Protecting Your Data - Data Protection Day 28 Jan 2022

Photo By Laurie Pearson | Jan 28 2022 is Data Protection Day (Photo Courtesy)... read more read more

Photo By Laurie Pearson | Jan 28 2022 is Data Protection Day (Photo Courtesy)  see less | View Image Page

BARSTOW, CA, UNITED STATES

01.27.2022

Story by Laurie Pearson  

Marine Corps Logistics Base Barstow

✔ ✗ Subscribe

7

With social media, cellular telephones, portable laptop computers and other technology, protecting Personally Identifiable Information can be tricky. In light of Data Protection Day, on January 28, Leslie Hunt, Cyber Security manager & Dr. Michael J. Simko, Information Technology officer aboard Marine Corps Logistics Base Barstow have taken time to help you protect yourself.
“Data privacy is the concept of protecting the privacy within data as it relates to PII and non-sensitive PII,” Hunt explained. “Personally identifiable types of information include name, social security, birthdate, etc. Non-sensitive PII is information such as telephone number that doesn’t necessarily link to an individual.”
“While data can be classified as PII, it is important to understand different data classification standards,” Simko said. “For example, while PII covers ’personal’ information, it should not be confused with Protected Health Information or ’medical’ data. PII is often associated with the Privacy Act of 1974 where PHI correlates to the Health Insurance Portability and Accountability Act of 1996. Furthermore, understanding the differences of unclassified and classified data is imperative to prevent exposure of classified data to nefarious actors which may potentially cause serious damage to national security.”
Protecting the privacy of data can impact individuals, companies or whole organizations. It can also lead to possible monetary fines, depending on the regulations that govern the protection of the particular privacy data.
“Several things can happen if someone posts privacy information, whether it is intentional or unintentional. One result of posting the information of an organization, company, or individual could be damaging their reputation or that of the organization, company, or individual being posted about,” Hunt said.
With the creation of social media, a whole new aspect of protecting personal information was also created. From meta-data embedded into photographs, or Global Positioning Systems embedding location data, to posting photographs of children with their school in the background; information is readily available.
“Personally, I believe that social media has exponentially impacted data privacy,” Hunt said. “For example, even with controls being in place, one person could post something derogatory about another person. Before a post can be removed by either the social media platform or the individual themselves, everyone that has permission to view that post could potentially view it, repost it via the platforms own reposting method (Twitter – retweet, Facebook – share, etc.), and screen capture to retain ‘proof’ of a post.”
In other words, even though a platform, such as Snapchat, may state that photographs are automatically deleted once viewed, there are ways to save that image, in order to be used at a later date. Once on the internet, always on the internet. Then, there are also scammers to consider.
“There are a lot of methods scammers use to obtain data,” she explained. “One method is phishing. Phishing is sending email to individuals that appear to be from a valid source (e.g., bank, credit card company) that request Personally Identifiable Information such as name, social security number and birthdate. Another method scammers may use is spoofing their identity on a social media platform so that the victim believes it is someone they know thus giving away privacy information unwittingly. The biggest goal of obtaining privacy information for the scammer is the exploitation of the data, whether that is reselling the information to other individuals, or organizations, or using it themselves to setup new banking or credit cards.”
These are some key aspects to keeping data safe:
• Backup your data
• Strong passwords
• Never provide your password via email, telephone or person. That’s your password, a bank will not ask you for your password.
• Don’t post something you wouldn’t be willing to tell a complete stranger off the street.
• Ensure your privacy settings on social media platforms are set appropriately. Review the settings at least once a year.
In addition to keeping your data safe, you need to keep your passwords safe. Jotting down a password on a sticky note or storing it on your smartphone are not the best or most secure options. With the complexity of modern day technologies, along with the means, opportunity, and motivation hackers possess; it is recommended to store all password within an encrypted or password protected file, thumb drive, password vault or password manager. Many antivirus protection vendors such as Norton, afford the ability to securely store and encrypt your passwords within a password vault. A few other reputable vendors that offer this service are Keeper, NordPass, and RoboForm. Protecting your passwords means protecting your data!
The bottom line is that you are responsible for the safety of your personal data and must take steps to protect yourself, your loved ones and your company and organization.
“The most important thing I can say,” said Hunt, “is to emphasize that you must always be careful of what data you share, and with whom.”
“You may have noticed, on your government computer, a program called Bitlocker,” Simko said. “This is an encryption tool Microsoft embeds into its operating system to encrypt the hard drive in the computer itself. Bitlocker may also be available on your home computer if you are running Windows 10 Pro or Enterprise edition. Using drive encryption tools such as Bitlocker helps safeguard your personal data in the event your computer is ever lost or stolen. There are many additional solutions that perform the same functionality as Bitlocker such as AxCrypt, CryptoForge, & NordLocker.”
For additional information on Data Privacy, you can check out the Secretary of the Navy Instruction 5211.E (Department of Navy Privacy Program), or contact the Enterprise Help Desk at 855-373-8762 (855-ESD-USMC), https://homeport.usmc.mil/Default.html.
#30