“What do I care? I have nothing to hide.”
We all know some jerk who believes this. It comes up in conversations about surveillance, hacking, even airport security. The fact that you’re wearing clothes means you have at least a couple things to hide. People need their secrets. Some information was not meant to be shared, and requires additional protection. But what kind of information should you worry about?
Here Are 10 Types of Information You Must Protect
In order to protect your information located online, you need security controls and encryption in place. You also need to know the location of sensitive data and classify it according to how restricted access should be, in order to limit confidential information on web servers. Also, it is vital to be careful with hardware, whether this means not leaving active computers unattended, allowing employees to bring in their own devices, or proper disposal of old equipment. If you have an online business, you need to take control of information security. Here’s what you need to protect.
1. Search History Can Reveal a Lot of Personal Details
Would you like it if every search query you ever put into a search engine were exposed and indexable? Yes, search engines remember every time you Google yourself (no, that’s not a euphemism, but yes, they index that too, perv).
Way back in 2006, AOL released logs containing 20 million search queries of its users collected over a three-month period. It was ostensibly for use as a research resource, but the information was exposed to the public, allowing anyone to sift through. The usernames were hidden, but it was easy in many cases to trace the real identity of a user. And some of the accounts revealed deeply disturbing information, including inappropriate preferences, interest in joining terrorist networks, and one man contemplating murder.
So, some things are probably better off kept secret. And this doesn’t just go for the big search engines, but could be a legitimate issue for online stores, medical websites, anywhere that allows users to do a search.
2. Your Private Correspondence Should Stay Private
What would we find if all of your e-mails, SNS messages, and chat logs were put online? Maybe we’d find out what you think of your coworkers, dig into your personal life, and uncover your personal photos. We might also find compromising information like passwords, identification information, or confidential documents.
Maybe you took some pleasure in all the nude celebrity photos that have come out in recent years. You probably won’t be as happy to hear that Chinese hackers were able to monitor the e-mail correspondence of US government officials between 2010 and 2014. As we saw in the 2014 Sony hack and Hacking Team’s data leak, the content of private communications can be devastating when hacking victims have their own words used against them.
We certainly should be careful what we send to others, and what we put in the cloud, but at the end of the day, shouldn’t we have the right to communicate online with some guarantee of privacy?
3. Passwords Must Be Protected
In the 1995 movie Hackers, the most popular passwords named were “love,” “secret,” “god,” and “sex.” Today, we’ve graduated to poor passwords like “123456” and “password.” Your password is your last line of defense against snoops, and a lot of intrusions are still done because of poorly made passwords.
One especially harmful practice is to use the same password for everything, to protect your computer, your e-mail, your website admin account, and everything else. If you used the same password for your e-mail and your, say, Ashley Madison account, you’ve just compromised your e-mail and whatever else shares that password.
4. Financial Data is an Obvious Target
The most obvious target for hackers is financial data, mainly credit card numbers but also any kind of banking information. Now that banks are moving online, security concerns are increasing. Despite employing strong security (well, sometimes), banks are a major target due to the value of the data they protect.
In the infamous Target hacking case, hackers stole 40 million credit and debit card numbers. Shortly after that, 56 million card numbers were stolen from Home Depot. This information was likely sold online to other cybercriminals who would use the data to make purchases before the breach is detected and the cards are cancelled.
5. Personal Information Helps Identity Thieves Steal your Identity
Any kind of identifying information, such as social security number, driver’s license, and even your birthday, could be useful to hackers. This sort of data may not be as carefully protected as your credit card info, but identity thieves can use this information to compromise your finances.
Identity theft is a growing concern, as hackers develop more sophisticated ways to hijack your identity, with which they can sign you up on other websites, take out loans, commit fraud, or maybe even just write a few fake reviews in your name.
6. Medical Information is Highly Sought After
As health care moves online, it presents an easy target to hackers and identity theft. Medical information is more valuable in the online black market because the data is poorly handled due to the decentralized nature of the medical industry, underinvestment in security, and lack of preparation.
Earlier this year, medical insurance company Anthem disclosed that hackers had made off with the data of around 80 million customers including names, social security numbers, birthdates, addresses, and income data. And after that, the hospital network Community Health Systems was compromised by Chinese hackers who stole data on 4.5 million patients.
Health care providers are only required to disclose data leaks that affect more than 500 people, so it’s impossible to get a good idea of how far-reaching this problem has gone. What’s more, medical service providers have been slow to realize that they have value as a target of theft, so too many hospitals have been slow to encrypt patient data, a critical mistake leaving millions exposed.
And yes, for medical insurance fraud purposes, yes, a hacker could access medical records to change his own medical results.
7. Education Information Can Compromise You in Many Ways
Universities and grade schools are a ripe target for cyberattacks. Yes, there is potential for students to hack systems to change grades or class registration. Due to the nature of schools, there is a lot of potential for students to get up to mischief in electronic systems.
Yes, just like medical websites, education sites have a lot of thorough information on their students and faculty. And due to the sprawling bureaucracy of a university campus, there may not be enough communication on information security.
In the case of universities, there is likely also classified information stored online, such as research findings and intellectual property, stuff that could be valuable in the wrong hands.
8. Your Own Work is a Tempting Target
If you are conducting research or hosting any intellectual property online, that is certainly a viable target for hackers because it has financial value.
But what about other personal data, like your family photos, or that novel you’ve been working on? Surely that’s worthless to nobody but you, right? Well, this kind of personal information is especially vulnerable to ransomware attacks. Anything you’d pay money to have returned to you is a target.
The best defense against this sort of attack is good security combined with backing up all your valuable data.
9. Business Information Can Be Used Against You
If you run an online business, it’s best to be careful where information is stored and who can access it. Any documents related to your business, including budgets, payroll, or marketing plans, could hurt you badly if it gets exposed.
And you don’t just need to worry about hackers coming out of the shadows, but your own employees turning on you as well. Does your accountant need the same network privileges as your CISO? No, everything should be compartmentalized, so in the event that one person’s password is cracked, you haven’t compromised the whole system.
Do you really want salary information available to all employees, or the general public for that matter? Information should be classified according to whether it’s confidential, or members only, or for public consumption.
10. Security Procedures Must Be Kept Private
If a hacker can get full access to your website, server, or network, this includes control over any security systems you have in place. A hacker who’s infiltrated deep enough will be able to take control of your security.
When hackers believed to be from Russia carried out history’s greatest bank robbery spree, they were able to learn the anti-fraud and security measures of individual banks, allowing them to hijack CCTVs and avoid setting off alarms. The finest security precautions are meaningless if thieves have the keys or password to access your security system.