<img height="1" width="1" src="https://www.facebook.com/tr?id=1879927395628828&amp;ev=PageView &amp;noscript=1">

Sensitive Information in the Online World

 Jul 12, 2017 9:45:00 AM |    Brandon Bachman

Your Information on the Internet
With more of our lives on the internet than ever, the coming generations only look to face increasing risk when handling sensitive information online. It isn’t just social networks that you’re putting personal information on, either. Anything you sign up for or use online that requires (or optionally takes) information about yourself could be a target for a malicious hacker.

Whom you trust when you give personal information online can be a difficult decision to make. Someone out of the loop might see the ‘secured’ lock in the top left of the screen and assume whatever information they’re providing is safe. Regretfully, it’s not. All's not lost, though, as it doesn’t take an industry professional to be able to keep personal information safe.

The unfortunate thing about security is that there is no one ‘fix all’ application or system that will allow you to be careless on the internet. If anything, we have the exact opposite: when you make a mistake (like giving up personal information, sharing a risky video, or taking a dumb photo) there are those that would use it to their advantage, possibly by spreading a video around for laughs or hacking a financial account. Making a mistake like that could be costly; but when in doubt, here’s a few words to remember: Once it’s on the internet, it’s there forever. It might sound a bit cliché, and that statement is not always entirely true, but for the things posted to social networks… Well, let’s just say it’s better to be safe than sorry. Many big sites such as Facebook have repositories for all kinds of information (even some available for grabs through the FB API). In addition, there is no telling what kind of scraping is being done by other users/companies, and most of us probably don’t even know the scraping policy enforced on our network of choice.

Associative Data
If you’re like me, you may not post much online purely out of apathy. However, for those of us more inclined it’s useful to know what kind of information can get you in trouble. One of the key things a hacker must do when trying to gain access to an account is to gather enough information to abuse a system (recovery, weak password policy, poor identification technique). In doing so, our hacker is going to need to find some information that is associated with your identity, this could be:

  • Age (date of birth)
  • Email addresses
  • Family identity (names, birthdays, heritage)
  • Location (where you were born, currently living, heritage)
  • Full name
  • Old passwords
  • Pets names
  • Past friends

This is not an all-inclusive list — I’m certain there are many more pieces of information that could be useful to an attacker. The main thing to remember though, is that a hacker is going to be looking to associate this data with identifiers that will allow them to gain access. For instance, if someone has your name and age, but does not have any accounts or other personal information, it may be significantly more difficult for them to find you. Unless, of course, you associate that data for them through the use of a social network (by linking your email, tumblr, Instagram, etc. on your Facebook). The reason these data associations become so dangerous is because they’re usually unexpected. If you didn’t want to associate your Facebook and Tumblr accounts, you would probably not consider how the two were linked. If you used the same email to set them up, once an attacker has one it won’t be long before they have the other.

Associating any of your personal information with an account that is more or less intended to be anonymous is a problem. Many accounts that are meant to be anonymous use account recovery techniques that allow the company to identify the user. In a previous post I touch upon some of the ways your information could be used to recover an account. If you put too much of that personal information online, the security of those accounts may be compromised (albeit indirectly).

Personal Responsibility
I believe we are individually accountable for the information we put online (to some degree). I’ll admit that it's rather difficult to avoid the convenience of online shopping, information sharing, electronic bills, and the works. It’s easy to get lost in the digital world (especially for those of us born outside of it) and not realize the kind of profile that can be assembled from the information we give to various sites. As humans we’ve got to remember the bottom line, though: Any identifying or personal information online is a risk.

Removing ourselves entirely from the online world would probably be the best solution. But, for those of us that choose (or need) to remain online, we’ll need to limit the amount of information freely available to those who would wish to cause harm.

  • Consider what information is worth putting in your profile.
  • Take time to think of the repercussions of posting that crazy night out on the town.
  • Consider strong password policy and good recovery questions.
  • Have multiple email accounts that are used for various purposes (business, personal, recreation) to reduce the impact if one is compromised.

These are only a few examples — the answers for protection are out there, and all you’ve got to do is look. The next time you provide personal information online, take a moment for reflection; Consider: how can this affect me? Only you can take the necessary precautions to maintain a safety net around your personal information.

Topics: Application Development

Want more of the AsTech Blog? You got it.
Blog subscribers get email updates twice a week.