Data snatchers - With cyber crime on the rise, what can you do to protect yourself?

IN AMONGST the human tragedy of the ongoing war in Ukraine, we have been hearing repeated warnings about the associated heightened cyber-threat – both for us as citizens and for businesses.

Words have such power and I am often struck by how much they influence our attitudes to all sorts of things. Data is no exception and the language used does not always help us engage. The use of the word ‘cyber’ is a case in point.

It is a word we hear all the time – mostly in relation to cybersecurity. It can be interesting and/or helpful to look at word origins, and the word cybersecurity seems to date back to the late 1980s.

The word cyber itself originated from cybernetics which, in the 1940s, arose as a study of systems of communication and control between human and machine. That word in turn derived from the Greek kubernetes, meaning piloting or steering.

It is often now used to describe anything internet-related (although I am sure IT professionals may baulk at that).

The New York Times magazine, in 1995, said: ‘Cyber is such a perfect prefix. Because nobody has any idea what it means, it can be grafted onto any old word to make it seem new, cool – and therefore strange, spooky.’ And I think that is, to a large degree, exactly the same today.

That may, on the face of it, seem unproblematic but it does have consequences. Perhaps most importantly, it risks alienating most of the population, many of whom think of it as something that exists in a sci-fi movie (probably starring Arnold Schwarzenegger) or as the sole preserve of ‘IT people’.

One of the most important things we can all do is really start to understand that data about people is valuable. For some of you that may be obvious, especially if you are working in an environment that relies heavily on data. For others, this will feel less intuitive because data is essentially intangible. We cannot relate to it as a ‘thing’ in the way we can say a car or a house. Nonetheless, it is the case that data is now powering our lives and our economies.

So let’s strip away the language that can so often be a hindrance. Cybersecurity is about protecting your computer systems, devices, networks and information. So much of our lives are online now, both personally and professionally, but we often fail to think carefully about the value of our data or the harms it has the potential to inflict.

If it’s your own information, there may be some of it that you are happy to make public (e.g. social media posts). But there is also likely to be a great deal of information that you would not be at all happy making public – such as your medical records.

We at the Office of the Data Protection Authority are not here to tell you what you should do, but we do want to encourage you to appreciate the value of your information as well as the consequences and the potential risks if it’s mishandled.

Use of words such as ‘cyber’ may also have the effect of making you feel powerless. You are not. There are lots of things we can all do to better protect our data, ourselves and our businesses.

For citizens

Always think about the personal information you are being asked to share, whether that’s by phone, email or messaging.

Do you know and trust the person or organisation?

Are you clear about what they want, why they want it and what they intend to do with it?

If you use social media platforms, think carefully about what you post publicly. Once something is published online it can often be difficult to get it removed. You may want to use private groups for chats with friends and always take time to go through your privacy settings.

If you use apps on your phone or tablet, only give them the permissions YOU want them to have. Do you want them to be able to access your photos, contacts, microphone, location etc? If not, then make sure you adjust the settings accordingly. The important thing is, it is your choice.

Take care when using public Wi-Fi hotspots because this may increase the risk of hacking.

You may want to use bookmarks for websites you use often to avoid landing on fraudulent sites which can look very convincing.

Invest as much time and thought into making your home Wi-Fi as secure as you do your home. Don’t make it easy for hackers.

An increasing number of us have smart devices (such as speakers, TVs) in our homes… our most private spaces. Think about what privacy settings you want and disable the features you do not want.

For organisations

Build data security into your organisational culture and ensure all staff are aware of the risks and

the key role they play in mitigating them.

Regularly review your software (including antivirus) and ensure it is updated.

Staff working from home can present new/additional risks. Think about those risks and put things in place to mitigate them as best you can.

Don’t leave your disaster recovery plan gathering dust on the shelf. Make sure it actually works.

Strong passwords and multi-factor authentication (MFA) are essential.

If you are relying on other people/companies to look after or process personal data, make sure you know them, trust them, and have a robust written agreement in place.

There are so many plates spinning if you run a business, so get advice from a trusted source if you have concerns or need help.

It is in everyone’s interests to protect the Bailiwick, its people and its business community from data security threats.

If we think about cyber security and data protection as people protection, we better understand that we cannot afford to feel disempowered.

We would not let items of value that we own be used/misused/exploited.

It’s time we took the same view with our personal data.