Data Privacy Day: Where Has Privacy Gone, and Will We Ever Get it Back?

The end of privacy as we know it is closer than you may think.  Privacy definitions are very different between nations and cultures, but one commonality is that privacy is becoming less of an option for most citizens.

In the coming years, we will see major head-to-head debates between governments and citizens. Governments don’t like not being able to spy on or monitor people, and encryption is making it more difficult for governments to gather intelligence on the activities of other nations’ foes or allies for political advantage, economic advantage or espionage.

In public, almost everyone is being watched and monitored 24/7.  Thousands of cameras use your expressions, fashion, walk, directions, interactions and speech to determine what you need, what you might be thinking, who you are going to meet and who is nearby. Algorithms can determine what your next action might be. All of this is to help provide a custom experience—unique to everyone—as well as to predict and prevent security threats. The term, “If you have nothing to hide you have nothing to fear,” is becoming reality, and privacy will continue to disappear in 2018.

We’re getting to the stage where real life mimics the movie “The Circle,” in which governments, cybercriminals and hackers all are watching and monitoring you everywhere you go. You may think you’re retaining a certain level of privacy, but someone near you is taking pictures of you and someone near you is scanning the networks and devices you’re using.

So, even though you may think you are private, the people and social network around you will determine your privacy, not you.

Compared to the past, we’ve lost all control over the level of privacy we have. For example, if you’re using an Amazon Echo device, your voice is being continuously recorded. You’re being recorded by devices that have cameras, 24/7. So the only area where privacy exists today is in your own mind.

Privacy Today is Maintained by What’s Between Your Ears—but Not for Long

In the future, governments, cybercriminals and hackers won’t be looking just at the data on your phone, they’ll also be reading your mind. Technology exists today to do that, so eventually even our thoughts won’t be private anymore. Now, you could decide, in defense, to run around wearing a tinfoil hat, but it’s more likely you’ll create a place in your home akin to a hurricane shelter that’s instead a privacy shelter.

Technology alone can’t protect your identity or your sensitive information. Hackers and other threat actors target humans, seeking ways to trick them into giving up vital information unknowingly. They do this because it’s the easiest way to get at valuable data in a process known as social engineering. So, it’s not surprising that exploited humans are the weakest link in the cybersecurity chain, and yet the best hope for preventing a cybersecurity disaster.

Remember, you are the front line in the battle to keep information secure. Attacks rely on your goodwill and trust to succeed, so you must become more personally responsible in how you manage your information, even though this can be tiring.

Best Practice Tips for Data Privacy Day

Instead of wearing a tinfoil hat or spending most of your time in your privacy shelter, here are some tips that will help you improve your privacy without going to the extreme. They can be easily implemented right away.

