Monday Author: Susanne Skinner
“We don’t know what we have, we don’t know what we don’t have, and we don’t know where any of it is.” ~ Anonymous
Data breaches are the intentional or unintentional release of secure, private or confidential information to a non-secure or unverified environment. By breach I mean you think data—your data—is protected and, surprise–it’s not.
People believe their information is confidential just because it belongs to them. That misconception, along with the fact that said information is stored on the internet or in the cloud, places them at risk of data breaches. These entities operate under their own rules. Sometimes there are no rules.
Smart people (like us) take big risks with personal and corporate data without realizing it. The question of data breaches has become not one of if, but when.
I Did Not See That Coming
You and I trust the internet and cloud to protect and store our stuff. We store finance documents, business papers, photos and just about anything else you can think of “out there.” Nobody uses paper files, email or USB flash drives to send, store or share information anymore.
We rely on technology for everything. Look around you—it’s in your car, your phone and your house. Data controls your heat, your water meter, your refrigerator, and your wake-up calls. It can order pizza for you, pay your bills, advise you what to wear, and remind you of upcoming appointments.
A New Normal
It’s the new normal and we depend on it to run our lives; communicating, exchanging and storing information. We live in the cloud, making all of us a risk for a security breach, and the majority of us believe “it will never happen to me.”
Recent events proved us wrong. Major data breaches like Equifax, which exposed 145.5 million people to identity theft, showed the world how easy it is to steal information. The media hype created a renewed sense of urgency around data protection.
It’s not what you think it is. Social Engineering is the art of manipulating people so they give up confidential information. Individuals are targeted and tricked into giving up passwords, bank information, and even computer access. Once acquired, it’s easy to install malware or ransomware. It’s the non-technical cracking of information security for the sole purpose of committing fraud.
Social Engineering is the equivalent of information dumpster diving. It is as simple as going through the trash of a homeowner or an organization for discarded information that will be used to steal your identity. Social engineering is dangerous because it targets humans, the most vulnerable of all data repositories.
When it comes to trash, protect yourself. Don’t hoard. Keep only the data you need. Archive or destroy older data,and remove it from your computers and devices (smart phones, laptops, tablets, flash drives.) Use a cross-cut shredder or shredding service to dispose of paper files.
We Don’t Know What We Don’t Know
Current legislature regarding information privacy is made up of good intentions; however not much is legally binding. Data protection laws are unable to keep up with the speed of technology and they are full of loopholes.
Most Americans believe the government will protect them, but you’d be surprised how little legislation exists at the national level. There are protections regarding health and financial data. For the most part, however, privacy laws are based on interpretations of the Fourth Amendment, which regulates intrusions by the government, not commercial entities.
Adults aren’t the only ones at risk. Children’s identities are prime targets for digital thieves. Their Social Security numbers are valuable because they are clean. No debt, credit cards, or loans means they can be exploited for thousands of dollars before anyone finds out.
The Keys to the Kingdom
You know this. You’ve heard it hundreds of times. Ninety percent of all passwords can be cracked in a matter of seconds. Yet we continue ignore this fact, including yours truly. Data breaches happen because you have created an easy-to- remember password. I do this because I am afraid I will forget it or do the unthinkable and write it down. Re-using that easy password for other services like Facebook, LinkedIn, and iCloud storage is like handing a hacker the keys to your data kingdom. Step up your game and use a password manager like 1Password or LastPass and secondary authentication.
The first step to secure computing is knowing what behaviors place your data at risk. Limit your on-line exposure. One easy way is to STOP STOP STOP filling out those surveys and quizzes that pop up on social media.
Each time you decide to find out your Game of Thrones name, how old you will be when you die or what color your emotions are you scatter digital dust. These quizzes are about far more than enlightening or entertaining you. The average person fails to recognize or understand what privacy rights he or she is actually giving up by responding.
Your answers are like fingerprints. They can trace you, troll you and physically find you. They target you for advertising and follow you long after you have clicked away from the site.
Data Breaches: They Can See You
Welcome to a world where Google knows where and what you buy, how often your posts are liked, who your friends are and any porn sites you’ve visited.
Your cell phone company also knows where you are. Your conversations are no longer private since most of them are conducted by email, text, or social networking. Every piece of data you create is stored. Delete doesn’t exist in cyberspace.
Everything you do or have ever done on a computer is saved, studied, and shared; without your knowledge or consent. Even the government can access it without a warrant.
Cyberattacks are becoming more frequent and the best defense is still a good offense. Be informed,and be careful out there.