Knowledge is power. It always has been, from politics to science to culture, in all spheres of society. Knowledge, information, allows us to make decisions, to analyse what may happen in the future and to be prepared. Throughout history, the watchword has not changed. In a digital world, we must protect data more than ever.
In the midst of digital transformation, data helps us to improve the efficiency of industries’ production or open up new markets and business niches. The connectivity and analysis of massive data provided by Big Data technology, in addition to the development of Industry 4.0, has also enabled an immense qualitative leap in other sectors such as health, improving diagnoses and personalising treatments to increase their effectiveness, or creating platforms to optimise the management of cities, mobility, segmenting audiences according to their tastes, ages or location, their habitual purchases, etc.
There are so many advantages to the use of large-scale information that the data has attracted the attention of cybercriminals. Cyber-attacks aimed at data theft not only entail significant economic losses for companies, even for public administrations. They also damage the reputation and trust of customers, consumers and citizens in general, blowing up a reputation that has been built up over the years.
Data breaches: bigger and with greater impact
Personal data breaches are having a growing impact on business economics. During the first five months of 2021 alone, the Spanish Data Protection Agency, AEPD, handled more than 700 reported data breaches in the first five months of 2021, with the majority of these attacks involving ransomware viruses. This type of malicious software hijacks the information of companies, organisations and individuals, blocking their access until a ransom is paid by the cybercriminal.
Meanwhile, according to data provided by Atlas VPN, almost 6 billion user accounts of online services were affected by data breaches suffered during 2021 worldwide. The cybersecurity firm points to February of that year as the worst of all, with what is considered to be the largest data breach in history: COMB, which stands for ‘compilation of many (security) breaches’. This is the sum of many leaks that left some 3.2 billion emails and their passwords in the open.
Protecting rights and freedoms
After the Covid-19 crisis, companies, and users themselves, have seen how digitalisation has increased the number of connected devices and, consequently, the entry point for cybercriminals has also grown. Telefónica highlights cybersecurity as one of the main systemic risks that our digital society must face. The company understands the elements of prevention, detection and response as a complete cycle that must include all the actors in this value chain, and they propose the need to develop regulatory measures that involve the incorporation of the principle of “security by design”.
The main objective is to reduce security risks in companies with fewer resources and less preparedness to deal with vulnerabilities. An effort that must add up, not only to investment in technology, but also in awareness and training of employees, customers and users.
The result of this type of incident is the accidental or unlawful destruction, loss or alteration of personal data processed by a data controller, or unauthorised communication or access to them.
Thus, as the AEPD reminds us, it can cause physical, material or immaterial damage and harm to persons. This is why it is so important to put all possible resources into protecting personal data. Failure to do so may jeopardise the rights and freedoms of individuals.
Companies’ commitment to security
The National Institute of Cybersecurity, INCIBE, offers some advice focused on all types of companies, with the aim of helping them to establish a series of basic security measures to protect their clients and collaborators. Something that can also be applied to the private sphere, especially now with teleworking or hybrid models.
The first thing to remember is the importance of keeping systems up to date and free of viruses and vulnerabilities, and making employees aware of the correct use of the company’s systems and resources. Other tips include the use of secure https protocols for websites and payment gateways in the case of online shops, as well as the implementation of correct authentication mechanisms, communicating passwords to customers in a secure way and storing them encrypted, ensuring that only the customer can retrieve and change them.
The agency also recalls that the use of trust seals or badges indicates the implementation of security measures and reinforces the company’s commitment to ethical codes.
The measures taken by companies and public administrations to protect people’s data also help to promote a safe Internet, especially for children. As INCIBE’s channel specialising in cybersecurity for children, Internet Segura for Kids, IS4K, reminds us, the internet should be “a place of opportunities for children and young people, where they can create, participate and share in a positive and free way”. A space where we can all contribute and where children and young people can enjoy the positive opportunities offered by technology, a space where they can “create, participate and share through the Internet” and where adults help them to use it “responsibly, respectfully and critically”.