a HTTPS secure certificate. All websites should have one – don’t trust a website without one! This means that all information shared with or from the website is encrypted. Websites that are not HTTPS do not carry a padlock next to the domain name in the address bar, and in its place are the words ‘Not Secure’ on desktop. Any website that is not HTTPS is not being properly updated, be wary of submitting any personal data (even email addresses) to these sites.
As well as HTTPS security it is important to keep your website code up to date because over time vulnerabilities will be exposed by hackers. We build a lot of WordPress Websites using our Air Websites system and WordPress is especially vulnerable, we say it’s what the next generation of hackers are practicing on. We use a great plug-in called WordFence which blocks IP addresses that attempt to hack WordPress and you would be gobsmacked at the number of daily attempts we see at breaking into our client sites. We keep all WordPress software up to date on a monthly basis, and we make over 120 updates per year to every client site we build using Air Websites to ensure they are keeping their client’s data safe.
Cyber Security is often overlooked until there is a breach, until someone gets their data stolen – don’t let this happen to you. If you own a website make sure it is secure and you are using people’s data properly. If you are using the internet be smart, be vigilant and be safe!
Was this post helpful? Help others by sharing it