For the user, the danger on the Internet lies not only in attacks, denials of service or hacks, but often in the actions of the user himself.
Such a danger can be called vulnerable passwords, incorrectly set permissions on files and folders, as well as trading accounts and simply transferring information from your profile to friends.
Therefore, you need to be able to maintain the security and confidentiality of data, as well as hide your true logins and passwords. Federal Law No. 152-FZ acts as the main law on personal data in the Russian Federation.
What is personal data? These are passport data, logins, passwords, credit card data, e-wallet data, as well as other data that users use more than once when shopping online, as well as when registering on Internet sites.
Personal data (PD) is processed by operators of personal data - organizations that contain and process personal data of users for a specific purpose. For example, this can be the provision of Internet access or the provision of hosting services.
The operator of personal data is obliged to strictly follow Federal Law 152-FZ, not to transfer personal data to third parties, and also to destroy them in the manner prescribed by the documentation. In order for personal data not to fall into the wrong hands, you need to follow simple recommendations.
- Do not give users original data (login and password). Better come up with others, specifically to grant access to this user, and limited in authority.
- Do not sell accounts (most often this happens with Steam accounts), although the sale and transfer of accounts is strictly prohibited by the very rules of Steam. The sold account is dependent on the user and cannot be serviced.
- Set the correct permissions for files and folders on the hosting and VPS. Typically, file permissions are set to 644. For directories, 755. For writing to files, permissions are set to 666.
These three points are simple, but they are the ones most often violated. To these should be added the fact that it is also necessary to regularly install fresh software updates released by its developers. By the way, for the operator of personal data, the issue of server security is more important than the entire reputation of the company, since when such a server is hacked, an attacker can get not only logins and passwords, but also credit card accounts, scanned copies of passports, and so on.
Fortunately, in the Russian Federation, the procedure for storing personal data is strictly controlled by the regulations and the aforementioned Law 152-FZ. Therefore, we all need not worry about our data, but we must very strictly control our own logins with passwords and not give them in their original form.
