Powering Up Your Privacy

As we move further into the ever-expanding ‘digital age’, businesses collect and process more personal data, and systems within and between businesses are also becoming more interconnected. While there are benefits to this, including better processing of customer requests and improved speed to market, an individual’s ability to control their personal data is getting harder.

To help individuals, businesses, and government agencies safeguard personal information, this year the focus of Privacy Awareness Week is on ‘Powering up your Privacy’ with a focus on key principles of Transparency, Accountability, and Security. To help you take a pro-active approach to privacy, below are several actions you can apply.

Transparency

Transparency is about understanding what information is being asked for its intended usage and when it is being gathered.

Individuals

Be aware of data collection policies, these now apply to many of the technologies we surround ourselves with (yes, your TV has a privacy policy as it gathers usage data).

Limit data sharing where it is not appropriate. Does that job application really need your full physical address before the interview or will a postcode suffice for statistical review?

Review app permission requests and deny items that may be superfluous. Not all apps need access to cameras, microphones, or file stores. You can remove these permissions.

Businesses and agencies

Ensure privacy policies are up to date with legislation and are understandable. Policies need to be clear on what is being gathered, what you intend to do with it, and whom (if anyone) you intend to share the information with.

Perform information lifecycle reviews and clean-up. Yes, there is legislation that says data must be achieved for set periods of time, but does this cover all data that was captured? If the data is no longer relevant to the intent it was gathered for, should you keep hold of it?

Accountability

Privacy is a fundamental human right. In Australia, abuse of privacy rights is taken very seriously. Everyone should be aware of how their private data is being managed and stored, and organisations must focus on effective management strategies to protect sensitive data. If privacy governance is not well managed, it's easy to see how recent breaches have been able to occur.

Individuals

No, Jimmy Fallon did not have his mind blown when Hugh Jackman ‘showed’ him how to make $10k in 10 minutes live on TV – this has never actually happened! Look at the source of the advertiser or organisation. If it seems dodgy, it likely is.

Review privacy policies when accepting services. Is the policy robust or one-sentence fluff? If you have doubts, ask or walk away.

Informed consent is your right but also your responsibility. You need to understand the risks or consequences of providing personal information at the time of making a decision.

New technology can be very exciting, but be aware that you need to be more careful with the data provided as technologies grow. Who really owns the input data and subsequent output from a ChatGPT query?

Businesses and agencies

Identify your information assets (this includes email systems) and audit on a regular basis. Focus audits on security practices and intrusion prevention

Design and maintain an IT asset register and ensure vulnerability scanning and patching policies are up to date.

Show strong leadership and educate your organisation on their privacy responsibility. This will support a cultural shift at all levels toward a privacy culture. Remember everyone is responsible for security in your organisation, not just the IT Security Team.

Security

Keeping your data private boils down to the steps that you take to protect it. Security is about understanding what tools you have in your toolbelt, and how and when to apply them.

Individuals

Use passphrases for logins instead of passwords. String 4 to 5 random words together, put a number and a symbol between a couple of them, capitalise one, and you have a 15+ character passphrase. Here’s one created from the words rain, finger, apricot, and lock - ‘rain%Finger4apricotlock’.

Get a personal VPN (Nors, Surfshark, PIA, ExpressVpn, etc) and use it especially if connecting to a public wi-fi. This includes connection devices to café, airport, shopping centre, or hotel wi-fi. This list is not limited.

Enable multi-factor authentication where possible. Yes, it can be annoying to have to go and get another number to enter after a passphrase but if it's that standing between an attacker and your bank balance…

Be aware of what you share on social media. Data can be stolen from the QR code seen in the photo of the boarding pass taken at the departure lounge for the trip you’re on to Fiji. This also tells people that you will not be at your house for a while.

Heighten privacy settings on social media. Limit post views to friends only.

Businesses and agencies

Manage awareness and educate staff and customers on impersonation scams. This also includes internal staff impersonations for password resets.

Review cyber mitigation strategies and ensure preventative and detective control processes are being run properly and regularly. Implement least privilege and zero trust models across the enterprise.

Work with your business to understand what data is being communicated out of the environment. How is this transacted, who with, and what is the end user expected to do with it? This will lead to the implementation of a robust Data Loss Prevention strategy.

Encrypt data at rest and in transit. Limit access to sensitive data to those who need to know only, ensuring separation of duty between data collection and data usage.

Partner with Cyber Security experts at Terra Firma so we can help you uplift and strengthen your environment.

Conclusion

There is a lot to think about when it comes to ensuring your personal data is kept private. If you can ‘Power up your Privacy’ by employing key principles of Transparency, Accountability, and Security, you’ll be doing your part to create a safer digital environment.

Author: David Brent