Personal data protection on the Internet

 
Apply for SearchInform DLP TRY NOW

From the shackles of personal data leaks follow one another. Immediately after the photos of intimate content of American stars appeared on the Web, a message appeared about open access to passwords from Yandex and Mail.ru e-mails. In the comments, both companies shifted the responsibility to account users, complaining about their frivolity.

Many believe that cybercriminals on the Internet “hunt” exclusively for the data of the rich and famous. But this is not the case. The personal data of ordinary users, falling into the hands of fraudsters, allows them to derive illegal benefits.

Personal information: what is it?

The Federal Law "On Personal Data" refers to information that allows the identification of a person (Internet user). This is the last name, first name, patronymic, full date of birth, place of residence, passport series and number, place of work. But the password from the Internet account does not apply to personal data, since it does not identify the user.

The release of data (phone, email address) requires the user's consent. Similarly, at the request of a citizen, information is removed from public access.

Where and how is information stored?

Most Internet companies have servers in the United States. Mail.Ru Group is the owner of five data centers in the Russian Federation and a renter of foreign servers. Yandex organized a data center in Ryazan, having bought out nine workshops of the Sasta plant. By 2020, the company plans to install 100,000 servers on the territory of this center. Yandex also rents servers in America, Finland and the Netherlands.

Changes made to the Federal Law "On Personal Data" obliged the company to ensure the storage of data of Russian Internet users within the country. Therefore, an increase in the number of Russian data centers is expected. The attitude of foreign Internet corporations to this requirement remains unclear. Information about negotiations of the authorities on this issue with Twitter, Facebook and Google periodically appears in the media.

Ways of transferring personal information

Citizens pay with personal data for free use of the Internet. The corporations "Yandex" and "Google", based on the analysis of data from different sources, determine the needs of users. Their earnings depend on advertising. Therefore, the choice of broadcasted ads depends on the study of the web user's requests. Facebook displays advertisements based on user profile data and on pages marked with a "like" mark.

Using the sharing buttons (repost, Pluso) allows companies to get more user data, the sale of which to advertising companies brings additional profit.

When working with the service, the user agrees with the proposed terms of use of his personal data. The services gain access to data when a user logs in or shows interest by clicking on links and marking the posts they liked.

Each Internet company provides protection of personal information of users on the Internet in different ways. Yandex encrypts the content of e-mails, the correspondent's personal data and the login used and distributes them to three points, the security of which is ensured by three groups of system administrators. To gain access to the data, the coordinated participation of three groups at once is required, which is impossible without carrying out internal procedures. An attempt to open unauthorized access to user data is automatically logged and sent to the Yandex security service.

Who needs personal information and why?

They use personal data not only for identification purposes, but also for fraud. Lack of protection of personal data provokes information leakage and falling into the hands of fraudsters. The most common are:

  • substitution of data to perform certain actions. Thanks to known personal data, you can create a fake account on a social network or conduct a fraudulent operation;
  • obtaining user financial data: credit card numbers, electronic wallets, accounts of paid online games. Knowledge of personal data is required to open access to funds;
  • deletion of personal data. The destruction of users' personal information blocks the operation of the service, and the information received is used for criminal purposes.

Not only cybercriminals use personal data. Specialists in targeted advertising are actively interested in personal data of users. The main source of information for this type of advertising is cookies, which are transmitted by the user's browser to the server of the targeting agency.

Protection of personal information

It is worth consulting the organization of personal data protection with the employees of companies specializing in the provision of services in this industry. There is also a list of general guidelines to help you protect personal information yourself.

Dual Authentication

An incomprehensible name, but this mechanism works simply. Login and password are provided with double protection:

  • a standard combination of letters and numbers, which is protected on the server;
  • a special code transmitted to the device, which is owned only by the user.

For example, after entering a password in Internet banking, an SMS with a one-time code is sent to the phone. This code is entered on the website to enter your personal account.

Secure communication

Before paying for a purchase on the Internet or performing other financial transactions, it is worth tracking the icon that appears to the left of the address bar. This icon should inform the user about working with an encrypted connection.

If the connection is not secured, it is recommended to use additional services that will redirect the user to the HTTPS version of the site.

Generating passwords

Creating a strong password is a common advice from personal data security experts. However, a self-generated password is inferior to the one generated by a specialized service. Besides, remembering it is not easy, and writing it down in a diary is not reliable.

Specialized services called password managers automatically generate complex passwords and store them on secure servers. Therefore, there is no need to memorize this combination, the service will automatically enter it in the right place. This service is provided by applications Enpass, 1Password, LastPass.

Controlling access of services to personal information

For users of iOS and Android mobile devices, the function of allowing or preventing the receipt of personal data by the application is enabled. It is only important not to be lazy and periodically check what information the downloaded application or game can access. If any suspicious requests appear, it is recommended that you refuse to install and use such an application.

Using a VPN with public Wi-Fi hotspots

When using the Internet in a hotel, at a train station or in a cafe via a Wi-Fi connection, it is recommended to turn on a VPN service that redirects traffic to its own resource, providing "clean" access that is inaccessible for illegal manipulations. Since using a password will not provide adequate protection.

Installing Licensed Software

Protection against viruses and hacker attacks on home and work PCs can only be provided by a licensed anti-virus program, which must be updated in a timely manner. Before installing programs from the Internet or registering on services with the introduction of personal data, you should carefully read the user agreement, since one of its conditions may be the processing and use of personal information.

Correctly entrust the organization of the protection of personal information to the companies providing such services. They possess special methods of information protection and will help you choose an individual security system depending on the specifics of the customer's work and typical threats. Such companies organize the protection of information in the cloud storage or on a physical server.

10.12.2020