Your devices tell a story: Everything you do online leaves a trail, but it’s not just ourselves that reveal data.
Friends, marketing companies, business and advertising agencies all hold data from your past and present behaviour and, of course, social media sites hold a vast amount of personal minutiae including birthdays, school/work gossip, photos, movies watched, songs liked, plans discussed and many more. So be aware and intelligent about the information you share online both personally and professionally.
What happens online stays online: The data we place online can easily be harvested and added to the data that others place online about us, which can lead to a very big picture – your personal attack surface.
So it’s wise to review your search privacy settings, particularly those which allow search engines and advertisers to scour your timeline & profile. As some search engines cache information, your timeline and profile preview will be available for some time.
Be mindful as well that anything already online will be archived forever even after you’ve turned public search off.
Apps & your privacy: WhatsApp is a great Facebook offering – however it has become the target of cyber criminals due to its popularity. Despite recent security updates to this app, there are still many reasons to be careful when using the service.
Did you know that when WhatsApp is installed on an Android device it requires access to other data on your phone that you may consider private?
It automatically uses your address book to add people you know, which in itself is not an issue, but this becomes a privacy issue if you consider the fact that WhatsApp defaults, unless (and then until) you change them, will show your details (profile pictures, status) to those unwanted contacts.
And ask yourself, why does the app ask for your phone number – to subscribe you to premium services or send you spam perhaps? One thing is certain: the majority of social media services aim to collect information that can be used for marketing and advertising purposes.
People, processes and technology: World-leading security technologist Bruce Schneier popularised this phrase in 1999 as a way of getting people to understand that Information Security is more than just relying on IT security systems.
If cyber criminals or fraudsters can get staff to divulge information over the phone, click on a phishing link in an email or entice staff to visit a malicious website, sometimes called a watering hole, the bad guys win!
The Threats: Threats come in many different forms. Some of the most common threats today are software attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion.
When you look at these examples of threats, it becomes apparent that in the digital age many attacks are pitted against the IT systems we use.But in most cases they are actually aimed at harming or exploiting the people behind the IT systems as well as the business processes being followed.
If it can happen to them… In November 2014, Sony Pictures Entertainment (SPE) discovered that it had been the victim of one of the worst corporate hacks in history.
Since nearly all aspects of Sony’s internal system had been compromised, the repercussions were certain to last months, even years Sony’s computers were crippled and employers were forced to regress to pen, paper and even the antiquated fax machine.
In August 2015, hackers reportedly swamped Carphone Warehouse with junk traffic as a smokescreen before breaking into systems and stealing the personal details of 2.4 million customers.
The company finally admitted that up to 90,000 customers may also have had their encrypted credit card details accessed, and customers with accounts at OneStopPhoneShop.com, e2save.com and mobiles.co.uk were also understood to have been potentially affected by the data breach.
Attacks are becoming constantly more sophisticated, and so the final piece of advice I would give is: cyber security doesn’t stand still. Just because you thought you were protected six months ago, doesn’t mean you are now.
So pay constant attention to your personal and professional digital footprint to avoid the risk of disaster.
Richard Beck is Head of Cyber Security at QA Ltd, where he is responsible for the entire cyber security portfolio. You can follow his blog at https://www.qa.com/blogs/richard-beck.
