How Much of Our Data is at Risk?
Nowadays, most of us lead two types of lives – physical and virtual. And when the internet turned out to be a big thing, it became almost a truism that everything we do and say in the real world, must be replicated in the virtual world as well. But, as we go into the future, the lines between these two worlds are blurring, so much, in fact, that even we ourselves don’t know where our physical live ends and our digital existence begins.
If we are in a relationship, we shout it out loud on Facebook. If we get a promotion, we update our LinkedIn account. If we search something – anything! – it is stored by Google. Even our money is now much more digital than tangible, but this means that it is handled by someone other than us (banks, credit cards, insurance companies). Essentially, there is a digital copy of us on the internet. And we have to accept the gravity of the implications. What this means and what we can do about it.
Because, let’s face it, too much valuable data – financial info, telephones and addresses, messages, histories of purchases, loves and breakups – is on the internet and if dystopic SF-movies have taught us one thing, it’s probably that centralizations of the sort don’t bode that well for the future of humanity.
But, what can you do?
The Good Guys and The Bad Guys
We all readily give – in fact, have to give (read here if that’s about to change) – most of our personal data to trustworthy companies (or so they seem). For example, Google knows what we’re searching for, Facebook knows everything about our personal life and our banks know how much money we have. This is not necessarily a bad thing. These companies provide great services in exchange for our data. But they also sell it to advertisers who, in turn, try to sell us their products.
Wait a minute! They try to sell my data! I never agreed to that!
Well, not exactly: remember that time you didn’t really care to read those terms and agreements? It’s in there. They can do that. And you can’t use their services unless you agree they can do that.
And that’s where the problems come: irrespective of whether legally or unlawfully, people and organizations other than the ones we allow – may get their hands on our data. Without our permission. This means that they may also share it with all kinds of bad people who will try to misuse it and essentially ruin our lives. Both of them. This last type of people is a dangerous type of professionals. Some of them who have caused damages worth billions of dollars and managed to hack high-profile companies and organizations such as NASA, Pentagon, Google, Sony and LinkedIn.
But, it seems that the term hacking has been quite misunderstood by the layman, so before I go any further, let me begin by defining the two basic kinds of hackers you can come across on the internet:
- White Hat Hackers: These are the good guys, the true hackers. The white hat hackers are constructive, finding security flaws within a system and exploiting them in such a way that organizations are made aware of them and can take steps to fix them. Many companies – such as banks, for example – employ white hat hackers.
- Black Hat Hackers: These guys are all about the money, the fame or, simply, the mischievousness of it. They lack ethics and will dive into your private life shamelessly, scouring anything from bank information to photos of your children. Black hat hackers find and malevolently exploit security flaws, breaking into any system without a shred of fear of consequences. There are better known as “crackers”.
So, you see, contrary to popular belief, hackers are not the problem; crackers are. They are what both companies and individuals fight against. Because, whether you are a John Doe or a Google executive, personal security is no small matter, and, black hat hackers know this better than you.
Security Measures Taken by Companies
First of all, let’s see what companies do to protect the data we have entrusted them with.
“Organizations need to implement strategies, policies and technologies that allow them to detect these breaches when they occur, because then they can actually mitigate them,” – Shawn Henry, president of the services division at CrowdStrike
To start with, white hat hackers are much more appreciated nowadays. It wasn’t that long ago when a security flaw was worth no more than a shirt with the company’s name and a mention in the subsequently released patch. Now, thanks to bounty programs by Google and Facebook – who pay white hackers up to 50,000$ for reporting security weaknesses – white hat hacking is not a second-rate profession.
Furthermore, companies have developed more reliable verification protocols to alert users of suspicious sign-ins and logins. For example, if you normally use Facebook in Derry City and if, suddenly, someone signs into your account from Dublin, Facebook will alert you of the suspicious login and ask you to verify it. If it isn’t you, they’ll recommend you to change your password.
But many black hat hackers use bots – which, obviously, can be programmed to be malicious as well – to do their dirty work for them. Luckily, companies have found an effective way to stop them: CAPTCHAs! Sure, they may annoy you from time to time – and some people are annoyed much more than you – but you won’t believe, at least for now, how important they are for your safety! A CAPTCHA is a reverse acronym which stands for Completely Automated Public Turing test to tell Computers and Humans Apart and this is exactly what it does: its distorted text can be read by humans with relative ease, but not by computer programs. This is what makes CAPTCHA codes extremely effective as safety mechanisms, since they successfully block even the most advanced cracking software and bots from accessing your account.
What We Can Do to Make the Environment Even More Secure
Of course, these precautions wouldn’t amount to much, unless we, the concerned users, spend a bit more time and energy trying to actively protect our data. Here are some tips as to how you can strengthen your online security:
- Don’t use generic passwords like your name, a sequence of numbers like 12345678, the name of a favourite film character, or anything which someone close to you can easily guess.
- Use tricky security questions. Try to avoid question the answers of which can be easily uncovered (your primary school, your mother’s name etc.). Instead use questions only you know the answer to – like the first book you’ve ever read, your grandfather’s home town etc.
- Check your login history as often as possible. Websites such as Google make this really easy, since they always include a handy “Last account activity” page detailing your sing-in history (dates, places, IP addresses). If you run into a suspicious login – say from an unknown location or an unrecognised computer – always assume the worst and immediately change your password.
- When it comes to personal data (checking your mail or your bank account), try not to use open public Wi-Fi and hotspots – especially not if in unknown locations.
- Always use incognito mode (Ctrl+Shift+N in Chrome) or private window (Ctrl+Shift+P in Firefox) when browsing the web from a public computer. This ensures no passwords, web links, bookmarks or other sensitive data is being stored on the computer.
Although these are some very basic precautions, and most will not even take too much of your time, the most popular password is – you’ve guessed it – 123456!
“And two-thirds of the time someone else notifies the victim. The victim doesn’t find it for themselves, they have to learn it from the third party and most of the time it’s the FBI.” – Richard Bejtlich, Chief Security Strategist at FireEye
And this just two years after it was revealed that the infamous iCloud Data breach – which happened in late 2014 and resulted in the leak of sensitive photos and videos of many high-profile celebrities – was due to weak security questions: black hat hackers were able to find answers to the questions by using past interviews and Q&As.
Not that long ago, there was also a huge LinkedIn data breach. Many people’s passwords – including Mark Zuckerberg’s – were leaked to the public. Both his Twitter and Pinterest accounts were said to be hacked the same day, leading many to speculate that he uses the same password for many different sites – a rookie mistake, especially from someone of his stature.
Let’s face it: no matter what you do, no one can guarantee you that your data will be 100% safe on the internet. But if you choose a stronger password, use tricky security questions, browse privately and stay away from unknown public networks, in addition to checking your sign-in history once in a while, you can at least minimize the damage and/or quickly recover. If you don’t do anything, however, neither companies nor white hat hackers can do enough to prevent your accounts from falling into the wrong hands. Or, better yet – they cannot do it in time.
As they say, prevention is better than cure. And, when it comes to staying safe in the increasingly more dangerous online world, prevention is both your prerogative and your responsibility.