Get Serious About Cybersecurity: Take Ownership of Your Personal Data

October is National Cyber Security AwarenessMonth (NCSAM), and one of the prongs in the three-part theme is for all computer users to “Own IT.” This means staying safe on social media, updating privacy settings, and keeping tabs on apps. Simply put, users need to take better ownership of theirdata and their online presence as part of daily safe cyber practices.

It is all too easy simply to click the wrong link, share thewrong thing on social media, or download the wrong app. One of thebiggest risks today is ransomware, a type of malware that can lock auser or even an organization out of a computer or network. Cities suchas Atlanta and Baltimore have suffered from ransomware attacks thatresulted in millions of dollars in recovery costs.

The insidious ransomware threat is getting worse. The globaldamage from ransomware could cost US$11.5 billion this year, according to data fromcybersecurity researchers at KnowBe4. The averageransom payment increased by 184 percent, while the average downtimefor organizations was 9.6 days!

“The threat of ransomware continues to grow,” warned Kelvin Coleman,executive director of the National Cyber Security Alliance.

“For the average consumer, phishing — when someone poses as alegitimate entity to try to access your data — also remains a bigproblem,” he told TechNewsWorld. “As the Internet of Thingsexpands, this will also expose more of our data through the sheernumber of interconnected devices we own.”

Too Much Information

Many consumers already do a good job of securing their desktop andlaptop PCs with antivirus software and are wary of unsolicitedemails, but they may fail to realize that the same precautions need to bein place on mobile devices. The problem is likely to get worse as theworld becomes ever more connected.

“The chief issue is that technology’s deployment vastly outpaces ourability to anticipate awkward consequences of its use,” explained JimPurtilo, associate professor in the University of Maryland’s computerscience department.

“Without an overarching legal and social framework to define whatprotections people ought to enjoy, then eager consumers — the earlyadopters who get new services and products off the ground — end upbeing the early casualties,” he told TechNewsWorld.

“We learn the unintended consequences of some new technology only oncepeople become victims, often bringing others with them,” addedPurtilo.

Another problem is that people tend to share too much on socialmedia, which can include posting vacation photos in real time –telling would-be thieves that your house is empty and ripe for thepicking! Combine this with the personal information that is shared, andit can make it easier for high-tech thieves to guess passwords as well.

Users need to limit what they’re sharing and do a better job ofprotecting sensitive data and information. This is where “Own IT”comes into play.

“The takeaway point is that cybersecurity is more than just buildinghigh castle walls around select financial data,” said Purtilo.

Protecting Data

Consumers should be vigilant about privacy and know how their data is collected and used.

“There are some easy steps that consumers and businesses can take tohelp safeguard their data, such as using long and strong passwords orpassphrases, updating software regularly, and implementing multifactorauthentication,” said NCSA’s Coleman.

Failure to do so can have lasting effects that go beyond lost data.

“Most folks do not know what to do when they experience an accounttakeover attack or identity theft,” noted Justin Fox, director ofDevOps engineering at NuData Security, a Mastercard company.

“Often they just reset their password to the service that wasfraudulently taken over — this is not enough,” he told TechNewsWorld.

“When you are a victim of identity theft or fraud, it is important toconstruct a plan to recover your identity and protect yourself fromadditional fraud,” Fox added.

“A step that I would encourage folks to consider is placing a fraudalert through a credit bureau,” he suggested. “A fraud alert is free andwill make it harder for someone to open certain accounts in your name,such as credit applications, as they have to take additionalverification steps.”

Check Privacy Settings

One of the key points of owning IT is to keep privacy settingsup-to-date. Too often social media companies, software vendors, andother online entities have the default settings that favor them andnot the consumer. Therefore it is a good idea to check the settings before starting to use a new application.

Caution is also advisable when a new application is loadedonto a PC, tablet or mobile phone to ensure that malware isn’t hitchinga ride.

“As far as keeping tabs on their apps, people should ensure thatthey are using software and services that scan their devices for maliciousapps,” said Ralph Russo, director of the School of ProfessionalAdvancement Information Technology Program at Tulane University.

“For example, people using Google Android devices should make sure thePlay Store app scanner is on and functioning, and people usingMicrosoft Windows should, at the least, use built-in WindowsSecurity,” he told TechNewsWorld.

It is also important that users install apps and other software only from reputablesources, and from the mobile device operating system official app store.

“Sideloading apps, or installing from other than the official store,can get you free software and a little more — hidden malicioussoftware, as the free app acts as a Trojan horse,” warned Russo.

“Privacy settings in social media should be set to only allow theminimum number of people to see personal data, photos and messages thatusers are comfortable with — e.g. ‘friends only,’ ‘friends of friends,’”added Russo. “Never set a privacy setting to ‘public’ without aspecific considered reason for doing so.”

Own IT on Social Media

It is easy to share way too much on social media. Onefactor is that the concept of “friends” suggests those that haveconnections with you are in fact your friends, even when you’ve nevermet them or had any prior contact.

A worrisome aspect of social media it can be just as easy forindividuals to be socially engineered as friended!

Also of concern is that while online, people tend to share information withthe masses that they probably would only whisper to a close friend orcolleague in a face-to-face situation.

“While social media has become a primary method of communication inour society, users should proceed from the perspective that anythingthey say or post can eventually, if not immediately, be public,” Russo pointed out.

“Unfortunately, many people approach posting as if it is for theirfriend’s eyes only — but social media sharing and re-posting canquickly widen the audience to a level the poster did not count on,he said.

Therefore, when using social media one should refrain as much aspossible from divulging or displaying personal information that could be used in any nefarious wary.

That could include birth dates, specific and detailed information aboutupcoming events or plans, or personal information such as the layout ofa business or house, said Russo. “Think from the perspective of what amalicious actor would do with the information you’ve posted.”