As we celebrate Data Privacy Day, it’s good to remember that at the center of information security there exists an ongoing effort to protect confidential information. Cybercriminals are constantly on the offensive, using a variety of tactics in hopes of stealing data and, by extension, money. Here’s a brief overview of what’s at stake, how it’s vulnerable, and what you can do to help ensure the privacy and security of data.

THE TYPE OF DATA AT STAKE

On a personal level, home addresses, full names, birthdates, banking numbers, and national ID numbers are just a few examples of data that cybercriminals seek out. For colleges and universities, that means personal and financial information about students, alumni, faculty, and staff such as grades, social security numbers, and bank account information is all at stake, as well as valuable intellectual property, research, and patient medical data commonly available at these institutions. Student loan identity theft is a growing area of concern.

HOW DATA GETS STOLEN

In some cases, data theft involves highly sophisticated cyberattacks using ransomware and phishing emails. In most cases, criminals use social engineering — emotional manipulation tactics designed to mislead people into doing something they shouldn’t. Human error, such as misconfiguring network settings, accidentally leaking information, and using weak passwords, are also common contributors to data theft.

YOUR ROLE IN PROTECTING DATA

Whenever you’re granted access to sensitive information, you become responsible for its privacy and security. While data protection involves many factors, here are some basic guidelines:

  • Always follow policy. Organizational policies exist, in part, to help ensure confidential information remains confidential. (UD Information Security Policy, Secure UD)
  • Use strong, unique passwords. The longer the password, the harder it is to crack. Make sure every account gets its own unique password.
  • Avoid assumptions. You can prevent social engineering attacks by not assuming someone is who they claim and by using situational awareness.
  • Learn the warning signs. Phishing attacks can be identified by common signs like unfamiliar tone or greeting, bad grammar, urgent or threatening language, unusual requests, and random links or attachments. Also use caution when opening an email from an unknown sender or unusual domain.
  • Ask questions. If you need clarification on anything, or are simply curious to learn more about protecting data, please ask!
  • Report security incidents immediately. If you see something, say something. The longer an incident goes unreported, the more harm it could cause. (UD Information Security Event Reporting)

Also, review these additional best practices for computer and information security.