With the second anniversary of GDPR on the horizon, the topic of data security is as pertinent as ever. Despite the proliferation of connected devices and the personal information and sensitive data they harbor, many consumers are unaware of just how susceptible their pocket-sized computers are to cyberattack. In fact, some of the most severe cybersecurity threats originate from a lack of consumer awareness, especially when it comes to securing personal data. With this in mind, here are some of the most common security misnomers facing the average consumer, and advice to help you stay on the right side of a data breach.
If you were to ask the average consumer what account is the most important for them to keep safe and secure, you might expect them to say their bank account, PayPal, or perhaps a government portal login. However, while highly sensitive, these accounts don’t pose the greatest danger. In reality, it’s something far more ubiquitous and open to attack: your personal email account.
This is because, primary email addresses are often linked to a multitude of essential accounts, each with varying degrees of sensitivity. For example, if a hacker were able to obtain access to a consumer’s email address and password from a dark web database, they could attempt to use that information to access a series of accounts on other sites. This is for two reasons. First, the average consumer lacks proper password hygiene practices and will often reuse memorable passwords between accounts to enable a more seamless online experience. It’s absolutely essential that consumers come to understand the consequences of such online habits and begin to deploy security conscious password etiquette. Second, if a primary email has been compromised, it’s possible to covertly reset passwords to practically any account linked to the user’s primary email and delete the evidence before they notice.
As the Internet of Things (IoT) market grows, and the amount of data and personal information accumulated through personal devices multiplies, so too will the severity and variety of attack vectors looking to exploit it. Due to the ultra-sensitive information recorded by IoT devices, such as geolocation, personal health information (PHI) and biographical data, it’s essential that consumers are aware of exactly what they are bringing into their homes. As IoT devices become more popular, the market will become flooded with devices built to economies of scale; prioritizing affordability over security. In order to prevent some of the many attack vectors facing IoT devices, users should implement a unique ID and a strong password. This will greatly reduce the threat of password-related breaches; however, this will not make you immune. The first step to ensuring cybersecurity is to understand just how much is on the line and taking all of the recommended steps to protect yourself and the information that you generate.
Like IoT devices, any system with Bluetooth capabilities can present a serious risk to users. Bluetooth is a weak shortrange signal meaning, which means you have to be in close proximity with another user device in order to interact with it/ them. This, you would think, poses a significant barrier to attackers trying to compromise Bluetooth devices. However, with specialized radio systems they can overcome this by sending and receiving Bluetooth signals from long distances. Social engineering techniques also mean that a determined cybercriminal could track you down and end up sitting close enough to you to hack your Bluetooth enabled device and exfiltrate sensitive information.
Think about how much data you have on your phone. All of it is, potentially, at risk. And, short of disabling Bluetooth, there is no clear way to protecting it. However, with the rise of Bluetooth-enabled devices, such as earphones, cars and watches, this is simply not an option for millions of users. This means the onus is on the manufacturer to secure the device. You may be able to detect suspicious Bluetooth events by examining activity logs; however, this can be bypassed and even if not, then there is a chance that it will be too late.
Wireless Internet has facilitated the rise of digital culture. It’s everywhere: from your home to your favorite coffee shop, and practically everywhere in-between. Public Wi-Fi networks have been the center of security discussion for a very long time, and for good reason. Networks that aren’t secured with Wi-Fi Protected Access (WPA) encryption essentially act as a radio to broadcast your information to anyone in broadband reach. Recently there has been a tremendous push to move network traffic to be encrypted by Transport Layer Security (TLS) so that it’s unreadable even by someone with network access. However, there are attack vectors, such as “Man-in-the-Middle” attacks, that allow criminals to bypass this security measure and target users.
Even private networks present an opportunity for cyberattack. Are you aware of exactly how many devices are connected to your private network? If so, are you 100 percent sure that they are secure? Take for example, an employee working from home. Even if their computer has the most stringent security protocols in place, if there’s an unprotected phone connected to a sensitive network then they open themselves to the possibility of being targeted by a savvy cybercriminal.
One thing ties all these threat vectors together: the human factor. We are the weakest link in the cybersecurity chain, so it’s up to all of us to ensure we are doing the best we can to ensure we’re best protected from external threats. This begins with education. Only by acquiring and sharing knowledge, and by utilizing third-party products, will we be able to maintain security at all levels, from the office to the home and everywhere in between. After all, cybersecurity is a culture not a product, so we should do everything in our power to make sure that we are protecting our own information by fostering a culture of security conscious consumers.