Share this with your family, friends and colleagues
Data Protection Day, also known as Data Privacy Day, is celebrated every year on January 28th. It’s a day to stop, assess, and reflect on how we share and protect our data and personal information, as well as consider how our data is being collected, stored, and used by others.
More and more we see issues and controversies around data usage and storage on the news. From big social media platforms being questioned over their policies to data being stolen by hackers, it seems like now would be a good time to make sure we’re doing everything we can to protect our data and the data of children and young people in our care.
First, a quick quiz! How much do you know about protecting data? You’ll find the answers at the bottom of the article – no cheating!
How many times a year is it recommended to change your password?
What is 2-factor authentication?
How many random words does the National Cyber Security Centre suggest using in each password?
How much data are you giving away?
Even if you’re ‘au fait’ with password protection and have your security settings locked down tighter than Fort Knox, you could be giving away much more personal information than you realise. It’s all too common that posting what seems like a perfectly innocent photo or a simple social media post can include really important information right there in plain sight.
Have a look at this very cute newborn baby! A classic Facebook post, every proud parent likes to share their beautiful new baby with all of their friends and family, particularly during the pandemic when visiting in-person could be limited. Unfortunately, this one simple photo can give away lots of personal information about both the parents and the baby.
All of this information leaves a potential hacker or criminal with a healthy amount of your personal details to hand. There’s potential password clues in the names, date of birth, and locations, all of which are often used as online banking security questions, as well as solid evidence that the parents aren’t home!
Another Internet favourite – cat photos! Though Snuggles is very cute indeed, this very simple photo has two key pieces of information that are all someone needs to figure out the user’s password. As a huge Snuggles fan, this user opted to use his name for their password. As they also needed some numbers in their password, they chose to use the year of their birth, ‘2000’. Unfortunately, they also used this same password for most of their accounts!
So why is this a problem when it comes to data protection?
Data Protection and Passwords
Like the above, David* thought it would be easier to use the same password for every website. He’s not alone – a survey of UK adults found that 48% of us use the same password across both personal and work services.
For most of us, including David, this isn’t a problem – until it is. And then, it can be a really, really big problem. So, for Data Protection Day, let’s take a look at what happened to David.
David would describe himself as an average user of tech and apps – he has the Facebook and Messenger apps on his phone, TikTok, and Gmail. He occasionally Snapchats his friends and regularly orders stuff through the Amazon app.
One day, one of the social media sites David uses was hacked and, along with thousands of other users, his email address and password were stolen, sold and bought on the dark web.
So, what information does the criminal who bought David’s information now have?
Through David’s social media profiles and posts, the criminal now knows the following information about David:
He currently lives in Reading.
Specifically, he lives in a house numbered 32 (this is visible in the ‘first day of school’ photo of his kids taken outside of their front door).
He often tags himself in his local pub, the O’Neill Arms.
David grew up in Oxford with his two brothers, Sam and John, and his parents Karen and Samuel.
His dad passed away of cancer fives year ago and Karen now lives alone in the family home where David grew up.
His wife is called Sally. Her birthdate is June 5th, 1971.
His kids are named Nathan, 8, and Emma, 10.
David works at a Water Utilities company and has been there since 2001.
He and his family go to Center Parcs every year for Easter.
On birthdays, they go to the local Pizza Hut.
Every Friday, he and his wife go to the cinema while Grandma babysits the kids at her house.
After logging into David’s email account, the hacker now knows:
His full home address, through online purchase receipts.
David gets paid on the 31st of the month and occasionally gets overtime, plus bonuses.
That David has three accounts with the same bank, including a savings account containing £45,000 and an ISA with £20,000. Luckily for the hacker, David had emailed himself not only his account number and sort code, but also his online banking password.
All of this information was harvested from just two of the platforms David uses, but the sheer amount collected from one social media profile and an email account shows how vital it is to protect our data carefully.
It’s also worth noting that a lot of the information found on David’s profile is the same type of details that many people populate their profile with, without checking to see who has access to it. Learn how to manage your privacy and safety settings across a range of social media platforms on Our Safety Centre.
*David has been made-up for the purposes of this story, but his experiences are based on real events that can and do occur!
To celebrate Data Protection Day and protect your data better all year round, here’s our top tips and further resources:
Check and change your passwords today! Make a note in your diary to do this again in three to four months’ time.
Enable 2-factor authentication on all platforms offering it – this includes Gmail, Outlook, Facebook, Twitter, TikTok, and WhatsApp. You can find further instructions on how to do this on their websites.
It may sound complicated, but it just means using two passwords (hence the 2-factor) to authenticate your access to an account. When logging into an account, a password and a code is required to allow entry – this means that even if an unauthorised user guesses a password, they can’t gain access without the second code.
They recommend using a password manager that generates passwords or passwords comprised of three random words to aid password recall. Use a formula by adding four numbers to the end of the words, e.g., pineapple-shoelace-buttercup1969. Remember, longer is stronger when it comes to data protection!
Share this with your family, friends and colleagues
Join our Online Safety Hub Newsletter Network
Members of our network receive weekly updates on the trends, risks and threats to children and young people online.