Andrew Gertz | Senior Manager, Web and Digital Marketing, Thales
This month is Cyber Security Awareness Month, highlighting how far security education needs to go in order to enable a secure interconnected world.
Technology continues to improve our lives – but at the same time the risks continue to grow. While the responsibility should lie with businesses to ensure all the best safeguards are in place, too much onus is frequently put on consumers.
Encryption, data sovereignty, multifactor authentication and website cookies are all vital ideas and technologies to keep consumers’ personal data safe – but research released this month reveals widespread confusion. And how can people be expected to follow best practice, when they don’t understand the ‘basics’? Not least to mention the language around the basics is often anything but.
To this end, and in honour of Cyber Security Awareness Month, we decided to look at some of the most commonly asked cyber security questions on the internet and break down the answers as simply as possible.
Data Sovereignty
What is data sovereignty?
Data sovereignty means your data, like personal information and digital files, should be stored and managed in a way that aligns with the laws and regulations of your country or region. It's about keeping your data under your home country's control and protection.
Why is this something I should care about?
Data sovereignty is crucial because it makes sure that your sensitive information, such as financial or personal data, is handled according to the rules and security measures of your home country. This helps protect your privacy, rights, and ensures compliance with local laws.
Does it matter where my data’s stored?
Yes, it does matter. Where your data is stored can impact your privacy and security. Storing data in your own country or in places with strong data protection laws gives you more control and legal protections over your personal information. It's about ensuring your data is handled responsibly and securely.
Encryption
What is encryption?
Puzzle or escape room fans are likely to have come across the idea behind encryption before. Encryption is where data, such as your address or bank account details, are scrambled using a specific code to make them illegible. This information is only decipherable by an encryption key, which holds the details of the code and enables the information to be unscrambled.
Does it really make a difference?
If cybersecurity as a practice is looked at like a castle, encryption would be the walls of the keep; the last line of defence. We are living in an age of data breaches – our 2023 Data Threat Report shows that more than a third of organizations globally experienced a data breach in the last 12 months. This means companies cannot rely on their walls and moats to keep cybercriminals out. Encryption ensures that, if they are able to access sensitive data, it remains protected.
Passkeys
What are passkeys and how to they work?
A passkey is a unique code, like a digital key, that is stored on a secure device and used to authenticate access to a system or account. They are often stored on phones, with biometrics such as a fingerprint or FaceID, used to unlock the device and grant access to the passkey. When you enter the correct passkey, the system then recognizes it and grants you access.
How do passkeys differ from passwords?
Passkeys offer a more secure alternative to passwords as they require an additional verification step to access, typically involving biometric authentication unique to you. They are also phishing-resistant alternative to passwords. Unlike with passwords that you could easily share over email, passkeys need the physical device they're stored on to access. Finally, they eliminate one of the core human error factors of cybersecurity: passwords. By cutting out a password altogether, users are no longer tempted to keep the same password across multiple accounts or making them easy to guess to remember them.
Multifactor Authentication
What is multifactor authentication?
Multifactor authentication means using more than one way to prove your identity when accessing a system or account. It's like having multiple locks on a door – you need keys from different places to unlock it. Similarly, with multifactor authentication, you need to provide different types of information to access your account, adding an extra layer of security.
Can you share some examples of multifactor authentication?
Multifactor authentication can include things like:
- Password + Fingerprint: You enter a password and use your fingerprint to unlock your phone
- Password + SMS Code: After entering a password, you receive a code on your phone via text message that you also need to enter
- Password + Security Questions: You answer security questions after entering your password
These combinations add an extra level of security by requiring different types of information to ensure it's really you trying to access the account.
Cookies
What do cookies mean on websites?
Cookies are small pieces of data that websites store on your device (like your computer or phone) when you visit them. They help the website remember your preferences and actions, making your future visits smoother and more personalized. It's like a little note the website leaves on your device to remember things you like.
Do I have to accept cookies?
No, you don't have to accept cookies. When you visit a website, you can choose whether to accept or decline cookies. However, some websites might have essential cookies that are necessary for their basic functions. You can often customize your cookie preferences in your browser settings to control which cookies you allow and how they are used.
What do I most need to know about cybersecurity?
When faced with the complexities of cybersecurity, it’s very easy to resort to apathy. The main message here is to remain vigilant, and by building a base knowledge of the methods that are used to protect our data, we will be able to implement them correctly to keep our information safe.