Posted on: October 28, 2021
In 1984, a singer by the name “Rockwell” hit the top-100 with the song “Somebody’s Watching Me”. A tale of a paranoid man believing everyone is spying on him. The first line of the chorus reads “I always feel like somebody’s watching me and I have no privacy”. The song is still played today particularly during the Halloween season.
I’m sure quite a few of us feel like Rockwell in today’s internet world; – or at least you should. Your personal information is a highly valued commodity that is electronically traded between companies as easily as gold and crude oil are in the physical world. Consider Google. This giant knows every search query you have entered including places searched in Google Maps. It keeps a location history of where you have been (If you enable the location service). It has recordings of your voice and transcriptions of what you have said to Google Assistant. It knows every YouTube video you have watched and so much more. Check out this link to really understand the scope of the data Google, and similar companies, have on you: https://takeout.google.com/settings/takeout. So what can happen if too much personal information is disclosed?
Phishing – In particular, spear phishing (see it.inside.tru.ca blogs) relies on the attacker knowing as much as they can about you, or about someone you know. What you have publicly shared about yourself, or others, may be just the thing a hacker needs to gain access to your data.
Hacked/Compromised accounts – All information about you can be pieced together to formulate an attack on your online accounts. The information collected can be cumulative. Meaning small bits of data, seemingly benign on their own, can infer more about you than what you intended when combined with other sources. You may not even be aware that the data is public. Here is a personal example. On Google, Bing, or whatever search engine of choice, type: John Cuzzola Kamloops. Roughly 13 spots down the results list you’ll see “Teresa Scordo Obituary – Kamloops, BC – Dignity Memorial”. Dignity Memorial is an online obituary celebrating the memory of the deceased. My grandmother is Teresa Scordo (may she rest in peace). The obituary reads in part: “…She is survived by her daughter, Angela (Tony) Cuzzola, and son Frank (Judy) Scordo granddaughters Elisa (Aaron) and Leana (Christopher) Scordo; grandsons John and Frank Cuzzola…”. From this one sentence snippet can you answer the question “what is your (John Cuzzola’s) mother’s maiden name?”. Does this question look familiar? It should, it is a common security question asked when you have forgotten your password. This is a perfect example of even if you are extremely careful with your information, third parties may inadvertently be providing data that could be used maliciously. It is important to monitor your online presence and be aware of such disclosures. Needless to say, I do not use the “What’s your mother’s maiden name” security question anymore.
Cyberbullying – Threats, abusive language, aggressive language, or hurtful teasing using electronic communications such as social media. The disclosure and sharing of personal data can make you more of a target particularly if the attacker perceives you as someone who could be dominated. Sadly, cyberbullying may lead to physical bullying or even suicide.
Cyberstalking – A close relative to cyberbullying, cyberstalking involves harassing individuals through repeated, and unwanted surveillance. The surveillance often starts by having the aggressor follow you on social media, but then quickly escalate to sending emails or text/phone messages. Those obsessed will transition to physical stalking once the victim’s work and home address is obtained.
Identity Theft – Oscar Wilde, an Irish poet who died at the end of the 19th century, once said: “imitation is the highest form of flattery”. If Oscar was still alive, he may have chosen these words more carefully. Many unfortunate victims will tell you that there’s nothing flattering about having your identity stolen. Identity theft is the ultimate consequence of personal information abuse. The effect on your life can be devastating. Financially, you may find yourself cleaning up a mess of fixing your credit rating, closing compromised bank accounts, and opening new ones. You may find yourself being chased by collection agencies or taken to court for transactions made in your name. Emotionally, you are dealing with anger, stress, and anxiety of what the future holds. Thieves have been known to open fraudulent social media accounts impersonating as their victims to friends, family, and employers. A crime may have been perpetrated under your name and an arrest warrant issued. This intense emotional distress directly leads to physical symptoms such as sleep disorders, inability to focus, and other body ailments.
So what is being done? Countries have acknowledged the problem through the passing of laws designed to give you control over the use of your personal information. Canada has 28 laws in the books which include: Personal Information Protection and Electronic Documents Act (PIPEDA), Digital Charter Implementation Act, Personal Information Protection Act (PIPA), Personal Health Information Protection Act, and Freedom of Information and Protecting of Privacy Act (FOIPPA) just to name a few. In British Columbia, educational institutions such as TRU are governed under FOIPPA whose protections include full disclosure of what personal data is collected (requiring your consent), what is the data used for, how long will the organization be using it, and where is it being stored.
Despite government involvement, the responsibility of protecting your personal data ultimately falls upon you. So what can you do? Be careful what you share on social media. The less you share the better. Don’t make personal information public. Only share privately with the people you know. When using software do not blindly give consent to use your information. Don’t accept browser cookies or limit them (some websites still work without cookies). Give the absolute minimal amount of information you can give and still access the service. Use the “incognito” or private mode of your browser. Finally, pay attention to your online presence. Monitor it frequently to see what personal information is circulating. Use a service like “Google Alerts” to automatically inform you whenever your name surfaces somewhere on the web.
Protecting your personal privacy can seem like a maddening task. Perhaps Rockwell was right when he sang “…all I want is to be left alone in my average home, … but why do I always feel like I’m in the Twilight zone?”.
Written by John Cuzzola, Director, Information Security