The recent Facebook data leak triggered a panic attack among social media users. But is the anxiety justified? We talk to information security experts to know how to safeguard ourselves from such data breach in the future.
Privacy is the state of being free from public attention. But in the age of social media, where you log in only to tell people ‘what’s on your mind’, the definition of ‘privacy’ has been amended. Two city-based information security personnel break down the concept of privacy, the kind of repercussions data leaks can have on us, how we can protect our data from being stolen and misused, and whether we need to be worried about this at all.
How does data leak matter to you?
We first need to understand what data is. Hanish Grover, project manager at Allscripts, says, “Simply put, data is facts and statistics collected for reference or analysis. We tend to use apps to make certain data available to us conveniently — like syncing your calender with Facebook so that you can see the birthdays of all your friends there. To do this, Facebook allowed people to log into apps and share who their friends were and some information about them. Facebook shares user data all the time — when you log into a game or an application, or even if you log into Instagram using your Facebook account. These applications/ games can use this data to target ordinary people.”
However, Prateek Dixit, cyber security analyst at Varian Medical Systems, shares that there is absolutely no reason to get worked up about your data being shared by Facebook when you yourself have agreed to share it with the portal.
“Security is a myth when it comes to social networking sites. You have to enter all your personal information at each step and agree that it will be stored with them. Moreover, Facebook has more than 2 billion user database that is accessible to everyone in some way or the other. If you are worried about your profile information being stolen, don’t opt for social networking,” says Dixit.
Grover feels that being on social media is like opening your personal diary to the world. But in this day and age hasn’t your social media account replaced your personal diary? You ‘check in’ to tell everyone where you are, post photographs to show everyone how you look, and share every thought of yours on social media.
How to check whether your accounts are safe?
Dixit says, “Check what apps you’ve signed up for using Facebook or Gmail logins. Practice good password hygiene. Do not use same passwords for all your social media accounts. Enable 2FA (Two Factor Authentication) for all your accounts. Keep your mobile app updated to make sure you have the latest version of the platform being used. Create a separate email for your social media accounts, so that if your emails are compromised, the hackers won’t have access to the valuable information. Close the accounts that you are not using anymore. Learn about basic cyber security etiquettes like phishing, spam and so on.”
Grover advises to use the ‘Privacy Checkup’ option to see what data is being shared publicly. “The Privacy Checkup helps you review who can see your posts and info from your profile, like your phone number and email address. It also shows you your settings for apps you’ve logged into with Facebook. You can use the Privacy Checkup to review and adjust your privacy settings to help make sure that you are sharing only with who you want. To go to the Privacy Checkup, click on the question mark at the top of any page on Facebook and select the option,” he says.
What kind of private data could be leaked?
Dixit shares that information like your date of birth, place of work, hobbies, personal photos, education, phone number, email address, could be leaked. “Moreover, this is a new age hack where companies like CA (Cambridge Analytica, the political consulting firm that harvested raw data from up to 87 million Facebook profiles) can collect the data based on your answers and later use the same data to earn sales or instead can sell it too,” he says.
But how can someone use this information to cause trouble? “Data has become the next big thing in the tech industry. It can potentially be used to create a replica of you and me. Many countries are coming up with their own data security strategies and laws. That said, any company whose job is to mine the data to extract the required information to fulfill a task will have great benefits, monetary benefits too. So we need to make sure that we are cautious about every post, story or article we are publishing as it may be used to achieve someone else’s dreams,” adds Dixit.
Emphasising on the importance of data, Grover claims that data is all you really have — it is your wealth and your identity. “Imagine if someone steals your digital identity and gets access to everything — including your bank accounts, personal chats, everything! A person’s financial and social life can be destroyed in a snap if their personal data is leaked,” he warns.
How to be cautious when using apps?
It’s always good to exercise due diligence and use methods like OTP (One Time Password), Captcha for 2FA while logging into any app, says Dixit adding, “Clear browser cache and cookies, after accessing anything or work in incognito mode. The golden rule is to read before you click. In Facebook’s case, people who had their data stolen were the ones who clicked to agree to it. Always read the messages that ask for permission to access your data when you click on a game or take a quiz on Facebook. In this day and age, clicking to give your permission is as valid as signing your signature on a document.”
Grover explains how despite high security settings, identity thieves can get your information. “Most social network sites have information such as email address and birthday. It’s common for an identity thief to hack an email account by using this information. For example, a common technique to get personal information is by clicking on ‘forgot password’ and trying to recover the information through email. Once the thief has access to your email account, they have access to all the information on your social networking sites,” he explains.
So what can you do to protect yourself?
Getting off social media is one option, but if that’s isn’t doable, then you might want to make sure you have an unguessable password. “The stronger your password, the harder it is to guess. Use special characters like symbols and capital letters and refrain from using common passwords, like your birthday or your child’s name. Be careful with your status updates. Often, we innocently post status updates that would give an identity thief information they need to steal. For example, you may post ‘happy birthday to my mother!’ and then tag her in the post. It is likely that your mother’s maiden name will be associated with that tag now. A popular security question is ‘What is your mother’s maiden name?’ and if you share that online, you run the risk of identity thieves getting the answer to this commonly used question,” advises Grover.
But to make absolutely certain that no one has any information you don’t want to share, you’d have to skip being on social media, however the addiction isn’t as easy to get over.