There is an ongoing theme every time news breaks of another hacking, breach, or attack. Despite the impact en masse and momentary panic, the conventional response (if one is to respond at all) is generally to change a password and carry on. Recent Facebook-centric news and events highlight two major issues which demonstrably show that this laissez faire approach at privacy is no longer sufficient. These issues are the public’s willingness to share personal information freely, and the terms-of-service regarding the use of data.
One of the first lessons anybody learns when learning to use the internet is never to share personal information. We have all been offered enormous wealth and riches from a prince in exchange for a measly social security number. Common sense would dictate against posting the answers to security questions for one’s own banks or similarly data-sensitive outlets. Yet, log-in to Facebook, a brief search will show many contacts or friends and maybe you reading this have already publicly posted some answers. Between the ‘about me’ section and the manner in in which we interact with others; this publicly accessible information can be terribly revealing. A nefarious character with enough determination could deduce sensitive information. as seen by the recent events surrounding Cambridge Analytica a private page will not suffice to mitigate all the issues of a public profile. It must be noted that a private profile can be exposed to external sources as easily as a public one. Individuals must remain vigilant over the personal information they share, in addition to any questionable terms-of-service to which they might agree.
In the ever growing IOT era more products and services come hand in hand with increasingly liberal data permissions embedded in terms-of-service. Each platform and service requires their own go over with a fine-tooth comb. This is where any business would benefit from a bit of diligence. These agreements are the regularly ignored despite recurring granting excessive data access, such as the harvesting, use, and distribution of data.
Google's Terms of Service are a great example:
The TOS allows for uploaded content to Google’s services to be used by the company with few limitations. Does this mean Google's services are bad for privacy? No, it simply means users are paying a price in privacy to use Google's 'free' services.
As studies have shown, nearly half of people who find a random thumb drive plug it in; the majority of that population will open up files on said thumb drive - whatever reason it may be which motivates them. There is an over reliance in false securities such as the belief amongst many that a Mac cannot be susceptible to cyber attacks. We must look to a legitimate security practices in order to retain our digital privacy.
The best approach to security is one of a holistic nature, whereby all aspects are factors in a strong defense. Former
CEO of LifeLock Todd Davis challenged others to steal his identity after advertising his social security number, and was successfully targeted thirteen times over the span of a year. Any vulnerability in one’s digital identity can be crippling to personal privacy, as Todd Davis quickly learned.
The idea of advertising private and sensitive information seems like a no-brainer, obvious to say the least. Yet, businesses consistently open themselves up to threats be that through external and internal security or accepting questionable terms-of-service.
So what? Is this merely an attempt at fear-mongering? No, friend, this is simply a reminder. Security starts with awareness. In order to secure your data, identity, and privacy, you will need to be aware of what you have shared, and with whom. Take the time to understand these things, and you will find yourself or your organization much better prepared to face the ongoing landscape of cyberattacks.