All week we’ve been sharing snippets and details on social media about different aspects of data privacy your business should be mindful of. Along with best practices for keeping your data secure, we’ve got explanations for terminology you’ve probably heard, but never fully thought to understand.
COOKIES
Cookies are bite-sized batches of data placed on your computer while web browsing.
Before you “Accept All,” you have the right to
- Restrict, revoke, or refuse cookies
- Understand why cookies are used
- Acknowledge the information being collected
- Know how & with whom the data is being shared with
- Delete cookies
According to the General Data Protection Regulations, websites must
- Indicate the Cookies They Use
- Get Your Consent
before installing cookies on your browser or device.
THIRD-PARTY:
Becoming increasingly a privacy concern, Third-Party Cookies enable external companies to monitor how well their ads are performing on the sites you visit. For example, if you are browsing a clothing store website but click an ad for a jewelry store, the jewelry store company will place a cookie on your computer.
MARKETING:
Less invasive than Third-Party Cookies, these data bites show you ads relevant to you in an effort to improve your web browsing experience.
SESSION:
Only lasting as long as you have the website or browser open, Session Cookies are never stored on your computer. These cookies allow users to utilize shopping carts on ecommerce sites or browse without reentering the same information. The data collection only lasts until you close the tab or leave the site.
PERSISTENT:
Similar to Session Cookies, Persistent Cookies allow you to pick up where you left off on the last browsing session with information such as login credentials, your shopping wishlist, or recently viewed products. These cookies remain on your computer for a specified period of time before disappearing.
FIRST-PARTY:
Utilized to improve the overall functionality of a website, First-Party Cookies do not track your browsing habits or additional websites you visit. These cookies are set by the website owner and stay on your device making it easier to use that website during your next session.
DATA PRIVACY VS. DATA PROTECTION
Related, but not interchangeable, privacy and protection are crucial concepts to identify when it comes to your business and its data.
DATA PRIVACY…
…is the recognition and understanding of who or what parties have authorized access to your data. With privacy, the responsibility falls onto the individual user to extend or reject authorized access. By having this understanding, the user’s data is kept from being sold or shared without consent: extending the exclusive invitation to access the data.
How to change your privacy settings on your browser:
While your browser will allow you to adjust your baseline cookie settings, for each website you visit that utilizes cookies, you’ll need to adjust or accept accordingly. Before accepting privacy policies on social media, be sure you understand what and how your chosen platform collects and utilizes your data.
DATA PROTECTION…
…is the act of securing digital assets from unauthorized use. Company owners and administrators are responsible for implementing protective solutions and practices that secure data from hackers and cybercriminals, metaphorically posting a “KEEP OUT” sign.
The days of single-layer firewall protection are behind us. Layering is the key to protecting your business and devices from becoming vulnerable to a malicious threat. According to Verizon’s 2022 Data Breach Investigation Report, 82% of breaches involve the human element including social attacks, errors, and misuse.
DATA BREACHES
Major companies like T-Mobile, Norton LifeLock, and MailChimp are 2023's early targets of data breaches. A data breach is a security incident in which an unauthorized party takes or steals protected or confidential information without the consent of the system owner/user.
T-MOBILE JANUARY 2023:
In November 2022, over 37 million customers' information like names, emails, and birthdays was stolen by a malicious actor. The phone giant is already reeling from a $350 million settlement they are paying customers after an August 2021 breach. This newest breach will cost them even more.
MAILCHIMP JANUARY 2023:
Using a social engineering attack, hackers gained access to employee information and credentials. Off to a rocky start in 2023, MailChimp suffered from breaches in April and August 2022. The email marketing platform is still working through its investigations to halt any further hacking attempts.
NORTON LIFELOCK 2023:
Following a "stuffing" attack, 6,000 customer accounts were breached with login credentials like passwords hacked. This type of attack utilizes previously compromised passwords to gain access to shared password accounts. Accounts with multi-factor authentication were able to avoid the breach given that more than a password is needed to access information.
How can you avoid a breach?
- Enable Multi-Factor Authentication to require a more intensive process when logging into accounts with sensitive data.
- Utilize an Endpoint Detection and Response solution that provides a proactive defense with real-time monitoring and detection of unknown elements anti-virus can’t protect against.
- Implement Adaptive Security Training for your employees to help them recognize and understand what cyberattacks (like phishing) can look like coming through your inbox.