Privacy is a keyword that has sold a lot of newspapers lately. Why is that? For starters, absolute privacy is more elusive than Peyton Manning trying to win a 2nd Super Bowl. 24-21 Seahawks, but I digress.
When discussing online and data privacy, responses can be generally summarized in to one of three statements:
“I don’t have anything to hide, anyway.”
or
“I don’t have any data anybody wants.”
or
“The ‘Internets’ and NSA can read our minds! Break out the aluminum foil.”
There is some truth to all of those statements. However, let me respond one by one…
“I don’t have anything to hide, anyway.”
Hopefully, that is true! I would put myself in that category. However, not having anything to hide is not the same as, “please document all of my likes, dislikes, medical conditions and internet searches.” The power of big data is amazing. It’s hard to imagine what a single search provider can deduce from your search history. Add your social media activity and GPS coordinates from smartphone snapped photos to the mix and it would be a mundane task to predict where you are going to have lunch…next Wednesday….before you even know. So, what’s the harm in that? Well, like anything else there is no harm if that information is not abused. However, the idea of so much personal information logged on a server somewhere in cyberspace can make anyone a little bit uncomfortable when you start to give it some thought. After all, these companies exist to make money and your information is the product they are selling. If someone was following you, your children and your “friends” around with a pen and pad, from a safe distance of course, jotting down your schedule and any other details they could gather in plain sight, would you be OK with that? Unlikely.
Be aware of the fact that when you are logged into a social media account or search engine, your web traffic and internet searches are likely being logged and analyzed. If you have a problem with that, remember to log out of all websites you logged into and clear your temp files before browsing the web. Some individuals keep a separate browser for random searches and web traffic and another browser for logging into social media websites and the like.
“I don’t have anything anybody is interested in stealing.”
Actually, you do. You have credit cards, a social security number and credentials to campus or corporate resources. You may have access to intellectual property or research data. You definitely have access to a computer. Many of today’s attackers are more interested in computing power as much as anything else. If they can turn your computer into a zombie and make it part of their apocalyptic cyber army, they are more powerful and more effective in getting what it is they’re ultimately after. There have been countless cases of a computer sitting under the desk of a receptionist in an inconsequential office taking part in a cyber attack against a high value target. So don’t subscribe to this faulty reasoning. It’s just not true.
“The ‘Internets’ and NSA can read our minds! Break out the aluminum foil.”
Well, this is not true as it stands today, but there is no telling what next week will bring. Here’s the bottom line. The climate of information security has changed from ‘trust but verify’ to ‘don’t trust and verify’. Everything worth protecting needs to be protected. What do I mean by that obscenely obvious statement? Assuming something is safe or relying on security by obscurity is not going to cut it anymore. Any data hitting the wire or the air via WiFi should be viewed as fair game for invited or uninvited onlookers to see. Encryption for data at rest and data in transit is not an option; it’s a requirement. Every website, product or software package you are investigating should support encryption. Accept no less and assume your local network is already breached in some way. It’s not paranoia. It’s reality more often than anyone would like to admit.
Watch this short video for some important reminders. It’s an oldie but goodie if you haven’t seen it before.