  1. Limit personal identifiable information on social media: Whether you are about to create a new social media account, or you already have an existing account, enter only the basic information required to get the account activated. Avoid providing excessive information that could put you at risk. Many social media services will tempt you to add more information like date of birth, home address, location details and mobile numbers to make it easier for other people to find you, but in fact this increases your cybersecurity risk, and cyber criminals can often find this information. If you have already added this information set it to hidden or remove it from your profile.
  2. Enable privacy settings and increase the default security settings: Many social networks are open by default, privacy is basic or turned off and security is optional. Review what privacy and security options are available and enable them. Make your account less visible and make sure the security is sufficient for the data or services you plan to use the account for. If multi-factor authentication is available, use it. I prefer using an authenticator application such as Google, Microsoft, Symantec or Authy instead of SMS. Enable alerts and notifications on your accounts so you are warned of any suspicious activity and also when someone attempts to tag you.
  3. Use $tr0ng3r passwords and change them often: When choosing a password make it strong and unique to that account, and change it often. The average age of a social password today is years, and social media platforms seldom remind you how old your password is, how weak it is, or when it’s time to change it.  Protecting your account is your responsibility, so protect it wisely.
    If you have many accounts and passwords, use an enterprise password and privileged account vault to make it easy to manage and secure them. Never use the same password multiple times. A password manager helps track the age of each password, lets you know what additional security controls have been applied and helps generate complex passwords for all your accounts so you won’t have to type or remember them. You only need to remember one strong password, which reduces your cyber fatigue and makes your life both easier and more secure.
  4. Do not use social logins, and limit use of application passwords: Where possible, use unique accounts rather than logging in via a social login. If the social login gets compromised it means that cybercriminals could cascade to all the accounts using that social login.
  5. Limit what you do over Public Wi-Fi, and use the following best practices: Don’t use a public Wi-Fi network without a VPN. Rather, use your cell network (3G/4G/LTE) when security is important. When using public Wi-Fi, ask the vendor for the correct name of the Wi-Fi access point and establish that it has security before logging in. It is common for hackers to publish their own Wi-Fi SID with similar names.
    Disable the “Auto Connect Wi-Fi” or enable “Ask to Join Networks” on your device. Hackers will use Wi-Fi access points with common names like “airport” or “cafe” so your device will auto connect without your knowledge. Do not elect to remember the Wi-Fi network.
    Use the latest web browsers as they have improved security for fake websites. This prevents someone from hosting their own website versions, such as Facebook, waiting for you to enter your credentials.
    Do not click on suspicious links—even via social chats—such as videos that have your photo, and beware of advertisements that could direct you to compromised websites. Use a least privileged user or standard user while browsing, as this will significantly reduce the possibility of installing malicious malware.
    Use a VPN service. Always assume someone is monitoring your data over public Wi-Fi. Do not access sensitive data such as financial information over public Wi-Fi. Do not change your passwords and beware of entering credentials while using public Wi-Fi.  If you have a mobile device with a personal hotspot function, use this over public Wi-Fi where possible.
  6. Limit on how often you like a status post, follow a page or allow an application to access your social media profile: When using social media on a daily basis be aware of the risks of liking and following pages or allowing different applications to access your profile. Once access is granted, most people don’t practice the good cyberhygiene required to clean up when the access is no longer required. Be aware that the information you provide is shared and unless you revoke it the application will continue to have access to your profile data—your name, email, address, likes and friends, etc. On occasion, go into your account and review what you have approved. Revoke any access that is no longer required.
  7. Beware of emails containing images, links and attachments—proceed with caution: To capture information about what device and browser you use, your software versions, patch levels and more, hackers send you an HTML email containing a tiny image. Simply clicking on this email will download the image into your email client automatically by default unless you change your settings. And in downloading that image, you share information that hackers can use to exploit your systems.
    To prevent sharing information about your device and location, disable automatic image downloads in your email client. That way you control when to download images from incoming email.
  8. Before clicking stop and think. Ask, “Is this expected, valid and trusted?” We are a society of clickers; we like to click on things like hyperlinks. Always be cautious of receiving a message with a hyperlink, and ask yourself if the message was expected. Do you know the person who is sending it? If necessary, ask the person if they actually sent you a message before clicking on something which might be malware, ransomware, a remote access tool or something that could steal or access your data. Nearly 30 percent of people will click on malicious links. We all need to be more aware and cautious. Before clicking, stop and think.
Sponsored Content
Upcoming Webinar
Seven Deadly Saves To Security With Integrations

Seven Deadly Saves To Security With Integrations

As software increasingly plays a critical role in how leaders run businesses, we are seeing that organizations want more software produced faster while at the same time protecting themselves against cyber attackers who are finding software a more attractive target to explore. For security professionals, this expanded and more complex ... Read More
March 1, 2018
Joseph Carson

Joseph Carson

Joseph Carson is a cyber security professional with more than 20 years’ experience in enterprise security & infrastructure. Currently, Carson is the Chief Security Scientist at Thycotic. He is an active member of the cyber security community and a Certified Information Systems Security Professional (CISSP).

josephcarson has 2 posts and counting.See all posts by josephcarson

One thought on “Data Privacy Day: Where Has Privacy Gone, and Will We Ever Get it Back?

  • January 25, 2018 at 4:48 am
    Permalink

    I am happy to share a new and agile app keeping user’s phone activity non-existing. It’s called Phantom.me and it’s available for Android users.

Comments are closed.