Celebrate International Data Privacy Day 2019 With This Expert Advice
Dr. Rebecca Wynn offers best practices for safeguarding data and managing privacy
Add bookmarkHappy International Data Privacy Day! Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the January 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is observed annually on January 28th.
On January 27, 2014, the 113th U.S. Congress adopted S. Res. 337, a non-binding resolution expressing support for the designation of January 28 as "National Data Privacy Day."
The National Cyber Security Alliance (NCSA) officially leads the Data Privacy Day campaign and is advised by a distinguished advisory committee of privacy professionals to help the campaign align with the most current privacy issues in a thoughtful and meaningful way.
Data Privacy Day is the signature event in a greater privacy awareness and education effort. Year-round, NCSA educates consumers on how they can own their online presence and shows organizations how privacy is good for business. NCSA’s privacy awareness campaign is an integral component of STOP. THINK. CONNECT. ™ ‒ the global online safety, security and privacy campaign.
Advice For Businesses: Privacy Is Good
Create a culture of privacy in your organization. Educate employees on the importance and impact of protecting consumer and employee information as well as the role they play in keeping it safe.
Top Three Tips to Build Trust:
- If you collect it, protect it. Follow reasonable security measures to keep individuals' personal information safe from inappropriate and unauthorized access.
- Be open and honest about how you collect, use and share consumers' personal information. Think about how the consumer may expect their data to be used, and design settings to protect their information by default.
- Build trust by doing what you say you will do. Communicate clearly and concisely to the public what privacy means to your organization and the steps you take to achieve and maintain privacy.
Advice For All Of Us: Safeguard Your Data And Manage Your Privacy
Personal info is like money: Value it. Protect it. Information about you, such as your purchase history or location, has value ‒ just like money.
- Share with care. Think before posting about yourself and others online. Consider what it reveals, who might see it and how it could be perceived now and in the future.
- Own your online presence. Set the privacy and security settings on websites and apps to your comfort level for information sharing. Each device, application or browser you use will have different features to limit how and with whom you share information.
- Lock down your login: Your usernames and passwords are not enough to protect key accounts like email, banking and social media. Strengthen online accounts and use strong authentication tools like a unique, one-time code through an app on your mobile device.
- Don't be lazy in creating your password. Here are the top 25 passwords from the past eight years. They can be guessed in less than a second via computer or just using the list here! Do not use these EVER! The ones in in bold are new but still are very weak passwords:
Top 25 Most Common Passwords (SplashData) |
||||||||
Rank |
2018 |
2017 |
2016 |
2015 |
2014 |
2013 |
2012 |
2011 |
1 |
123456 |
123456 |
123456 |
123456 |
123456 |
123456 |
password |
password |
2 |
password |
password |
password |
password |
password |
password |
123456 |
123456 |
3 |
123456789 |
12345678 |
12345 |
12345678 |
12345 |
12345678 |
12345678 |
12345678 |
4 |
12345678 |
qwerty |
12345678 |
qwerty |
12345678 |
qwerty |
abc123 |
qwerty |
5 |
12345 |
12345 |
football |
12345 |
qwerty |
abc123 |
qwerty |
abc123 |
6 |
111111 |
123456789 |
qwerty |
123456789 |
123456789 |
123456789 |
monkey |
monkey |
7 |
1234567 |
letmein |
1234567890 |
football |
1234 |
111111 |
letmein |
1234567 |
8 |
sunshine |
1234567 |
1234567 |
1234 |
baseball |
1234567 |
dragon |
letmein |
9 |
qwerty |
football |
princess |
1234567 |
dragon |
iloveyou |
111111 |
trustno1 |
10 |
iloveyou |
iloveyou |
1234 |
baseball |
football |
adobe123 |
baseball |
dragon |
11 |
princess |
admin |
login |
welcome |
1234567 |
123123 |
iloveyou |
baseball |
12 |
admin |
welcome |
welcome |
1234567890 |
monkey |
admin |
trustno1 |
111111 |
13 |
welcome |
monkey |
solo |
abc123 |
letmein |
1234567890 |
1234567 |
iloveyou |
14 |
666666 |
login |
abc123 |
111111 |
abc123 |
letmein |
sunshine |
master |
15 |
abc123 |
abc123 |
admin |
1qaz2wsx |
111111 |
photoshop |
master |
sunshine |
16 |
football |
starwars |
121212 |
dragon |
mustang |
1234 |
123123 |
ashley |
17 |
123123 |
123123 |
flower |
master |
access |
monkey |
welcome |
bailey |
18 |
monkey |
dragon |
passw0rd |
monkey |
shadow |
shadow |
shadow |
passw0rd |
19 |
654321 |
passw0rd |
dragon |
letmein |
master |
sunshine |
ashley |
shadow |
20 |
!@#$%^&* |
master |
sunshine |
login |
michael |
12345 |
football |
123123 |
21 |
charlie |
hello |
master |
princess |
superman |
password1 |
jesus |
654321 |
22 |
aa123456 |
freedom |
hottie |
qwertyuiop |
696969 |
princess |
michael |
superman |
23 |
donald |
whatever |
loveme |
solo |
123123 |
azerty |
ninja |
qazwsx |
24 |
password1 |
qazwsx |
zaq1zaq1 |
passw0rd |
batman |
trustno1 |
mustang |
michael |
25 |
qwerty123 |
trustno1 |
password1 |
starwars |
trustno1 |
000000 |
password1 |
Football |
See Related: "Recapping 2018 in Data Security and Privacy."
