How often do you hear this simple, at first glance, phrase from your friends, relatives and colleagues?
As the state and giant companies put into operation increasingly sophisticated means of controlling information and tracking users, the percentage of misguided people who take for the commonplace truth at first glance the statement that “if I don’t break the law, I have nothing to fear. ”
Indeed, if I did not do anything wrong, the fact that governments and giant companies want to collect all the data about me, emails, phone calls, webcam images and search queries does not make any difference, because they are all Equally, they will not find anything interesting.
After all, I have nothing to hide. Is that not so?
What is the problem?
I am a system administrator. Information security is very tightly integrated into my life and, due to the nature of my work, as a rule, the length of any of my passwords is at least 48 characters.
I know most of them by heart and at times when a random person happens to accidentally watch how I introduce one of them, he usually raises a reasonable question - “why is it so ... voluminous?”
“For safety?” But not as long! For example, I’m using an eight-character password, because I have nothing to hide
Recently, I have increasingly heard this phrase from people in my surroundings. What is particularly depressing - sometimes even from those who are more associated with information technology.
Ok, let's rephrase.
I have nothing to hide, because ...
... everyone already knows the number of my bank card, its password and CVV / CVC code
... everyone already knows my PIN codes and passwords
... everyone already knows the size of my salary
... everyone already knows where I am at the moment
And so on.
That doesn't sound very believable, right? However, when you once again pronounce the phrase "I have nothing to hide," you mean this. Perhaps, of course, you are not yet aware, but the truth does not depend on your will.
It is important to understand that this is not about concealment, but about protection. Protect your natural values.
You can not hide anything if you are absolutely sure that there is no threat to you and your data from the outside
However, absolute security is a myth. "Only he who does nothing is not mistaken." It will be a huge mistake not to consider the human factor when creating information systems that are closely related to the safety and security of user data.Any lock requires a key to it
. Otherwise, what's the point? The castle was originally conceived as a means to protect property
from the interaction of outsiders with it.
You will hardly be delighted if someone gets access to your account on a social network and starts distributing obscene messages, viruses or spam on your behalf.
It is important to understand that we do not hide the facts. Indeed: we have a bank account, email, Telegram account. We do not hide
these facts from the public. We protect the
above from unauthorized access.
But who did I give up?
Another equally common misconception that is usually used as a counterargument.
We say: “Why do companies need my data?” Or “Why should a hacker hack me?” Without taking into account the fact that hacking may not be selective - the service itself can hack, in which case all users who have been registered will suffer in system.
It is important not only to comply with the rules of information security, but also to choose the right tools that you use.
Let me give you a few examples to make it clear what is being discussed.
They had nothing to hide
In November 2018, personal data leaked from the Moscow multifunctional centers for the provision of state and municipal services (MFC) “My Documents”.
On the public computers in the MFC, many scanned copies of passports, SNILS, questionnaires indicating mobile phones and even bank account details were found, which anyone could access.
Based on the data obtained, it was possible to gain microloans or even gain access to funds in people's bank accounts.
In October 2018, a data leak occurred . The names and email addresses of more than 420 thousand employees were in the public domain.
Customer data did not fall into this unloading, but the fact of their appearance in such a volume indicates that the thief had high access rights in the bank's systems and could gain access, including to customer information.
An error in the API of the social network Google+ allowed developers to access such data of 500 thousand users as: logins, email addresses, places of work, dates of birth, profile photos, etc.
Google claims that none of the 438 developers who had access to the API knew about this error and could not use it.
Facebook officially confirmed the data leak of 50 million accounts, while up to 90 million accounts were potentially affected.
Hackers were able to access the profiles of the owners of these accounts thanks to a chain of at least three vulnerabilities in the Facebook code.
In addition to Facebook itself, those services that used the accounts of this social network for authentication (Single Sign-On) also suffered.
- Google again
Another Google+ vulnerability that leaked data to 52.5 million users.
The vulnerability allowed applications to receive information from user profiles (name, email address, gender, date of birth, age, etc.), even if this data was private.
In addition, through the profile of one user it was possible to receive data from other users.
Source: “Most Significant Data Leaks in 2018”
Data leaks occur much more often than you think
It is true that not all data leakages are openly claimed by the attackers or victims themselves.
It is important to understand that any system that can be hacked will be hacked. Sooner or later.
Here's what you can do now to protect your data.
→ Change your mind: remember that you do not hide your data, but protect it
→ Use two-factor authorization
→ Do not use light passwords: passwords that may be associated with you or found in the dictionary
→ Do not use the same passwords for different services
→ Do not store passwords in clear text (for example, on a piece of paper glued to the monitor)
→ Do not tell anyone the password, even support staff
→ Avoid using free Wi-Fi networks
What to read: useful articles on information security
→ Information security? No not heard
→ Educational program on information security today
→ Fundamentals of information security. Price error
→ Friday: Safety and Survival Paradox
Take care of yourself and your data.