Data Protection Academy » Data Protection Wiki » Practical measures for data security
Practical measures for data security
If data protection is about the protection of personal data.Data security or IT security is intended to protect general data. When protecting the totality of all data of an organization, it is therefore necessary to address both the issue of Data protection and data security on a regular basis.
At best, the IT security officer regularly analyses the protection of your organisation's data together with the data protection officer and puts together corresponding practical data security measures for more data protection. Often, data protection officers also have certification as IT security officers.
Concrete measures for the technical protection of non-personal data can look very different. For example, technical and organizational measures (TOMs) specify different types of controls. TOMs also play a role in the General Data Protection Regulation play an important role and are defined in more detail in the text of the law.
How is the topic of data security integrated into the basic data protection regulation?
The specifications for the "security of processing" can be found in Article 5(1)(f) GDPR, in Article 32 GDPR and in the Recital 78 GDPR. However, in Article 32 GDPR few concrete measures have been identified. More detailed information is provided in Article 32 GDPR on the subject only pseudonymisation and encryption. For this reason, the following answers basic questions about technical security measures for more data protection.
What is two-factor authentication?
With two-factor authentication, often also called two-factor authentication, the user proves his identity by combining two different and independent components. Authentication is only successful if both factors are used together. They must always be transmitted through separate transmission channels. Common examples are bank card plus PIN at ATMs, fingerprint plus access code in buildings and passphrase and TAN in online banking. Other examples of factors are security tokens, physical keys, passwords, iris recognition and voice. For security-critical applications, the BSI (Federal Office for Information Security) recommends two-factor authentication.
How can I determine whether an account or computer has been hacked?
There are many signs that your own account or computer has been hacked. Obvious signs are fake warnings from the virus scanner, new toolbars in the browser, random pop-up windows on websites not known to be hacked, and installation processes that start from scratch. It is also suspicious when a password suddenly changes. In most cases, the user has previously been taken in by a phishing e-mail that asks him to renew his password. Even if the mouse pointer jumps uncontrollably across the screen and performs actions, the computer has been compromised.
IT attacks can also lead to tangible economic disadvantages, so that one notices that one has become a victim of cyber criminals. This applies to the case when money is suddenly missing from your bank account, but also to unexpected reminders for unpaid goods purchased in your name.
How do you create strong passwords and keep them safe?
A secure password should be at least eight characters long and contain letters (upper and lower case), numbers and special characters in the middle like /[(%&§$_:?!+#)]. Avoid rows of numbers or letters. Likewise, names and dates of birth of you or your environment should be taboo. Instead, create individual passwords based, for example, on a personal memo. Furthermore, you must handle login data carefully to prevent data theft. Last but not least: Use a new password for each registration. If one password is cracked, other accesses will then remain protected.
Software can also be helpful: Password generators can generate a password online according to your specifications. As a reminder, safe programs are used to store all your passwords, of which active users easily have dozens. Access is granted by a master password.
External Data Protection Officer
You are welcome to contact us as external data protection officer (DPO) order. We also offer individual consulting services as well as audits and will be happy to provide you with a non-binding offer. You can find more information about our external data protection officers on our website.
What is the difference between http and https?
A lock in the browser window and https instead of http indicate that the website is https-encrypted and therefore more secure than one based only on http (Hypertext Transfer Protocol). The "s" stands for secure. It is the additional encrypting transport layer TLS between web server and browser. Third parties can then not intercept the traffic on the way from the user to the website. An SSL certificate must be installed on the web server for this purpose.
On the one hand, the general increase in the use of https is to be welcomed; on the other hand, more than half of all phishing sites now show the lock symbol in the browser bar. Anyone who relies on this can therefore become the victim of fraudsters. Many browser manufacturers are therefore now abolishing this symbol. Users must be vigilant themselves to detect phishing sites and other attempts at fraud on the net.
What is end-to-end encryption for email?
With end-to-end encryption, transmitted data is encrypted across all participating transmission stations up to the recipient. It works according to the key-lock principle: the sender's message is provided with a lock and can only be opened by the key of the desired recipient. All other instances, such as the provider of the communications service, telecommunications or the Internet provider, cannot access the message. Therefore the security of this type of encryption is very high, because without the secret key no text can be decrypted. The counterpart to end-to-end encryption is point-to-point encryption or line encryption: Here, the messages can be available in plain text at the transmitting stations and can be viewed by attackers. It is therefore important to make sure that the software and devices used work with end-to-end encryption.
No security system will save you from the rising incidents of cybercrime. Watch out for signs that your computer or data has been compromised. Much of the damage can be prevented by keeping your software and security programs up to date, not running questionable programs, not falling for spam, and regularly validating and optimizing data security measures for greater privacy.
- Data protection officers report from the field - March 26, 2020
- Data protection and data security while working from home - March 26, 2020
- Use of social networks by public authorities - March 9, 2020