Data as general is a set of information, knowledge or fact that is measured and stored in storage devices. In our daily life, we access internet for sharing, purchasing and storing data. Have you ever thought about the ‘must-be thought’ like, “Is my personal data safe”? Or does someone own it? This blog will speak about the Data war, its potential impact, and how-to safeguard you from it.
Is your personal data in danger?
As we surf through the internet for our needs, we inadvertently spill some sensitive data’s such as username, passwords, bank account number etc for authentication and transaction purposes. These details somehow gets scattered in the internet and later gets exploited. In 2017, over 198 million US Voters data were leaked by an Organization called as “Deep root Analytics”, due to unsecured cloud server. I hope now a question would have aroused in your mind? Is my personal data secure or Am I a victim of a Data breach? In order to find it out, you can use OSINT (Open-Source Intelligence).
OSINT is information collected from public sources present over the internet for free. It uses sources from social networks, forums, business websites, blogs, videos, tweets, and news sources to fetch information. In order to utilize OSINT to gather information about a company or individual, one has to follow some techniques.
- Who is your target?
- What am I looking for?
- Collect employee names, job roles, as well as the software they use.
- Identify all social media used by the target Company or individual.
- Publicly accessible login pages.
- Job vacancy availability
- Publicly disclosed HR email.
Some Popular OSINT Tool:
- Google Dorks
How social media misuses your data?
In 2018, Social media has been the major victim to data breaches as over 4.5 million user data’s were leaked. During mid 2018, Facebook revealed that almost 60 thousand South African Facebook user accounts were compromised. Even Google revealed that they are about to shutdown Google+ after exposing 500 000 user data, due to the bug that wasn’t bothered for a long time.
Political or Social Manipulation?
On internet, you don’t know much about the political ads you’re shown. You often don’t know who is creating them, since the disclaimers are so small wondering if they even exist after all. You also don’t really know who else is seeing them. Sure, you can share a political ad, thus fulfilling the advertiser’s hopes and then at least some other people you know will have witnessed the same ad. But you don’t really know if your neighbour has seen it. In addition, digital advertising companies distribute ads based on how likely you are to interact with them. This most often means that they send you ads they think you are likeliest to engage with. They don’t determine what the nature of that engaging content might be — but they know (just as all advertisers do) that content works well if it makes you very emotional. An ad like something that doesn’t make you contemplative or curious, it makes you elated, excited, sad or angry.
It could make you so angry, in fact, that you’ll share it and make others angry — which in turn gives the ad free publicity, effectively making the advertiser’s purchase cheaper per viewer, since they pay for the initial outreach and not for the shares.
Social media giant like Facebook fell prey to the Cambridge Analytica scandal, which helped Donald Trump to win the throne. Over 50 million Facebook user’s data were in the hands of Cambridge Analytica, which was used to favour U.S president Donald Trump by manipulating American voters. Facebook accepted that they used “thisisyourdigitallife” app to get data from users and sold it for Trump campaign. This conspiracy dropped a bombshell among Facebook users. Facebook is a behemoth as far as social media platforms go and will survive.
Common mistakes company do with data security
Maintaining the sensitive data’s secure and vulnerability free is a tough challenge. Though implementation of security is prevalent on all sides, still hackers are able to steal the data from the individual or from the company. By following few methods, data securities can be achieved.
Before a company attempts to secure their data, first they should understand the sensitivity of the data and create a corresponding Data classification policy. The data classification policy can be split into three levels.
Data at this level is considered to be a sensitive one and it could cause great risk, if compromised. Access is on a need-to-know basis only.
Data at this level is considered to be less sensitive than the restricted data. Here the data is only accessible by the personnel. If this data gets leaked, it would cause minimum damage.
This data is less sensitive and even if gets compromised, it doesn’t cause any damage to the organization.
Everything that is shared over the internet should be encrypted. Company should follow strong encryption mechanism and proper key management.
There is a myth that revolves around people that data stored in the cloud is safe and secure, but it is not because you are storing your data on someone else computer. Best thing to secure your data is to encrypt it before uploading on the cloud. Before sharing your key with your cloud provider, review the cloud provider’s policies.
Train Up your Staffs:
Training your employee about data security is a crucial step in building your infra. Educate each and every member in your organization. There should be a compliance expert to manage and guide.
How to stay safe from fraudulent data:
- Keep your software up to date and deploy Anti-Virus.
- Always, make sure that you are connected to Https:// URL to make secure online transactions.
- Be cautious of suspicious e-mails from unknown sources. Don't open e-mails with attachments if you don't know the sender.
- Use a firewall to assist in blocking dangerous programs, viruses or spyware before they infiltrate your system.
- Avoid accessing unwanted website that may lead to drive-by download attack.
- While using third party computers or mobiles for browsing, use the private/incognito mode.
How to secure your users Data:
- Enable brute-force protection:
- consecutive failed login attempts for the same user, just block the IP address.
- Send a notification email to the user.
- Block the suspicious IP address for that user.
- Enable breached password detection
- Send an email to the affected user.
- Block login attempts for suspected user accounts using that username and password combination.
- Help your users choose better passwords
- A strong password must contain a number, special character and should be case sensitive. You can also forbid the use of previous passwords using our Password History feature and stop users from choosing common passwords using our Password Dictionary.
In this blog, we saw how user’s personal data is misused and implications. It clearly shows that how valuable each and every data is and how it can be used to manipulate people’s mind. In order to avoid exposing your sensitive data over internet, cyber security awareness should be created among people.
To get genuinely inculcated with proper cybersecurity notions, it is obvious to reach out a service-driven cybersecurity organization. More importantly, it is also mandatory to identify a firm that will train you on all possible issues in cybersecurity, as practically as possible.
We are a decade old cybersecurity firm focussed on securing our clients infrastructure and data. We have been as listed as one among the “Top 20 Most Promising Cyber Security Provider” by the “CIO Review” consistently for two years. We have set the “Indian Book of Records for identifying most number of vulnerabilities”. Contact us anytime and we will reach out to you.