Another year is almost over, and in the UK, people are beginning to prepare for the traditional holiday season. It’s a welcome respite from Britain’s Brexit blues!
But it is also a time when individuals and organisations should increase their defences against data theft, hacks and scams. So, as we approach the holiday season, why not take the time now to research and review the smartphones and other connected devices you may be planning to purchase over the coming months.
Biometrics – Facial recognition, fingerprints etc. are just some of the features provided by the present generation of smartphones. But are they really that secure? While passwords are no longer effective, biometric sensors and apps can also be manipulated and spoofed.
What You Should Do:
- Only purchase products that use biometrics from authorised dealers.
- Take time to review the product carefully and ask questions about the reliability and robustness of its biometric security systems. Research more than one review site. Reviews can be manipulated by false submissions. Also, be aware of bias product and service reviews from so-called ‘influencers’. You can’t believe everything you read these days. Don’t forget to ask the opinion of your workmates, friends and family.
- Be cautious of apps that use biometric technology such as facial recognition.
- Stay informed. Stay on top of credible news reports about data breaches and hacks.
- If you are ever asked to provide biometric information, seek written assurances about its use, how long it will be used for, how it will be shared and who will be responsible for the security of the information. Don’t accept an organisation or company name; ask for the individual names and email addresses of the managers responsible. A credible organisation will have that sort of information readily available.
Integrating biometric tech into security may appear a cost-effective solution compared to other security methods but it will not enable organisations to side-step privacy regulations. Biometric information is included in GDPR privacy legislation. Organisations should also use encryption, and ensure biometric systems are secure in every layer. In addition, they should provide adequate levels of customer support. Hiding direct consumer help and support behind user forums and autobots is frustrating for customers. Like some banks, companies should be more proactive in providing consumer information about the risks associated with the use of interconnected devices and what steps customers should take to protect their information.
Skimming – It’s an old trick, but still in use. A hidden device, designed to steal passwords and account information, is placed in a card reader such as a bank ATM or petrol pump. Skimming malware can also be used to steal credit card information from online shopping web sites.
What You Should Do:
- Be extremely careful when using street ATMs and other card readers. Examine the card reading device before using it. Compare it to others. If it looks odd, walk away. Report it to law enforcement.
- Use an ATM that’s inside a secure building or, better still, do it old school and go to the bank teller or check-out.
- Remain cautious and alert, especially when travelling overseas.
- Only purchase products online from a secure site. Your web browser should warn you if a site is not secure. If it isn’t, don’t proceed.
- Use a separate card and account for online transactions only. Don’t use your primary bank account.
Skimming might be an old trick, but that doesn’t mean organisations can relax. Cybercriminals are becoming increasingly sophisticated, using technologies such as AI to penetrate defences. Organisations should use both human and machine technologies to monitor their networks for anomalies.
Smartphone Networks and WIFI – Stop and think for a moment about the information you have on your smart device (phone, tablet, etc.) and how important it is. It will carry your location, contacts, photographs, interests, texts, emails, financial information… Even if you don’t care about your information, what about your family and friends? It isn’t difficult to hack a phone and capture the information it carries. Wireless networks are vulnerable.
What You Should Do:
- Only purchase smart devices from authorised dealers and, as with biosecurity, take the time now to review the product carefully, stay informed, and ask questions about the reliability and robustness of its security systems.
- When accessing a WIFI service, think about the information you are being asked to provide in return for the service. For example, do they really need to know your date of birth and employment status? Also, never provide scans of sensitive documents that contain personal information such as your driving licence or passport over a public WIFI system.
- Back-up the data on your device.
- Clear down the information on your phone. Move photos and documents to another, non-connected, non-cloud-based device.
- It’s a big ask, but why not turn your phone off and only use it during certain times of the day. For example, turn it on for one hour in the morning, afternoon and evening. Will the world end if you do? I doubt it.
- Be very cautious when using your smartphone overseas. Be careful of data and phone call charges and accept that, in some countries, Whats App and other messaging services may not be available. If you need greater secure connectivity, travel elsewhere.
Wireless carriers must work together to fix the flaws in their networks. News reports have demonstrated how easy it is to access phone information. Greater accountability and regulation are required. Wireless carriers should not exceed or try to side-step data privacy regulations.
The Cloud -There are concerns about just how secure ‘the Cloud’ is. When you think of ‘the Cloud’ don’t think of it as a fluffy thing floating in the sky where everything is peaceful, calm and secure. It isn’t. Think of large warehouses filled with servers, connected by cables, satellites and an army of workers. ‘The Cloud’ has a tangible physical presence and cybersecurity professionals are very worried about it. Some of the server farms that make up ‘the Cloud’ – including many big household and business names – have suffered serious data losses and breaches.
What You Should Do:
- Be suspect about the hyped claims that often accompany Cloud sales pitches.
- Be aware that, as a result of breaches and growing consumer concerns, companies are re-branding and re-naming Cloud-based products and services.
- Ask questions about how your information is shared and with whom – especially other companies and services. Where does the information go? To another country? If so, where? Who is responsible? What precautions have been taken to ensure their employees are trustworthy?
- Back up all your data – not to a Cloud-based service – but to a separate physical drive that isn’t connected to ‘the Cloud’.
The information provided about Cloud-based products and services should be more transparent for consumers. There should be full security in all layers including improved monitoring and alerts. Senior managers and executives responsible for such services should be made accountable and liable for security monitoring. Their information should be made publicly available.
Gaming and Toys – Christmas is coming and that means toys and gifts. A new generation of sophisticated toys and games are starting to appear on the shelves, but users could be exposed. Apart from the security vulnerabilities that exist in the products, user information such as bank card data, identities and other assets, such as tokens and weapons in games etc., are extremely valuable. Cybercriminals also use social engineering techniques to infiltrate groups to cause chaos and grab what information they can.
What You Should Do:
- It is important to understand that children are vulnerable. They won’t understand the need for security. So, try to teach them about the importance of security and why they shouldn’t trust everything that appears on a device, toy or screen. This also applies to services offered outside the home.
- Schools and colleges should also play a greater role in educating children about the dangers of connected smart devices, gaming and other online services.
- Control the use of games, toys and other connected devices. Turn them off when not in use.
- Again, do your research, stay informed and ask questions about security.
Manufacturers and service providers should take more responsibility here and improve security at all levels. Better cybersecurity should be integral to all hardware, software and networks, with stronger user authentication. There should also be greater security and data privacy regulation especially the use of anonymity.