I have nothing to hide

How often do you hear this simple, at first glance, phrase from your friends, relatives and colleagues?

As the state and giant companies put into operation increasingly sophisticated means of controlling information and tracking users, the percentage of misguided people who take for the commonplace truth at first glance the statement that “if I don’t break the law, I have nothing to fear. ”

Indeed, if I did not do anything wrong, the fact that governments and giant companies want to collect all the data about me, emails, phone calls, webcam images and search queries does not make any difference, because they are all Equally, they will not find anything interesting.

After all, I have nothing to hide. Is that not so?

What is the problem?

I am a system administrator. Information security is very tightly integrated into my life and, due to the nature of my work, as a rule, the length of any of my passwords is at least 48 characters.

I know most of them by heart and at times when a random person happens to accidentally watch how I introduce one of them, he usually raises a reasonable question - “why is it so ... voluminous?”

“For safety?” But not as long! For example, I’m using an eight-character password, because I have nothing to hide . ”

Recently, I have increasingly heard this phrase from people in my surroundings. What is particularly depressing - sometimes even from those who are more associated with information technology.

Ok, let's rephrase.

I have nothing to hide, because ...

... everyone already knows the number of my bank card, its password and CVV / CVC code
... everyone already knows my PIN codes and passwords
... everyone already knows the size of my salary
... everyone already knows where I am at the moment

And so on.

That doesn't sound very believable, right? However, when you once again pronounce the phrase "I have nothing to hide," you mean this. Perhaps, of course, you are not yet aware, but the truth does not depend on your will.

It is important to understand that this is not about concealment, but about protection. Protect your natural values.

You can not hide anything if you are absolutely sure that there is no threat to you and your data from the outside

However, absolute security is a myth. "Only he who does nothing is not mistaken." It will be a huge mistake not to consider the human factor when creating information systems that are closely related to the safety and security of user data.

Any lock requires a key to it . Otherwise, what's the point? The castle was originally conceived as a means to protect property from the interaction of outsiders with it.

You will hardly be delighted if someone gets access to your account on a social network and starts distributing obscene messages, viruses or spam on your behalf.

It is important to understand that we do not hide the facts. Indeed: we have a bank account, email, Telegram account. We do not hide these facts from the public. We protect the above from unauthorized access.

But who did I give up?

Another equally common misconception that is usually used as a counterargument.

We say: “Why do companies need my data?” Or “Why should a hacker hack me?” Without taking into account the fact that hacking may not be selective - the service itself can hack, in which case all users who have been registered will suffer in system.

It is important not only to comply with the rules of information security, but also to choose the right tools that you use.

Let me give you a few examples to make it clear what is being discussed.

They had nothing to hide

Source: “Most Significant Data Leaks in 2018”

Data leaks occur much more often than you think

It is true that not all data leakages are openly claimed by the attackers or victims themselves.

It is important to understand that any system that can be hacked will be hacked. Sooner or later.

Here's what you can do now to protect your data.

→ Change your mind: remember that you do not hide your data, but protect it
→ Use two-factor authorization
→ Do not use light passwords: passwords that may be associated with you or found in the dictionary
→ Do not use the same passwords for different services
→ Do not store passwords in clear text (for example, on a piece of paper glued to the monitor)
→ Do not tell anyone the password, even support staff
→ Avoid using free Wi-Fi networks

What to read: useful articles on information security

Information security? No not heard
Educational program on information security today
Fundamentals of information security. Price error
Friday: Safety and Survival Paradox

Take care of yourself and your data.

Source: https://habr.com/ru/post/463937/

All Articles