Celebrate International Data Privacy Day 2019 With This Expert Advice

Dr. Rebecca Wynn offers best practices for safeguarding data and managing privacy



Rebecca Wynn
01/28/2019

Happy International Data Privacy Day! Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the January 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is observed annually on January 28th.

On January 27, 2014, the 113th U.S. Congress adopted S. Res. 337, a non-binding resolution expressing support for the designation of January 28 as "National Data Privacy Day."

The National Cyber Security Alliance (NCSA) officially leads the Data Privacy Day campaign and is advised by a distinguished advisory committee of privacy professionals to help the campaign align with the most current privacy issues in a thoughtful and meaningful way.

Data Privacy Day is the signature event in a greater privacy awareness and education effort. Year-round, NCSA educates consumers on how they can own their online presence and shows organizations how privacy is good for business. NCSA’s privacy awareness campaign is an integral component of STOP. THINK. CONNECT. ™ ‒ the global online safety, security and privacy campaign.

Advice For Businesses: Privacy Is Good

Create a culture of privacy in your organization. Educate employees on the importance and impact of protecting consumer and employee information as well as the role they play in keeping it safe. 

Top Three Tips to Build Trust:

  1. If you collect it, protect it. Follow reasonable security measures to keep individuals' personal information safe from inappropriate and unauthorized access.
  2. Be open and honest about how you collect, use and share consumers' personal information. Think about how the consumer may expect their data to be used, and design settings to protect their information by default.
  3. Build trust by doing what you say you will do. Communicate clearly and concisely to the public what privacy means to your organization and the steps you take to achieve and maintain privacy.

Advice For All Of Us: Safeguard Your Data And Manage Your Privacy

Personal info is like money: Value it. Protect it. Information about you, such as your purchase history or location, has value ‒ just like money.

  • Share with care. Think before posting about yourself and others online. Consider what it reveals, who might see it and how it could be perceived now and in the future.

  • Own your online presence. Set the privacy and security settings on websites and apps to your comfort level for information sharing. Each device, application or browser you use will have different features to limit how and with whom you share information.

  • Lock down your login: Your usernames and passwords are not enough to protect key accounts like email, banking and social media. Strengthen online accounts and use strong authentication tools like a unique, one-time code through an app on your mobile device.
  • Don't be lazy in creating your password. Here are the top 25 passwords from the past eight years. They can be guessed in less than a second via computer or just using the list here! Do not use these EVER! The ones in in bold are new but still are very weak passwords:
 

Top 25 Most Common Passwords (SplashData)

Rank

2018

2017

2016

2015

2014

2013

2012

2011

1

123456

123456

123456

123456

123456

123456

password

password

2

password

password

password

password

password

password

123456

123456

3

123456789

12345678

12345

12345678

12345

12345678

12345678

12345678

4

12345678

qwerty

12345678

qwerty

12345678

qwerty

abc123

qwerty

5

12345

12345

football

12345

qwerty

abc123

qwerty

abc123

6

111111

123456789

qwerty

123456789

123456789

123456789

monkey

monkey

7

1234567

letmein

1234567890

football

1234

111111

letmein

1234567

8

sunshine

1234567

1234567

1234

baseball

1234567

dragon

letmein

9

qwerty

football

princess

1234567

dragon

iloveyou

111111

trustno1

10

iloveyou

iloveyou

1234

baseball

football

adobe123

baseball

dragon

11

princess

admin

login

welcome

1234567

123123

iloveyou

baseball

12

admin

welcome

welcome

1234567890

monkey

admin

trustno1

111111

13

welcome

monkey

solo

abc123

letmein

1234567890

1234567

iloveyou

14

666666

login

abc123

111111

abc123

letmein

sunshine

master

15

abc123

abc123

admin

1qaz2wsx

111111

photoshop

master

sunshine

16

football

starwars

121212

dragon

mustang

1234

123123

ashley

17

123123

123123

flower

master

access

monkey

welcome

bailey

18

monkey

dragon

passw0rd

monkey

shadow

shadow

shadow

passw0rd

19

654321

passw0rd

dragon

letmein

master

sunshine

ashley

shadow

20

!@#$%^&*

master

sunshine

login

michael

12345

football

123123

21

charlie

hello

master

princess

superman

password1

jesus

654321

22

aa123456

freedom

hottie

qwertyuiop

696969

princess

michael

superman

23

donald

whatever

loveme

solo

123123

azerty

ninja

qazwsx

24

password1

qazwsx

zaq1zaq1

passw0rd

batman

trustno1

mustang

michael

25

qwerty123

trustno1

password1

starwars

trustno1

000000

password1

Football

See Related: "Recapping 2018 in Data Security and Privacy." 

