In a world where the terms youtuber and influencer are so in vogue and where sharing information on social media is a common practice for almost everyone, we sorely need more social awareness about the importance of taking security seriously before sending or publishing content, and, more importantly, educating our children on how to use new technologies smartly.
According to the latest report on cybersecurity and trust in Spanish homes, created by ONTSI and Red.es, almost seven out of ten users believes their devices (PC or cell phone) to be reasonably protected from potential online threats.
It seems like only those of us in the IT security world have these issues at the forefront of our minds. The rest of society is not so worried, until unfortunately sooner or later they encounter a disagreeable situation resulting from this behavior and they throw up their hands in horror.
These cases, including bullying, blackmailing, pedophilia, kidnapping and burglaries, occur because of a bad use of new technologies and a lack of awareness or laxness when it comes to privacy and sharing information online.
It is common for us to find public or not very restricted profiles in social media where, in the “personal data” section we find data that clearly identifies a person, revealing contact methods, their hobbies and even indicating social and family status. This type of data is very useful for
cybercriminals, who can use them to commit crimes. However, private profiles are not necessarily risk-free. Social media platforms could have security loopholes or data leaks could occur, as was the case with Facebook recently.
The solution involves revealing the least personal information possible and having special sensitivity about online posts.
On this point, I invite you to think about something. Do you upload photos to social media? Do you upload them as soon as you take them?
Although it may not seem like a big deal, the fact is that it involves significant risk if you haven’t taken the appropriate security measures. For example, if GPS is usually active on your device or you allow your camera app to access location information, all the photos you share online are embedded with information about your location when you snapped the shot. This information is known as metadata and can be easily extracted simply by having access to the picture. So, what would you say if any user can know where you and your loved ones are physically located at any given moment?
It is increasingly frequent for criminal gangs to use social engineering techniques and information gathering to commit burglary or fraud. We know of highly publicized cases where criminals analyze their victims’ social media profiles and even determine where they live and when they leave the house empty to break in. This could be avoided by being more cautious about the information we share when we publish content online.
Apparently innocuous statements such as “I can smell the sea” or “nowhere like home” linked to a photo on Facebook or Instagram embedded with geolocation metadata can be just the information a thief is waiting for.
For better or for worse, we live in an interconnected world. We are surrounded by cell phones which enable sharing information at all moments and with anyone. Although, fortunately, the General Data Protection Regulation has been in place now for several months, helping protect how individuals’ personal data are processed and handled, we should not lose focus of the fact of what, in my opinion, truly matters and is necessary in terms of security and information privacy: awareness.
could have security loopholes or data leaks could occur, as was the case with Facebook recently.
The solution involves revealing the least personal information possible and having special sensitivity about online posts.
On this point, I invite you to think about something. Do you upload photos to social media? Do you upload them as soon as you take them?
Although it may not seem like a big deal, the fact is that it involves significant risk if you haven’t taken the appropriate security measures. For example, if GPS is usually active on your device or you allow your camera app to access location information, all the photos you share online are embedded with information about your location when you snapped the shot. This information is known as metadata and can be easily extracted simply by having access to the picture. So, what would you say if any user can know where you and your loved ones are physically located at any given moment?
It is increasingly frequent for criminal gangs to use social engineering techniques and information gathering to commit burglary or fraud. We know of highly publicized cases where criminals analyze their victims’ social media profiles and even determine where they live and when they leave the house empty to break in. This could be avoided by being more cautious about the information we share when we publish content online.
Apparently innocuous statements such as “I can smell the sea” or “nowhere like home” linked to a photo on Facebook or Instagram embedded with geolocation metadata can be just the information a thief is waiting for.
For better or for worse, we live in an interconnected world. We are surrounded by cell phones which enable sharing information at all moments and with anyone. Although, fortunately, the General Data Protection Regulation has been in place now for several months, helping protect how individuals’ personal data are processed and handled, we should not lose focus of the fact of what, in my opinion, truly matters and is necessary in terms of security and information privacy: awareness.
We should build awareness at all levels, but especially amongst younger people—our future. It is very important for us to teach children to use new technologies well to prevent their data from being used for bullying, blackmailing, burglaries, etc. and that we build, generation after generation, a safer society of people eager to protect their privacy.
In the Hacking division of everis Aerospace and Defence we work with clients whose employees, culture and other assets have been subject to cyber-attacks. It becomes ever more important to raise awareness on this topic, not only among users but on a company level.