Personal data at risk: what can citizens and entities do to combat leaks and misuse of their information?

THE PROTECTION OF PERSONAL DATA IN OUR CULTURE

In Peru there is a legal framework that protects citizens in the protection of their information within the spectrum of computer services, since it is a right considered by the Constitution in paragraph 6 of its second article and regulated by the Personal Data Protection Law (No. 29733).

However, the regulations and legal mechanisms for the protection of sensitive information They should only be part of the understanding of asset management. personal data. This is what Diego Bassante, IBM’s Government and Regulatory Affairs Leader for Latin America, considers, who places awareness of the importance of this information and the introduction of this idea as an essential part of civil culture in a clear first place.

“What citizens must do—not only in Peru, but in much of Latin America—is to incorporate into their political culture, among their values, the principle of the protection of personal data. From a cultural point of view, we have to become aware that our data They have value,” explained Bassante in dialogue with this medium.

The expert indicates that in a context in which digital platforms have become part of daily life and it has also become normal for them to request and manage the information of your usersit is necessary to always keep in mind the principle of data minimization.

Citing the definition of the Spanish Data Protection Agency, the latter consists of the application of “technical and organizational measures to guarantee that data are processed. data that are only necessary for each of the specific purposes of the treatment, reducing the extent of the treatment and limiting the conservation period and its accessibility to what is necessary.” Reducing it to simpler terms, The user must only provide the minimum information essential for the use of a service. and its providers must use these data only for said activity.

According to the IBM specialist, it is crucial that people analyze what type of information they are providing and the real relevance of the permissions they grant to various services.

“Perhaps I am providing more data than is needed, violating the principle of data minimization which is present in the regulation of personal data. The most important thing is that we understand that our data has value, because if we do not have that awareness as a prior step to everything else, protection actions will not make sense and perhaps I will not even know the mechanisms that the law provides. offers to protect me,” says Bassante.

RISK REDUCTION

The risk of leaks is not only on the side of the common individual, but also on the entities, since the exploitation of security breaches has a great economic impact for any institution. Research from IBM makes this clear by revealing that The average cost of a data breach was $2.76 million for a private or state entity.

Although computer attacks have become more common and sophisticated, security has also been adopting measures to address this problem, including the introduction of artificial intelligence an important help.

“Organizations that fully deployed automation and artificial intelligence in security achieved savings of 65.2% compared to those that did not”

“We know from a recent IBM study that organizations that fully deployed automation and artificial intelligence in security achieved savings of 65.2% compared to those that did not,” commented Diego Bassante, who considers that investment and technological updating are an need.

Luisa Esguerra, Microsoft’s Cybersecurity leader in South America, maintains the same line, pointing out that innovation is an important component of computer security.

“Without referring to particular cases, there are advanced technologies enhanced by artificial intelligence “that help keep digital assets protected, that are capable of monitoring millions of signals, detecting anomalies, intrusions and vulnerabilities, mitigating the impacts of a possible attack and improving accuracy and response times,” Esguerra responded to this medium through from an email.

“However, the truth is that no system is completely infallible. We are facing a constant increase in the number and sophistication of attacks by cybercriminals. According to the World Economic Forum, cybercrime has grown to become the third largest economy in the world after the United States and China,” he added.

“No matter how much technology and how much investment is made to protect an organization, the human factor and the digital security culture that we develop individually and collectively are essential”

The Microsoft specialist emphasized that despite the sophistication of computer security systems, people tend to be the “weakest links in the chain”, which is why the development of a greater culture on the subject among the population is required. and that the user adopts good practices to reinforce the protection of their information.

“No matter how much technology and how much investment is made to protect an organization, it is the human factor and the digital security culture that we develop at an individual and collective level that is essential. It is a shared responsibility, since the mistake of a single person can affect an entire organization and put its operations in check,” he argued. “It is essential to promote security on both fronts (organizations and citizens), with secure technology and solutions that protect users, their data and their devices, and also with good practices and hygiene. digital security”, Esguerra noted.

SPECIFIC MEASURES

Taking into account that local legislation and many computer systems are still not as advanced as those of developed countries in the matter, the citizen’s work must be oriented towards prevention. Luisa Esguerra believes that there are specific tools that can be used to minimize the risk of leaks. personal data.

“In (web) browsers such as Microsoft Edge, users can adjust privacy settings to control and delete tracking data. Edge offers three levels of tracking prevention: Basic, Balanced, and Strict. In addition, it is possible to delete browsing history, cookies and other website data from the browser settings,” mentioned the Microsoft representative.

Regarding organizations, the expert in cybersecurity indicated that “systems must be monitored continuously, staff must be regularly trained to recognize and avoid common threats.” He also mentioned as a necessity having an incident response plan to act quickly in case of leaks.

When asked more specifically, Microsoft provided the following direct recommendations for good IT security management and data protection: personal data.

Key actions for users

• Use strong and unique passwords for each account, combining letters, numbers and symbols, as well as avoid using the same password in different accounts, avoiding reusing the same password on several platforms.
• Enable multi-factor authentication (MFA), which adds an additional layer of security. This may include using a code sent to the mobile phone or generated by an authenticator app, making unauthorized access difficult, even if someone obtains the password.
• Regularly monitor accounts for suspicious activity, such as unauthorized access or unexpected configuration changes.
• Periodically delete your browsing history, cookies and other website data and avoid providing sensitive information such as personal identification numbers, passwords or financial data on unsecured websites.

Key actions for institutions

• Implement multi-factor authentication (MFA): This is one of the simplest and most effective ways to protect user accounts. By adding a second layer of verification, such as a code sent to the phone, even if passwords are compromised, attackers will not be able to easily access accounts.
• Adopt advanced detection and response (XDR) tools: These tools allow you to detect and stop attacks in real time, in addition to collecting useful information for future defenses. Having automated systems that detect and respond to threats is key to preventing data leaks.
• Keep systems up to date: Outdated systems represent a significant vulnerability. By ensuring all operating systems, applications, and firmware are up-to-date, organizations can prevent attackers from exploiting known gaps.
• Apply the principles of “zero trust” (Zero Trust): This approach assumes that no one should automatically be trusted, not even internal users. Constant identity verification and implementing policies such as multi-factor authentication and strong passwords are essential to minimize risk.
• Limit access to data: Only people who truly need access to certain data should have it, limiting the ability for attackers to exploit compromised accounts.