Password Tips
Here are few important tips that can help you create a strong password.
- Create a password that is not less than 10 characters and preferably 16 characters. Having a long password is often the best strategy to make it difficult for the hackers or algorithms to crack it. A long string of characters will make it challenging to guess the password for most programs that use a random combination of characters.
- Avoid using a common phrase, your name, nickname or address. Many passwords in the list include common words, which are easily hackable using dictionary attacks. Other information such as your name, your pet’s name, DOB and street address might be easy for you to remember but is a piece of cake for hackers to crack your password. Best advice, don’t use them!
- Use a mix of alphanumeric characters, numbers and special characters (symbols). One of the best ways to create a strong password is to use a mix of case-sensitive alphanumeric characters along with symbols. While it may be difficult to remember, there’s one easy way you can remember it. To create a password that is strong and yet easy to remember, use acronyms. Replace letters with their corresponding uppercase and similar special characters. For example, white lilies can be converted to “Wh1t3L%l&3$”.
- Abbreviate a sentence. Come up with a sentence and pick the first or last letter of each word to form a password. Mix it with special characters to make it even stronger. For example, I hate being hacked all the time! Considering the last letter of each word, the password becomes – Ih3bgHd4tt!
- Always use a unique password, never repeat. Never EVER use a password for more than one account, application or service. Always use a unique password. If one of your online services gets hacked, the hacker will try to use the hacked password for your other accounts. Never use the same passwords and just add a 1, 2, 3, etc., at the end.
- Use two-factor authentication. Although not foolproof, a two-factor authentication adds another layer of security to your online account. You can use dedicated authentication apps or enable the code over SMS feature, which most websites offer today. Enabling this functionality might not guarantee 100% security, but is far better than relying on one single password.
- NEVER store passwords in your browser. Storing a password in a browser can be hacked. Those can be hacked in many ways.
Also, some websites offer to save your address, credit card details, and so on, for convenience. If you accept that offer, you've put your personal data at risk. Who knows if the site is storing your details securely? Equifax didn't!
- Consider using a password manager. Using a password manager and using its ability to create complex passwords for you is an easy way to create unique passwords. Make sure your generated passwords are at least 10 and preferably 16 or more characters long; all too many products default to a shorter length.
My favorite is Password Safe. It allows you to safely and easily create a secured and encrypted user name/password list. With Password Safe all you have to do is create and remember a single "Master Password" of your choice in order to unlock and access your entire user name/password list. It is a free and open-source password manager program for use with Microsoft Windows. There is a beta version available for Ubuntu (including the Kubuntu and Xubuntu derivatives), Debian and FreeBSD operating systems. The original Password Safe was built on Bruce Schneier's Blowfish encryption algorithm. Rony Shapiro implemented Twofish encryption along with other improvements to the 3.xx series of Password Safe.
- Change your passwords. Change your non-email and financial passwords at least annually. It is very easy to do using a password manager and having it generate very long and complex passwords. Change your email and financial passwords at least semi-annually.
Change all of your passwords when you leave a relationship such as a marriage or where you lived with someone. Shocking, I know. Better to be safe than sorry.
- Implement an account lockout policy. When available always use Account lockout. It should initiate after a pre-defined number of failed attempts such as 3 or 5.
- Notification of account change. When available have an email sent to you or SMS message sent when your account has been change e.g. new password set, or account has been accessed.
- Notification of last time account was accessed. When available have your account always show you the last time it was accessed. Request that feature be added to any account, application or service that doesn't currently have it.
Remember, Global Privacy and Security by Design should always be by Default. Be a Part of Something Big. Get involved and promote a safer, more secure internet.