Eight Steps for Coping with Information and Privacy Risks Online

This post is also available in: עברית (Hebrew)

By Ilan Segelman, Power Communication (distributing Sophos solutions in Israel)

Revealing private and secret information to unauthorized sources is an ever headline-grabbing issue. The Authority for Privacy Protection in the Israeli Ministry of Justice recently revealed a systematic breach of the privacy of hundreds of thousands of Israeli citizens and released soldiers, whose private and sensitive information was extracted from an Israeli Defense Forces database, belonging to Meitav Unit.

Moreover, Israel’s seen two fraud campaigns recently. The first in which the attackers approached mobile carrier users via e-mail or text messages, informing the latter of the termination of their mobile package, following with a link asking the users for their credit card information. The second campaign offered an alleged holiday gift, valued at hundreds of Shekels, to anyone who clicks on a certain link. Neither campaign was initiated by the companies, of course, but rather by impostors striving to attain personal information in a variety of sophisticated methods, taking advantage of uninformed users.

Users face a variety of threats when surfing, clicking and sharing information with companies and private people. In the current information age, social media and internet users are exposed to risks without being aware of it.

The threats faced when using social media can be divided as follows – information which users share and malicious cyber attacks on social media accounts.

The first, information sharing on social media, is the simpler of the two as it centers around the behavior of the user. Revealing personal information on social media platforms involves high risk, as this information can turn public. If you think your shared information online only reaches a small network of people, think again – this data is open to a much wider network, including complete strangers. Social media platforms, naturally, encourage its users to share. From an information security standpoint, however, there are risks.

The second threat, malicious attacks, is more complex. Users’ social media accounts have become extremely valuable to hackers. There are several types of attacks that occur on social media platforms, among which are spam (sponsored posts, advertisements), phishing attacks in which attackers attempt to trick users in order for the latter to reveal information, and of course, malware – malicious software, including viruses, Trojan horses, worms and other such threats.

The goal of most hackers is to obtain personal information since it is worth money. Once they obtain the data, they may directly steal money by using personal information in order to access bank accounts and make purchases with the users’ credit cards. Hackers may additionally sell users’ information to other individuals who are interested in stealing money in such ways. Another way in which hackers may use your information is by deceiving your friends and family – the hacker sends your dear ones a message while pretending to be you, prompting them to transfer private information such as bank details. Moreover, the hacker can sell your identity, so that other criminals can then use it and obtain sensitive financial information in your name.

What can social media users do about security?

Users need to prioritize safety during social media use. Here are a few important tips that can help avoid loss of information, identity and malware-infection:

1. Use secure passwords – what stands behind your password? Your life! If it has been hacked, your files will go on sale. Secure your passwords by using at least 14 characters, incorporating upper and lower-case letters, numbers and symbols.
2. Check the default settings of every website and ensure that your information is not public, all the while limiting the amount of data you provide.
3. Be mindful of the pictures you upload onto social media platforms and try to avoid embarrassing pictures, or ones that may put you at risk and be possibly used for blackmail against you in the future.
4. Secure your computer – your life is valuable and so is your information! Hackers want you and your data. Only use computers with updated firewalls and protective software.
5. Think before you click – never click on links simply because you know the person who sent them to you. Some malware will take over a user’s account, sending automated ‘infected’ messages to all contacts with the intent of infecting them, too.
6. Spam – pay attention to spammers who are after your personal information by sending unwanted invitations. If you do not know the person who sent you the message, it is best to ignore it.
7. Two-factor authentication – this leaves your account safe and secure even if your password has been hacked. In exchange for the mild inconvenience of entering a single-use code alongside your password when you sign in, you will benefit from an immediate and permanent upgrade which makes your account substantially more difficult to hack. 
8. Log-out – this way, you can prevent two types of hackers from obtaining your information. The first is an attacker who pretends to be you when you are offline, or in case your smartphone has been stolen. The second is an attacker who uses Cross-Site Request Forgery (CSRF) in order to get you to do something illegal such as giving access to accounts, without your awareness.