The mass hack of German politicians shows that data protection is a race between attackers and the attacked. End users are not defenseless, however, says DW's Konstantin Klein.
There they are again — the images the media use to depict data hacks: Anonymous men, usually wearing hoodies, sitting in poorly lit rooms in front of magically illuminated computer screens full of indecipherable symbols. It's them. They are the ones responsible for data leaks and hacks, and we are completely defenseless against it. At least that's the message those images send.
The truth is, however, that they aren't and we aren't. We no longer live in a world of amateur hacker meetings in stuffy basements. What we are dealing with today is a well-established data espionage industry.
Data vulnerabilities are systematically sought out, analyzed to the tiniest detail and exploited mercilessly. One of those vulnerabilities — and certainly not the smallest of them — is the users themselves, namely, the user who complains that his or her data were stolen or leaked.
Protecting data — the gold of the 21st century — is a never-ending race between attackers and the attacked. In terms of technical know-how, the distance between the two is slim. Both sides seem to be similarly aware of the strengths and weaknesses of today's data technologies.
When confidential or personal information nevertheless becomes public, it is often because the attacked simply did not know enough about how to protect their data — or perhaps found the possibilities for doing so too tedious.
But it isn't all that difficult to protect your data. The easiest way is simply not to create so much of it — although that is easier said than done in an age in which everyone carries a smartphone that is constantly collecting information. Still, it would be a step in the right direction if we would only give our data to those who expressly value data protection and security, and have the means to prove it.
Protection starts with behavior
When it comes to storing information, don't simply store your data in the next best cloud. Use providers that abide by European Union data protection policy.
The only data that should be unencrypted are the photos of family, vacations and pets that you want to be able to share with your relatives — everything else should be encrypted. These days there are a number of easy-to-use options that allow you to do just that, often offered directly by cloud storage providers. The only thing you need to do is remember an extra password to decrypt the data.
In the future, encrypted message services such as Signal or Threema are going to be the preferred way to communicate safely, rather than by email, which is unsafe by design. By the way, Facebook and WhatsApp groups aren't secure either — just ask any left- or right-wing extremist whose online activity is being monitored by state authorities.
Lastly, it is time to close the most vulnerable loophole of all – people's own behavior, or gullibility, to be precise. No matter how credible an email may look, a sensible person simply doesn't open questionable mail attachments or links.
Learn from professionals
Incidentally, the fact that companies that employ IT security staff forbid employees from using certain services at work or on their company computers does not mean they are technophobic killjoys. That staff is responsible for knowing about potential risks and protecting the company's data from them. Even if chat or cloud services from other providers may seem far simpler than those allowed by the company, keep your hands off when it comes to professional data! That also goes for politicians.
Read more: 'Thousands' of EU diplomatic cables hacked
You can even learn a thing or two about how to protect personal data by listening to those IT professionals. None of this is new. The only thing revelations about embarrassing data leaks illustrate is that the problem of data protection is still not being taken seriously enough, even in the year 2019.