Knowing that a tomato is a fruit is knowledge – not adding it to a fruit salad is wisdom. Similarly, having knowledge about privacy and security is good, but true wisdom is knowing that they are vastly different from each other. While both, to some extent, revolve around the protection of your personal, public and corporate data, they are still not the same.

The TL;DR version is yes. To put it simply, privacy means taking steps to keep your data away from the reach of unauthorized individuals. Security means keeping your data protected against illegal attempts to access or corrupt it.

What Do We Know About Privacy?

We will be discussing privacy first because it is more fragile and vulnerable than security.

Privacy, AKA secrecy, is the fundamental right of every human. Of course, you don’t want anyone peeping into your life without your consent. You surely never want anyone monitoring your activities online or offline.

What is personal to you should forever remain exclusive for your eyes or use only. However, at times, it isn’t limited to your private life anymore, especially when your job is to keep the confidentiality of other people’s personal information. Take, for instance, government agents or bank accountants, to name a few. (More on it under Public Privacy)

All in all, privacy is all about having the sole authority over your personal information and how you want to control it. We can further breakdown privacy into:

Personal Privacy

As the name suggests, everything that falls under the “sensitive” umbrella is your personal privacy. For instance, your credit card details, contact number, email accounts, and bank credentials and Social Security Number, to name a few.

Public Privacy

Public privacy is something that isn’t limited to your privacy. On the contrary, you are liable for the protection of other people’s personal or sensitive information. However, you only come under this responsibility when you are in a profession where you are required to handle other people’s data and protect it against unlawful access.

Corporate Data Privacy

Corporate data comprises not only the sensitive data of the customers but also the patented data and other confidential documents.

Let’s Get Down to Security

Security is a self-defining term that means protection. It defines a state of defense against veiled threats, such as a home or office security against burglaries or thefts. Similarly, when we say online security, what we mean by that is a safeguard against potential cyber threats.

Security serves the noble purpose of keeping the confidentiality (privacy) and integrity of data, which may or may not include personal data, corporate patents, etc.

According to 2018 cybercrime statistics, cybercriminals make 10-15 percent more than what they can earn from traditional crimes. Perhaps this is the reason why we are now seeing a significant spike in cybercrimes in the recent years.

Although online security doesn’t promise 100 percent prevention against all cybercrimes, it allows us to take preventive measures that could minimize the chances of potential data breaches.

We Need Security Against

Though there are hordes of cyber threats against which we need strict security measures, I am outlining some primary online threats:

Malware

It stands for malicious software. Malware is the most effective weapon in any cybercriminal’s arsenal. These malicious tools are used for infiltrating a target’s system or device to steal information, damage the system, modify or delete data, etc.

Symantec reported that the malware variants were up by 88 percent in 2017. Since they are effective weapons, malware is the most common type o f tool that cybercriminals deploy for various attacks such as DDoS or ransomware attacks.

DDoS

Distributed denial-of-service (DDoS) attacks are carried out to paralyze the target machine so that it is inaccessible to legitimate users. The attacker first creates a malicious botnet by infecting vulnerable systems on a node or network. The attacker then orders the botnet to keep sending requests to the target server. Due to the continuous requests, the server fails to manage the massive volume of traffic and thus goes offline for the time being.

In 2016, Dyn, a renowned DNS provider, was hit by one of the most massive DDoS attacks in history with the attack strength of 1.2 terabits per second.

Phishing

Have you ever received emails congratulating you on winning an inheritance from a dying lady? Well, it is one of the oldest yet effective techniques in any cybercriminals’ book to lure you into their net. Phishing attacks aren’t limited to fake emails but bogus websites and text messages. Phishing attacks are used primarily for stealing personal or financial details of the targets.

It has been reported that the average cost of phishing attacks that mid-size companies have to bear is $1.6 million.

Ransomware

Ransomware is a sophisticated class of malware that restricts a user’s access to their information. Victims are demanded to pay a ransom to the attacker to regain access. One of the most common ways to infect a target system with ransomware is via phishing attacks.

Cybersecurity Ventures reports that the ransomware will amount to damages worth $11.5 billion by 2019.

Top Preventive Measures for Privacy & Security

Now that we have drawn a clear line between security and privacy, all that remains is the precautionary tactics we need to employ to protect our privacy and avoid security breaches.

For starters, it is recommended to only trust businesses or services that value their customers’ privacy and use state-of-the-art measures to protect their data. Secondly, as an individual, we have the responsibility to take the necessary steps to protect not just our rights (privacy) but also our data against unauthorized access.

What follows are the steps we should take to ensure our privacy and security:

Sharing personal information has become a thing in the age of social media. However, it is the very aspect that has been putting people’s privacy at serious risk. Therefore, limit what you disclose online and even offline. It also includes adjusting your social profiles’ privacy settings to private. Never click links in emails from recipients that you don’t know. Most of these emails are part of phishing attacks and thus contain links that are malicious. Always keep your devices protected. If the device is protected itself, it will make it harder for anyone to penetrate its security walls and infect it with malicious tools. I would also recommend using a virtual private network. Since VPN uses encrypted servers, they make it impossible for any cybercriminals to steal your data even if the device is compromised. Never connect to public Wi-Fi because they lack security measures and are prone to security breaches. When buying a product online or subscribing to a service, read the ToS and Privacy Policy to check what sort of information they collect and how do they use it. For EU users, it is recommended to work with services that are GDPR-compliant.

It All Boils Down to…

Privacy and security are now some of the important parts of our life as they are connected to our personal and financial well-being. Since it is the age of the Internet, which is something that we cannot live without, it is impossible for us to gain complete control over how our data is used.

However, what we can do on our part is to go about with our online activities in a cautious way and apply the best measures to protect our privacy and ensure our security.

About the Author: Anas Baig is a cyber security journalist who covers cyber security & tech news. A computer science graduate specializing in internet security, science, and technology, he is a security professional and a writer with a passion for robots, IoT devices, and cars. Follow him on Twitter @anasbaigdm or email him directly by clicking here.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.