Data Privacy Day 2017 arrives on January 28th, highlighting how technology is impacting our ability to maintain privacy while underscoring the importance of protecting our privacy. Yet, the news all month leading up to Data Privacy Day has been anything but encouraging.
Kaspersky Labs issued a report that highlights how little we are actually doing to protect ourselves from privacy breaches. We still use passwords that are easy to crack (40% of hacks are the result of the cybercriminals guessing the password), and we don’t store our passwords securely. To top it off, 20% of us use the same password for multiple accounts while another 10% use the same password for all accounts.
It might be easy to dismiss this as a bunch of careless individuals and the management of their personal accounts, but consider that SC Magazine has reported that the expected new U.S. ‘cyber tsar’ (Rudy Giuliani) along with 13 other prospective government officials, were hacked and their passwords leaked online. SC Magazine reports that security researcher for Comaritech.com, Lee Munson, found that many of the administration’s staff, “have reportedly been using the same password across a number of different accounts”. Then, there is the speculation that Sean Spicer, the President’s press secretary, accidentally tweeted his password – twice.
I find these symptoms of our data security health to be quite worrying. If top officials are guilty of poor password practices, then current efforts to educate and implement proper data security are not working.
These are interesting times, and Data Privacy Day needs to be observed by everyone and every organization. While proper protection for personally identifiable information (PII), payment card information (PCI), and protected health information (PHI) is a multi-faceted challenge, at the very least, it is important to embed into everyone’s mind that they must manage their passwords safely. Mistakes can be costly both personally and to a large organization. Use Data Privacy Day as another tool to help create a culture of data security.