Data breaches are happening faster, but you can fight back.

(Image credit: d3sign via Getty Images)ShareShare by:

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Flipboard

Share this article 1Join the conversationFollow usAdd us as a favored source on GoogleNewsletterSubscribe to our newsletter

Cybersecurity and private data are regularly highlighted in news stories. Administrations are approving fresh cybersecurity regulations. Enterprises are allocating resources to cybersecurity measures, such as firewalls, encryption, and educational programs, at unprecedented levels.

Despite this, individuals are experiencing setbacks concerning data privacy.

In 2024, the Identity Theft Resource Center detailed that businesses dispatched 1.3 billion notifications to those impacted by data infringements. This figure represents more than a threefold increase in notices compared to the previous year. It’s apparent that despite escalating initiatives, breaches of private data are not only ongoing but also intensifying.

You may like

• 

  Popular AI chatbots have an alarming encryption flaw — meaning hackers may have easily intercepted messages

• 

  Quantum computing will make cryptography obsolete. But computer scientists are working to make them unhackable.

• 

  Some people love AI, others hate it. Here’s why.

What measures can be taken to address this predicament? A significant number view the cybersecurity question as a technological challenge. They are accurate: Technological measures are a key element in ensuring the security of private details, but they are not sufficient.

As a university professor specializing in information technology, data analysis, and operational strategies at the University of Notre Dame, I am dedicated to examining strategies for safeguarding individual privacy.

Robust individual privacy protection is composed of three integral components: readily available technical measures, community understanding of the necessity for privacy, and governmental guidelines that highlight the significance of individual privacy. Each contributes a critical role in safeguarding personal privacy. A flaw in any of these areas jeopardizes the integrity of the entire framework.

The first line of defense

Technology acts as the initial security layer, supervising entry to systems housing data and employing encryption to protect data as it travels between systems, thereby preventing unauthorized access. However, even the premier security tools can be ineffective if utilized incorrectly, improperly configured, or disregarded.

Two technological measures are particularly vital: encryption and multifactor authentication. These form the underpinning of online privacy, delivering maximum effectiveness when extensively embraced and accurately employed.

Encryption leverages sophisticated algorithms to transform sensitive information into an illegible format, accessible solely with the appropriate decryption key. For example, your web browser utilizes HTTPS encryption to safeguard your data when you browse a secure website. This process thwarts anyone on your network, or any network linking you to the website, from eavesdropping on your communications. Currently, nearly all web traffic is encrypted using this method.

You may like

• 

  Popular AI chatbots have an alarming encryption flaw — meaning hackers may have easily intercepted messages

• 

  Quantum computing will make cryptography obsolete. But computer scientists are working to make them unhackable.

• 

  Some people love AI, others hate it. Here’s why.

However, if encryption of data on networks is highly efficient, what accounts for the ongoing occurrence of data breaches? The truth is that encrypting data as it’s being transmitted is merely one aspect of the problem.

Securing stored data

We must also ensure the security of information wherever it resides, including devices like phones, laptops, and the servers that comprise cloud storage. Unfortunately, this aspect of security frequently comes up short. The encryption of stored data, or data at rest, is not as extensively applied as encrypting data while it’s being moved from one point to another.

While contemporary smartphones generally encrypt files as a standard feature, the same cannot necessarily be stated for cloud storage solutions or corporate databases. According to a 2024 industry survey, only 10% of organizations report that at least 80% of their information housed in the cloud is encrypted. This circumstance means that vast quantities of unencrypted personal information are potentially susceptible to exposure if attackers successfully penetrate security measures. Without encryption, accessing a database is equivalent to opening an unlocked filing cabinet, rendering every item inside available to the intruder.

YouTube

Watch On

Multifactor authentication constitutes a security protocol that compels users to furnish more than a single form of authentication before gaining access to confidential information. It’s tougher to compromise than a single password, as it needs a combination of different data types. Typically, it mixes something recognized by the user, for instance, a password, with something in their possession, such as a smartphone application generating a verification code, or a biometric identifier, like a fingerprint. Utilizing multifactor authentication properly can decrease the likelihood of a security breach by as much as 99.22%.