Password Tips

Here are few important tips that can help you create a strong password.

  1. Create a password that is not less than 10 characters and preferably 16 characters. Having a long password is often the best strategy to make it difficult for the hackers or algorithms to crack it. A long string of characters will make it challenging to guess the password for most programs that use a random combination of characters.
  1. Avoid using a common phrase, your name, nickname or address. Many passwords in the list include common words, which are easily hackable using dictionary attacks. Other information such as your name, your pet’s name, DOB and street address might be easy for you to remember but is a piece of cake for hackers to crack your password. Best advice, don’t use them!
  1. Use a mix of alphanumeric characters, numbers and special characters (symbols). One of the best ways to create a strong password is to use a mix of case-sensitive alphanumeric characters along with symbols. While it may be difficult to remember, there’s one easy way you can remember it. To create a password that is strong and yet easy to remember, use acronyms. Replace letters with their corresponding uppercase and similar special characters. For example, white lilies can be converted to “Wh1t3L%l&3$”.
  1. Abbreviate a sentence. Come up with a sentence and pick the first or last letter of each word to form a password. Mix it with special characters to make it even stronger. For example, I hate being hacked all the time! Considering the last letter of each word, the password becomes – Ih3bgHd4tt!
  1. Always use a unique password, never repeat. Never EVER use a password for more than one account, application or service. Always use a unique password. If one of your online services gets hacked, the hacker will try to use the hacked password for your other accounts. Never use the same passwords and just add a 1, 2, 3, etc., at the end.
  1. Use two-factor authentication. Although not foolproof, a two-factor authentication adds another layer of security to your online account. You can use dedicated authentication apps or enable the code over SMS feature, which most websites offer today. Enabling this functionality might not guarantee 100% security, but is far better than relying on one single password.
  1. NEVER store passwords in your browser. Storing a password in a browser can be hacked. Those can be hacked in many ways.

    Also, some websites offer to save your address, credit card details, and so on, for convenience. If you accept that offer, you've put your personal data at risk. Who knows if the site is storing your details securely? Equifax didn't!
  1. Consider using a password manager. Using a password manager and using its ability to create complex passwords for you is an easy way to create unique passwords. Make sure your generated passwords are at least 10 and preferably 16 or more characters long; all too many products default to a shorter length.

    My favorite is Password Safe. It allows you to safely and easily create a secured and encrypted user name/password list. With Password Safe all you have to do is create and remember a single "Master Password" of your choice in order to unlock and access your entire user name/password list. It is a free and open-source password manager program for use with Microsoft Windows. There is a beta version available for Ubuntu (including the Kubuntu and Xubuntu derivatives), Debian and FreeBSD operating systems. The original Password Safe was built on Bruce Schneier's Blowfish encryption algorithm. Rony Shapiro implemented Twofish encryption along with other improvements to the 3.xx series of Password Safe.
  1. Change your passwords. Change your non-email and financial passwords at least annually. It is very easy to do using a password manager and having it generate very long and complex passwords. Change your email and financial passwords at least semi-annually.

    Change all of your passwords when you leave a relationship such as a marriage or where you lived with someone. Shocking, I know. Better to be safe than sorry.
  1. Implement an account lockout policy. When available always use Account lockout. It should initiate after a pre-defined number of failed attempts such as 3 or 5.
  1. Notification of account change. When available have an email sent to you or SMS message sent when your account has been change e.g. new password set, or account has been accessed.
  1. Notification of last time account was accessed. When available have your account always show you the last time it was accessed. Request that feature be added to any account, application or service that doesn't currently have it.

Remember, Global Privacy and Security by Design should always be by Default. Be a Part of Something Big. Get involved and promote a safer, more secure internet.

RECOMMENDED