The ever-growing use of social media and mobile devices by everyone has opened easy gateways for cyber criminals to steal personal information, identities and money. Individuals are making it even easier for them by sharing too much online. This is according to Charl Ueckermann, CEO of AVeS Cyber Security.
“Information has become more valuable than oil, making it big business. Here we are talking about the average Joe’s information. Any person with an online presence or some money in the bank has personal information worth taking,” he says, adding that the global data economy is estimated to be worth more than US$3 trillion (1), while the total revenue for the oil and gas drilling sector was U$2 trillion in 2017. (2)
“Cyber criminals are using social media platforms as spam and phishing tools, and to spy on users. In the wrong hands, your personal information can be used against you. Users have had their accounts hacked and cloned, allowing hackers to distribute spam and other offensive content, as well as to scam users out of money. Worse still, they can steal your identity. In essence, anyone’s business is their business.”
Ueckermann describes the trend to get tagged and liked on social platforms, and the compulsion to overshare online, as dangerous addictions. When done without forethought to privacy, people put themselves, and anyone connected to them online, at risk.
“Your Internet presence, if you don’t manage it carefully, can cause you some trouble," he warns. "Social media and the Internet have become a reflection of real life, and everyone can have access to you and your whereabouts. Your real-life audience is controlled and small in comparison to your online presence if not set up with caution.
"Whatever you share publicly is in the public domain, which means anyone can see it. They can see where you have been, what your interests are, who you are friends with, where you work, your contact details, what you look like, and so much more. This is personal information, your information, and it is valuable to cyber criminals, because the more information they have about you, the easier it becomes to impersonate you.”
The protection of personally identifiable information (PII) is becoming an obligation, with pieces of privacy legislation being promulgated, such as POPI in South Africa, the GDPR in the European Union and the Information Protection Act in the United Kingdom. There is an onus on companies to protect the information they store about their customers. Think about banks, which must store bank account numbers; medical aid companies, which must keep personal and medical information safe; and governmental organisations that must keep ID numbers on file.
“Yet individuals are putting their personal information into the public domain every day. Thanks to Google, Facebook and other information platforms that have monetised the information they have retrieved from users, we have become more aware of our privacy. But most people are not aware enough, and they are not doing much to protect their privacy,” says Ueckermann.
So, what should Internet and social media users be doing to protect their information?
Ueckermann says that any PII should be kept private by default and shared with discretion. This includes contact numbers, ID numbers, home addresses and e-mail addresses.
“Start by checking your privacy settings on the social media platforms that you use, so that only your ‘friends’ and contacts have access to what you share. Screen the people you allow onto your social media profiles. If you don’t know them, should they really be able to see your life and your personal information?
“Secondly, watch what you share. Always think about what you share and how that information could be used against you if it landed in the wrong hands. Social engineering cyber criminals can often get your personal information with just a few data points, so the less you share publicly, the better.
“Thirdly, always use the most updated versions of social media apps and lock down your login by using authentication tools and not only usernames and passwords. Use complex passwords with a mix of lower and uppercase letters, numbers and symbols. Never use the same password across your social media accounts. Keep your passwords and usernames private.
“You should also install Internet security software and anti-spyware on the devices that you use to browse the Internet and connect with people online. This includes your smartphone and tablets. Make sure that these tools are regularly updated to protect your devices against intrusions and infections.
“Lastly, be wary about entering credit card and banking details on Web sites. Always make sure that the URL at the top of the page begins with https. The ‘s’ stands for secure. If there is no ‘s’, do not enter payment details on the Web site.”
Ueckermann concludes: “In this highly connected, digital world, it is unrealistic to say that people should not connect, share, transact and engage online. It is the way of the world. However, there is such a thing as oversharing, and there are common-sense limits to the type of information you should put into the public domain. Always think: ‘Would I like a bank robber or a fraudster to see this?’ If not, don’t put it out there. The responsibility to protect your information starts with you.”
References:
1. NADYSEVA, S. R. (2019, 02 01). Fair data marketplace for all. Retrieved from World Bank: https://blogs.worldbank.org/digital-development/fair-data-marketplace-all
2. Investopia. (2018, 09 01). What percentage of the global economy consists of the oil and gas drilling sector? Retrieved from Investopedia: https://www.investopedia.com/ask/answers/030915/what-percentage-global-economy-comprised-oil-gas-drilling-sector.asp
Share
AVeS Cyber Security
AVeS Cyber Security is a specialist IT Governance & Architectural services consultancy that combines expert knowledge and services with leading technology products to provide comprehensive Information Security and Advanced IT Infrastructure solutions. Over the past 21-years, AVeS Cyber Security has strategically honed its solutions and services to help Southern African businesses future-proof their IT environments against the constantly evolving threat landscape while achieving their digital transformation aspirations. The company offers a leading portfolio of professional services, products, and training in security, infrastructure, and governance solutions. This year (2019), the company won four awards from some of the world’s top technology vendors, indicating competency, strength, innovation and robustness in an industry that is fast growing in complexity due to evolving challenges, such as ransomware, advanced targeted attacks and the Internet of Things. The awards include Kaspersky's Africa Partner of the Year 2019, ESET Regional SMB Sales Champion 2019, ESET Product Champion 2019, and Symantec SMB Partner of the Year 2019. AVeS Cyber Security also received three new partner statuses, namely, Microsoft Gold Datacentre Partner, DellEMC Gold Partner, and Barracuda Preferred Partner.