Get started on your cybersecurity degree at American Military University.
By Susan Hoffman
These days, it’s very difficult to maintain the privacy of your digital data and still remain a part of modern society. Social media sites, for instance, insist on collecting personally identifiable information (PII) such as our names, birth dates and email addresses. Similarly, companies commonly collect other information — such as credit card numbers, bank or credit union account numbers, and medical records — which are stored in large cloud databases that are potentially vulnerable to skilled attackers.
By now, we’ve all become accustomed to giving up at least some of our digital data. Providing our personal information through online portals enables us to accomplish tasks such as making online purchases, creating social media accounts and accessing our health information.
But what if that information was used to publicly shame us or as evidence in a criminal case? Would we be as willing to provide it to companies?
Giving Information and Images to Online Sites Is Now Routine
Most computer-savvy users are aware that they should be cautious about what information and images they put online. For instance, workers have been fired for providing proprietary information and making uncomplimentary remarks about clients or coworkers. In one case, a simple tweet created a public relations disaster due to its racist content.
Even images — whether they are yours or taken by someone else without your permission — have the potential to cause public embarrassment. A photo with less-than-savory content uploaded by one of your Facebook friends has the potential to spread to your family, friends or coworkers; it can even go viral.
If you’re planning to interview for a job, it is also wise to clear up your “digital dirt” prior to applying for the position. Some human resources personnel may investigate your online activities, which could factor into their decision whether or not to move you forward in the hiring process. According to CareerBuilder, “70 percent of employers use social media to screen candidates before hiring.”
Ashley Madison Hack Reveals Dangers of Losing Control over Your Personal Information
In 2015, Ashley Madison, an online dating service for extramarital affairs, suffered a massive attack from a hacktivist group called The Impact Team. Ruby Life Inc., the company behind the Ashley Madison website, ended up with around $30 million in fines and has become a textbook case of security management failure.
Users of the Ashley Madison site suffered the embarrassment of having their names, credit card numbers, email addresses and sexual preferences published publicly on Pastebin. The hack also triggered divorces, job terminations, resignations and two suicides.
Digital Information Also Used for Committing Crimes
Digital information has also been used to commit crimes. For instance, revenge seekers might post online the personal information of law enforcement officers, a crime known as doxing. In addition, individuals, especially those who are high-profile business and government leaders, have been the victims of this type of crime.
Cloud Computing Has Made Our Digital Data More Vulnerable
Cloud computing has been a boon to many people, but it has also increased our vulnerability to attackers. Digital data stored in cloud databases is susceptible to both internal and external threats such as a revenge-minded ex-employee or an attacker who has become an advanced persistent threat.
Ultimately, we have to trust the guardians of our digital data to do their jobs. However, we should also exercise caution whenever we provide personally identifiable information and know how that information is going to be used.
As Timothy Morrow notes in the Software Engineering Institute’s Network Security Blog, “Some aspects of security remain the sole responsibility of the consumer. Effective cloud security depends on knowing and meeting all consumer responsibilities. Consumers’ failure to understand or meet their responsibilities is a leading cause of security incidents in cloud-based systems.”