On data protection: who says A must say B
By law of May 28, 2019, a 2016 European directive was translated into Luxembourg law, in order to guarantee high security for networks and information systems in the European Union. So what about the protection of individual data? Has the maximum been done to protect the citizen? Gaston TERNES studies the question.
In times of COVID, we are using the Internet more than usual.
It is clear that a scourge has increased considerably since the start of the pandemic: “phishing” from the English “Fishing”. This is a dishonest method to identify our sensitive data.
The statistics are shocking: only 3% of us open “SPAM” emails, i.e. advertising emails, but phishing emails are viewed by around 30%. The annual amount of damage thus created in the Benelux is currently estimated at 1 billion euros. In the first month of the Corona pandemic, there were 16,000 phishing attacks in the Netherlands, compared to only 6,000 in previous months.
The Corona pandemic is the perfect opportunity for dishonest people. The strategy is always more professional and is based on the original visual support of services that we regularly consult, the Post Office, the major distribution networks and the banks. We are invited to update our sensitive data by arguing that there is a security breach, or that a delivery is on hold because data is missing. These are just a few of the many reasons to remove sensitive data from us. Recently, these criminals took advantage of the health crisis by inviting us to transfer 50 euros for a COVID test, even though these tests are free.
All right! Banks and other institutions take care to regularly inform us about ongoing phishing attacks. We also have a very laudable initiative managed by the Government, CIRCL, the “Computer Incident Response Center Luxembourg”, which collects these dishonest attempts and supports us if we have been the victim of a fraudulent attack.
It is also true that it is difficult to trace these offenses, because the initiators hide their identity behind very sophisticated methods and because they operate from a multitude of countries, often far from us, and with legislation very different.
But are we doing enough to make life difficult for these fraudsters? My plea is as follows: we should launch a vast information campaign which indicates an easy and rapid procedure for immediately reporting a phishing attack, so that after a few seconds, an investigation is launched. So these thieves would feel a little less sure in their action.
By the law of May 28, 2019, we said “A”. It’s high time to say “B”!