The Misconception of Privacy and Cybersecurity
Every day it seems like there is another alarming headline about a company’s gross misuse of user data or a full on data breach. But what do these cybersecurity issues mean for you as an individual or your small business? You have all your social media accounts set to private and you are diligent about only sharing information with people you know and companies you trust. Surely your digital life is still somewhat private and secure, right?
Consider following scenario – You hear a troubling noise coming from the right front wheel on your trusty Toyota Corolla. Whenever you pull up to a stop sign, the car rattles and makes a clinking sound.
You dread the process of finding a credible mechanic. After some online searching and browsing Yelp reviews, you select Billy’s Best Auto Repair. You visit the shop and discuss the sound with a helpful employee named Kevin. Then you leave your car with them and head to a coffee shop while you wait for the repairs to be made.
On your return, Kevin explains the sound was just a loose part and that there will be no charge. You sign the invoice for $0. You are immediately relieved and thankful enough to leave a glowing five-star review on Google.
What you don’t know however is that Kevin installed a tracker in your car.
He read and made copies of every piece of documentation in your car – you had your day planner in the front seat and a receipt from the burger joint you ate at the night before on the floorboard. He also installed a recording device and can now hear everything you say in the car.
Kevin now knows what you are saying (and singing) in your car and where you are going at all times. He also knows that your sister’s birthday is May 18, your best friend is having a baby and you are taking a trip to Chicago in the fall thanks to the dates in your planner.
You eventually start suspecting something is wrong when you receive emails about special deals from Billy’s Burgers and discounts on baby shower decorations from Billy’s Party Supplies.
You figure it out and you are understandably upset. Clearly this is a violation of your privacy and should be illegal.
But here is the catch, you agreed to this yourself when you signed the invoice Kevin gave you.
This scenario be completely fictional, but every one of us has at some point signed a binding contract with a “Kevin.” Whether it was with credit agencies, web service providers, online retailers or others, companies have been trying to get more and more personal consumer information into their databases so they can better understand how to get their product in front of the right customers. The internet has only made this process easier
The reality of privacy online in 2018.
Consumers willingly handover personal information to get access to free services, apps and special offers. Every transaction, every chat, picture, musing, check-in and arrival is in a database. This data ready to be spliced, boxed, categorized, shipped and utilized to sell us a product, suggest a service or even influence our political leanings.
Yet, we somehow still believe in the illusion of digital privacy.
The information is already in the databases being eagerly reviewed, analyzed and then used against us to influence our behaviors. Now imagine if all that data was public and available for much more sinister use than trying to convince you to go see the latest Marvel movie or drink Pepsi instead of Coke.
What does this mean for cybersecurity?
What we are seeing at 360 Smart Networks is a slow but definite shift in the methodology used by cyber criminals. Like most businesses, they are becoming more and more sophisticated over time. The scatter-gun approach they used to leverage back in the good old days of the ILOVEYOU virus is being replaced by a much more targeted approach.
Now, the same methodologies being used to market products and services to you digitally are now being used by cyber criminals to attack specific industries, companies and individuals.
Our society plunged head first into a world of social media, search engines and online shopping with the misguided expectation that we had still had some bit of privacy. This careless approach to what we put online is now having legal, ethical and criminal repercussions.
What can we do?
The only realistic path forward is to be aware of what is happening and what we can do in both our personal and professional lives to try and lessen the risks.
As both professionals and consumers, we need to understand that when it comes to cyber security everything we thought was private is no more. The Equifax breach in 2017 was immense and incredibly dangerous, and won’t be the last of it’s kind.
What individuals should remember when it comes to online privacy.
Remember that someone or something is reading everything you email, message, upload and post. A healthy bit of suspicion should guide your actions on-line. Think before you share personal details about your life and what you are doing on a daily basis. Make sure to read the privacy settings on your accounts carefully to understand what data you agreeing to share. Update your passwords regularly, never use the same password for different websites and avoid publicly sharing information you would use as a security question.
What businesses should remember when it comes to data security for your company.
Business owners need to offer cybersecurity training to employees to help them identify common sources of cyber attacks. Companies should also be working with a reputable IT professionals that can provide multi-layered security solutions including backup and disaster recovery. It’s also important to run a risk mitigation exercise to help fully understand the scope of your security requirements. Remember that no product or vendor can do your risk management alone.
The best cybersecurity tool you have sits between your ears. It is a machine that has been honed through millennia to keep us safe and prosperous.