Cyber security and data privacy are constantly in the news. Governments inspect new cyber security laws. Companies invest in cyber security checks such as firewalls, coding and consciousness training At record levels.
And yet people lose ground about data privacy.
In 2024, the Identity Theft Resource Center reported that companies sent 1.3 billion reports to the victims of data breaches. That is more than triple the notifications that are sent the year before. It is clear that despite growing efforts, personal data agencies not only continue, but also accelerate.
What can you do about this situation? Many people consider the problem of cyber security as a technical problem. They are right: technical checks are an important part of protecting personal information, but they are not enough.
As a professor in information technology, analysis and activities at the University of Notre Dame, I study ways to protect personal privacy.
Solid personal privacy protection consists of three pillars: accessible technical checks, public awareness of the need for privacy and public policy that prioritizing personal privacy. Each plays a crucial role in protecting personal privacy. A weakness in someone endangers the entire system.
The first line of defense
Technology is the first line of defense, which monitors access to computers that store data and codes information while traveling between computers to prevent intruders from gaining access. But even the best security tools can fail when abused, incorrectly configured or ignored.
Two technical checks are especially important: coding And Multifactor -authentication (MFA). These are the backbone of digital privacy – and they work best when they are used a lot and implemented correctly.
Encryption uses complex mathematics to place sensitive data in an illegible format that can only be unlocked with the correct key. For example, your web browser uses HTTPS coding to protect your information when you visit a secure webpage. This prevents everyone on your network – or every network between you and the website – to listen to your communication. Today, Almost all web traffic is encrypted In this way.
But if we are so good at coding data on networks, why do we still suffer from all these data breaches? The reality is that coding data during transport is only part of the challenge.
Secure secure data
We must also protect data where it is stored – on phones, laptops and the servers that form cloud storage. Unfortunately, the security often falls short. Coding stored data or data at rest is not as widespread as coding data that goes from one place to another.
Although modern smartphones standard codes standard files, the same cannot be said for cloud storage or company databases. Only 10% of the organizations report The fact that at least 80% of the information they have stored in the cloud is encrypted, according to a survey from the industry from 2024. This makes a huge amount of non -coded personal information that may be exposed if attackers succeed in breaking in. Without coding, breaking into a database such as opening an unlocked archive cabinet – everything is accessible to the attacker.
Multifactor authentication is a security measure where you have to provide more than one form of verification before you get access to sensitive information. This type of authentication is more difficult to crack than just a password because it requires a combination of different types of information. It often combines something that you know, such as a password, with something you have, such as a smartphone app that can generate a verification code or with something that is part of what you are, such as a fingerprint. Correct use of multifactor -authentication Reduces the risk of compromise by 99.22%.
While 83% of the organizations required That their employees use multifactor authentication, according to a different sector research, still leaves this millions of accounts that are protected by nothing more than a password. As attackers are more advanced and theft of the faith letters remains unbridled, closing that 17% gap is not only a best practice – it is a necessity.
Multifactor authentication is one of the simplest, most effective steps that organizations can take to prevent data breaches, but the remains under -utilized. Expanding adoption could drastically reduce the number of successful attacks every year.
Consciousness gives people the knowledge they need
Even the best technology falls short when people make mistakes. Human error played a role in 68% of the 2024 data breachesAccording to a Verizon report. Organizations can reduce this risk through employee training, data – minimization – collecting only the information needed for a task and then removing it when it is no longer necessary – and strict access controls.
Policy, audits and incidentresponse plans can help organizations prepare for a possible data breach so that they can agree on the damage, see who is responsible and learn from experience. It is also important to watch against insider threats and physical infringement of the use of physical guarantees such as locking server rooms.
Public policy holds organizations responsible
Legal protection helps to keep organizations responsible to keep data protected and to control people about their data. The European Union General Data Protection Regulation is one of the most extensive privacy laws in the world. The compulsory strong data protection practices and gives people the right to access, correct and delete their personal data. And the General Data Protection Regulation has teeth: in 2023, Meta was fined € 1.2 billion (US $ 1.4 billion) when Facebook was found in violation.
Despite years of discussion, the US still does not have extensive federal privacy legislation. Various proposals have been introduced in the congressBut nobody made it over the finish line. Instead, a mix of state regulations and branch-specific rules-such as the Actability and Accountability Act of health insurance For health data and the Gramm-Leach-Bliley Act For financial institutions- Fill the openings.
Some states have have adopted their own privacy lawsBut this patchwork leaves Americans with unequal protection and creates compliance headache for companies that are active in various areas of law.
The tools, the policy and the knowledge to protect personal data exist- but the use of people and institutions are still falling short. Stronger coding, more widespread use of multifactor authentication, better training and clearer legal standards can prevent a lot of infringements. It is clear that these tools work. What is needed now is the collective will – and a united federal mandate – to place that protection.
This article is part of a Series about Datprivacy That investigates who collects your data, what and how they collect, who sells and buy your data, what they do with it and what you can do about it.
Mike Chapple is a professor in education, analyzes and operations at the University of Notre Dame.
This article has been re -published from The conversation Under a Creative Commons license. Read the Original article.
#DataPrivacy #fails #coding #MFA