As we commemorate Data Privacy Day this year, the theme “Take Control of Your Data” resonates with heightened urgency. The recent ‘Mother of all Breaches’ (MOAB) underscores the critical nature of our conversation around personal data security. In an era where both voluntary sharing and involuntary exposure of our personal information are on the rise, taking control of our data and preventing its exploitation has become imperative. This day serves as a reminder and a call to action, urging us to take proactive measures to prevent and defend against the exposure of our info via data brokers and data breaches, creating a more secure future for everyone.
Our Personal Data Up for Grabs
Each time we engage online, we often contribute voluntarily to our digital footprint, information that data brokers can readily access. This includes names, home addresses, email addresses, phone numbers, and insights gleaned from our social media activity and online purchasing habits. While a substantial portion of this data is shared by us, directly or through terms of service agreements, data brokers also source information without our explicit consent. The aggregation and subsequent sale of this personal data pose significant risks to all of us. Malicious actors can easily access this information, frequently using it to orchestrate social engineering and other PII-based attacks.
Sensitive personal information is also exposed whenever there is a data breach, where it ends up on the dark web or other nefarious markets, making individuals vulnerable to identity theft, financial fraud, and various forms of cyber exploitation. The newly discovered “MOAB” database contains no less than 26 billion leaked data records and almost certainly includes newly published information. As the researchers who discovered it noted, “threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts.”
The Current Threat Landscape
For years, the top two ways threat actors exploit exposed personal data have remained phishing and credential stuffing. IBM’s 2023 Cost of a Data Breach Report points to phishing as the current top attack method targeting businesses, with stolen or compromised credentials following closely behind. Phishing is also the #1 cybercrime in general. With new email security measures for bulk senders set to go into effect starting next month, threat actors are expected to pivot increasingly towards non-email-based forms of phishing like smishing (SMS phishing) and vishing (voice phishing), which have already seen an explosive rise in recent years.
Further exacerbating the situation is the sophisticated use of artificial intelligence across various phishing campaigns, including spear-phishing, smishing, and vishing. AI technologies are now being employed not only to create highly personalized email content but also to tailor deceptive text messages and phone calls. This makes such attacks challenging to distinguish from legitimate communications for both users and security software.
In light of this threat landscape, it has never been more important for individuals and businesses to take proactive measures to prevent and defend against PII-based attacks. A comprehensive approach requires not only ongoing scanning and removal of PII from data broker sites but also adapting online behaviors and implementing safeguards against the exploitation of personal data that may be exposed through breaches.
Calls to Action: Proactive Measures For Prevention and Defense
This Data Privacy Day, we at Optery encourage you to take control of your data and prevent its misuse by cybercriminals. Here are some actionable steps you can take:
MAXIMIZE YOUR PRIVACY SETTINGS
Fine-tune your privacy settings across all digital platforms to better control who sees your information and how it’s used. Regularly review and update these settings on social networks, email accounts, and apps to ensure maximum protection against unauthorized access and data breaches. A great resource for managing your privacy settings across a range of sites, apps, and services can be found here: Manage Your Privacy Settings – National Cybersecurity Alliance (staysafeonline.org).
LIMIT PERSONAL INFORMATION SHARED ONLINE
Carefully consider the information you share on social platforms and other websites. From your location to your personal interests, every bit of data shared can be used for data scraping, and the more info you make public, the more of an opportune target you are for bad actors. Think twice before sharing personal milestones, travel plans, or even seemingly innocuous details like your favorite restaurant. This not only helps prevent data scraping by third parties but also reduces the risk of your information being used for targeted scams or identity theft.
ENABLE MULTI-FACTOR AUTHENTICATION (MFA)
MFA adds an extra layer of security, ensuring that even if your password is compromised, unauthorized users can’t easily gain access. Use FIDO2 compliant tokens whenever possible for stronger authentication security.
CHANGE YOUR PASSWORDS AND AVOID REUSING THEM
Operate under the assumption that one or more of your current passwords has been exposed. You can check for emails and passwords that have been involved in data breaches via haveIbeenpwned.com or similar services. In light of the recent MOAB, we recommend changing your passwords immediately and on a regular basis. Use unique passwords for each account to prevent a single breach from rippling across your entire digital life. We recommend using a Password Manager such as: LastPass, 1password, Google Password Manager, KeePass, or BitWarden.
HARNESS DATA BROKER REMOVAL TOOLS
Your personal data is a commodity that’s bought and sold daily. Data brokers compile your information and sell it for profit, without your consent. There are hundreds of data brokers and people search sites which are a treasure trove for threat actors who use this information to steal identities, take over accounts, and commit other types of fraud. It’s time to opt-out. Optery offers free services to start this journey of reclamation, whether for personal or business use. For broader coverage and hands-off convenience, opt for one of our subscription plans and Optery will handle the removals for you at scale.
INITIATE A CREDIT FREEZE
A fundamental defensive measure in a breached world is to secure your credit. A credit freeze restricts access to your credit report, making it harder for identity thieves to open accounts in your name. Reach out to the big three credit bureaus: Experian, TransUnion, and Equifax, and activate a credit freeze. It’s a simple yet effective way to safeguard your financial identity. And remember to freeze your children’s credit also. A great resource for doing this is FrozenPii.com.
USE PRIVACY-FOCUSED BROWSERS AND SEARCH ENGINES
Opt for browsers like Brave, Mozilla Firefox, and Tor, and search engines like DuckDuckGo for enhanced privacy. For more info, see our complete guide on Web Browsing Privacy.
CONNECT THROUGH A VPN
A Virtual Private Network (VPN) can encrypt your internet connection, masking your IP address and securing data from unwanted interceptions, even on public Wi-Fi. See our discussion on the best VPN software for privacy here.
ENFORCE DNS DMARC SETTINGS
For businesses, and even for individual domain owners, it’s crucial to implement DMARC policies in your DNS settings. DMARC helps to prevent email spoofing and protect against impersonation attacks by verifying that the sender’s email messages are legitimate and authorized by the domain’s owner. This step is particularly vital in safeguarding against phishing and spear-phishing attacks that might target your organization or exploit your identity to deceive others.
EDUCATE AND RAISE AWARENESS
Share knowledge about online safety with less tech-savvy individuals to protect them from digital threats and scams. Discuss with your family the importance of privacy settings and cautious data sharing. It is especially important to educate adolescents and older adults who may need help staying safe online.
Take Control of Your Data
Today, let’s not just reflect on the importance of data privacy; let’s act to take control of our personal data and prevent its exploitation. Whether it’s removing our information from data broker lists, freezing our credit, tightening our privacy settings, or taking other precautions, every step counts. Let’s use this day as a starting point for a safer and more secure future.
