Today is Data Privacy Day: what, risks and numbers of the modern era and what to do

Today is Data Privacy Day or the Data Protection Day. It was established in 2006 in the Old Continent on the initiative of the Council of Europe, which set January 28 of each year as the occasion in which to sensitize the public, more than on other days, on issues of privacy and security of personal data. For some time the event has taken over worldwide reach and an ever greater importance in the light of the incessant diffusion of objects smart of all kinds, permanently connected to the network.

Data Privacy Day is an ever-current theme, indeed always more current. The consequences of an underestimation of the risks related to privacy and the data that we enter in this or that service, in this or that application, after all, increase from year to year, and can be quite painful.

According to the most recent report from the Police post and gods Cyber ​​Security Operations Centres (CNCPO), the “guardian angels” of those who use smartphones, tablets, computers, etc. on a daily basis, in 2022 almost 13,000 cyber attacks were documented in Italy, i.e. on average more than a thousand a month.

An undoubtedly high number, but difficult to appreciate for those who are not too familiar with the chronicles on privacy and risks (this is what Data Privacy Day is for, isn’t it?). There’s a second datum which combined with the first can allow anyone to weigh the danger: within a single year, therefore compared to 2021, attacks against institutions, companies and individuals are more than doubled. The increment is crazy: 12,947 cases in 2022 against 5,434 in 2021, the change is 138%.

The number of online scams: just over 15 thousand and 500 cases on December 27 last year against 15 thousand two years ago, but digging deeper the surprising figure arrives. In fact, the Postal Police reports that if in 2021 the criminals had budgeted 73 million euros next to the item scamsa bigger safe was needed in 2022: over 115 million euros (+58%) the proceeds of criminal activities, each scam yielded an average of 7,500 euros.

What do these numbers have to do with privacy and security of personal data?

The plots are many. From simple password theft – which constitute one of the main systems of protection, indeed THE guardianship system – to personal information entrusted lightly to this or that site/application – which are then used by hackers and ill-intentioned people to reset passwords and thus achieve their shady goals, from accessing home banking to telephone identity theft (the so-called sim swapwhich the rules that came into force in November hope to make it less frequent) – passing through the “simple” identity theft on social networks, complete with a request for money (the jurists would say extortionate) when trying to get your account back.

In short, underestimating the phenomenon that World Data Protection Day wants to stem with information and awareness can lead to serious trouble. The good news is that each of us already has several tools that can make life difficult for the “underworld 2.0”, and nothing complicated is needed. Indeed more than of tools it would be better to talk about niceties: just acquire, metabolize, small strategic habits to be unknowingly more attentive and live more serenely. The risk of running into a mishap is not completely eliminated, mind you, but it is reduced by a lot.

The importance of strong passwords and 2FA

Passwords are and remain the main barrier to keeping data safe. It’s one thing to have a trivial numeric key (even if different from 1 2 3 4 5 6) or name surname, another is to “complicate” it by alternating lowercase, uppercase, numbers or special characters. Someone might object by saying that a complex password is much more difficult for an attacker to guess, but it is also for us to memorize it. True, but we have a big advantage: our difficulty, i.e. that of memorizing it, is limited in time. It lasts a few days or at most a few weeks, for the bad guy on duty it will be always hard to get it right.

A tip that will never go out of style: do not use the same password, even a complex one, for all services and applications. Vary. It’s true, that’s how things get complicated; but there are reliable password managers and even those included in the operating systems of the products are valid aids, above all in the event that a data leak forces you to change all your passwords, therefore starting the learning process from scratch.

Then there’s the 2FAthe Two Factor Authentication or Two-factor authentication. It consists of an additional check carried out by the provider, the service provider, at the time of authentication and at the time it receives the password reset request. Usually an SMS is sent to the account owner’s phone number – or an email, or both and in this case we speak of Multi Factor Authentication (MFA) – with a code to be entered on the recovery screen to “prove” that the The intention to change your password is actually ours, not someone else’s with bad intentions. A very useful tool – double the security, halve the risks – with minimal impact on comfort, negligible if risks are also involved. Many have already made it compulsory, but we strongly recommend that you use it regardless of any obligation.

Free doesn’t always mean better

From a documentary on the dangers of social networks, The Social Dilemma, a maxim has come out that you have probably already heard at least once: “If you’re not paying for a product, then you are the product”. It’s already a timeless phrase in light of the direction the world is going in, a timely warning in any area and not just on social media. A free VPN isn’t always a good choice, a storage service with plenty of space that’s also free isn’t always a good choice, and so on.

So beware of those normally paid services that offer content at off-market or even zero prices. And keep your eyes peeled when registering for a servicefocused on the quantity and type of personal data requested (regulated by the European GDPR) and on the information, which we often end up snubbing in the frenzy but which we should read to learn about the relationship with the supplier and the use that this can make of the data.

Phishing and site trustworthiness

Phishing is one of the most insidious contingencies you can run into. The attacker sends a fictitious communication from a provider generally chosen among those with a good reputation – credit institutes, e-commerce or well-known shippers – in an attempt to steal the victim’s trust and induce her to enter username, password and/or personal data in a portal that looks more or less similar to the original one. Simple and profitable.

There is only one really effective way to protect yourself: pay attention. To the content of the communication sent via email or SMS (even spelling errors can be alarm bells) and then, above all, to the sender’s address or page URL: there is a discrepancy with the original email or web address always. In the worst cases it is minimal, in the best cases it is macroscopic. But there is, anyhow.

When in doubt, however, before doing anything better contact the provider asking for clarification, or alternatively even a simple web search with the key elements of communication it can make the difference between a few moments of panic and (more than a few) financial damage.

Keep devices constantly updated

The shrewdness of shrewdness. What does it cost keep your smartphone, tablet or computer updated to the latest version released by the manufacturer? Nothing, but it makes all the difference in the world. The “software updates”, which smart home devices generally install automatically, not only contain new functions – a recurring belief among the less accustomed to technology which, moreover, represents a false myth, most of them do not contain visible innovations – and in most some cases do not slow down the device, especially if it is recent or very recent – another false myth that perhaps occurs more often than the previous one.

They almost always contain security fixes, gods stopgaps to solve the holes used by the bad guys to break into those safes that are devices today and steal data, passwords, etc. Lately there has been a greater sensitivity on the part of manufacturers towards the environmental implications of a premature stop to support, so they are updated longer than a few years ago. Let’s not waste the opportunity: let’s update. And when the support ends and with it the security fixes, well, it’s time to change the device. It doesn’t necessarily have to be new, used or reconditioned is fine too. The important thing is that it still receives updates.