Yubico: Data Protection Day raise awareness for secure data practicves
January 2024 by Yubico
Data Protection Day (28th January) aims to raise awareness around the importance of effectively managing and protecting personal data. Today, personal data, such as an individual’s name, number, and email address is processed every second and needs to be adequately protected. With the rise of phishing scams in which cyber criminals steal personal data, it is important for organisations and individuals to recognise the signs of these attacks and take the necessary precautions to prevent the risk of data theft.
Niall McConachie, regional director (UK & Ireland) at Yubico, comments on how organisations and individuals can improve their data security practices with passwordless authentication:
“Phishing remains the most prevalent attack method due to its relatively low cost and high success rate, and the advancements of AI now only furthers this problem. Unfortunately, organisations aren’t doing enough to upgrade the cybersecurity tools and methods used to protect their staff and customers. As the rate of sophisticated phishing attacks continues to rise, Data Protection Day highlights the critical need for modern, phishing-resistant authentication from businesses and individuals to stay secure.
“It’s clear that traditional username and passwords are no longer sufficient for keeping data secure – but they unfortunately remain one of the most widely used forms of authentication globally. In fact, recent research** has found that 53 percent of employees still use usernames and passwords to authenticate business accounts, putting not only their personal data at risk of phishing attempts but also their organisations’. This can lead to significant reputational and financial damage.
“Basic username and password authentication alone is too easy for attackers to circumvent, allowing unauthorised access to online accounts and personal data. Once a password is stolen, cyber criminals can successfully bypass many forms of legacy multi-factor authentication (MFA) such as SMS-based one-time passcodes (OTPs).
“Reliable protection from modern cyber threats requires modern, phishing-resistant MFA such as hardware security keys, which can stop attacks by requiring something you know (a pin) and something you have (a security key) to insert into the device and physically touch it to gain access to accounts. Using this method of authentication is key in protecting personal data from attacks like phishing.”