While 83% of organizations mandate their workforce to employ multifactor authentication, as indicated by another industry survey, millions of accounts are still secured solely by a password. With attackers becoming more adept and credential theft continuing to rise, bridging that remaining 17% is more than a recommended measure, it’s a critical requirement.

Multifactor authentication stands out as one of the most direct and impactful actions organizations can undertake to avert data breaches, yet its usage remains limited. Broadening its implementation could significantly lower the number of successful assaults annually.

Awareness gives people the knowledge they need

Even the finest technology has limitations when individuals commit errors. Human error was implicated in 68% of data breaches in 2024, per a Verizon report. Organizations can lessen this risk by training their employees, minimizing data collection (gathering only the necessary data for a task, then removing it upon completion), and implementing strict access protocols.

Policies, audits, and response strategies for security breaches can enable organizations to be prepared for potential data compromise, allowing them to curtail the damage, identify the responsible parties, and gain valuable lessons. It is equally crucial to protect against internal risks and physical breaches through protective measures such as secure server locations.

Public policy holds organizations accountable

Legislative safeguards aid in ensuring organizations are responsible for protecting data and allowing individuals to manage their information. The European Union’s General Data Protection Regulation stands as one of the most thorough privacy regulations across the globe. It demands stringent data protection practices and enables individuals to view, modify, and delete their personal data. The General Data Protection Regulation carries substantial penalties: In 2023, Meta received a €1.2 billion (US$1.4 billion) penalty due to a Facebook violation.

Despite extensive discussions over the years, the U.S. still lacks an all-encompassing federal privacy statute. Although several proposals have been put forward in Congress, none have been successfully enacted. Instead, a combination of state rules and sector-specific guidelines, like the Health Insurance Portability and Accountability Act for health information and the Gramm-Leach-Bliley Act for financial institutions, serves to partially address these gaps.

Certain states have instituted their own privacy statutes; however, this fragmented approach results in Americans receiving inconsistent protection levels and generates regulatory difficulties for companies operating across different jurisdictions.

RELATED STORIES

—’I’d never seen such an audacious attack on anonymity before’: Clearview AI and the creepy tech that can identify you with a single picture

—Smart glasses could boost privacy by swapping cameras for this 100-year-old technology

—Scientists use AI to encrypt secret messages that are invisible to cybersecurity systems

The resources, rules, and expertise for safeguarding personal information are accessible, yet the implementation of these by people and organizations is inadequate. Enhanced encryption, more widespread adoption of multifactor authentication, improved training efforts, and clearer legal guidelines could avert many breaches. It’s apparent that these mechanisms are effective. What is currently needed is a shared commitment, coupled with a cohesive federal directive, to instantiate these safeguards.

This article belongs to a collection focused on data privacy, analyzing who is collecting your data, the specifics of what and how they collect it, those involved in the selling and buying of your data, their utilization of the data, and potential countermeasures.

This altered piece has been republished from The Conversation via a Creative Commons license. Access the original piece.

Mike ChappleTeaching Professor of IT, Analytics, and Operations, University of Notre Dame

Mike Chapple acts as the academic supervisor of Notre Dame’s Master of Science in Business Analytics program and serves as an educator in IT, Analytics and Operations, delivering courses in business analytics and cybersecurity for both undergraduate and postgraduate levels. Prior to his role with the Mendoza faculty, Chapple held the position of Senior Director for IT Service Delivery at the University and was a Senior Advisor to the Executive Vice President at Notre Dame. Mike also previously held the position of Executive Vice President and Chief Information Officer at the Brand Institute, a consultancy focused on marketing based in Miami. Earlier in his career, he dedicated four years to the information security research division at the National Security Agency and fulfilled duties as an active intelligence officer in the U.S. Air Force.

Show More Comments

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

LogoutRead more

Popular AI chatbots have an alarming encryption flaw — meaning hackers may have easily intercepted messages 
 

Quantum computing will make cryptography obsolete. But computer scientists are working to make them unhackable. 
 

Some people love AI, others hate it. 
 

Experts divided over claim that Chinese hackers launched world-first AI-powered cyber attack — but that’s not what they’re really worried about 
 

‘It won’t be so much a ghost town as a zombie apocalypse’: How AI might forever change how we use the internet