“Big” leap of faith here: I’m sure you’ve heard of the phrase “no such thing as a free lunch.” I’m equally sure that most of you believe that phrase also.
By the way, how’s that “free” webmail or social media account of yours doing?
I’m going to do my best to dodge the entire “terms and conditions” conversation when using a free service in this piece, however exciting and important, instead focusing on one specific thing many give thanks for this Thanksgiving month: your data.
Perhaps lost on many of us is how much data we actually produce, transmit, share, have stolen, and yes, even lost.
Do you have a device on? You’re probably producing data, however insignificant you think it is.
Are you on an idle, but active connection? You’re probably transmitting data, however benign you believe it is.
Using an insecure connection? You’re probably leaving yourself open to data theft and loss.
Using a third-party service or app? You’re probably handing somebody oodles and oodles of data.
Remember, the funny thing about data is that you do not need to have a huge file size to still have a lot of data. An entire book 250 pages long, written in plain text (using Notepad or some similar program) may be less than 0.5MB in total file size.
Now imagine instead of words in a novel, those 250 pages were log in/out details, e-mail addresses, contacts, GPS coordinates, financial transactions, or customers? You’re catching my drift I hope: files small in data size are not necessarily small in data richness; in fact, they can be data treasure troves.
Furthermore, given today’s computational power available at the commercial and consumer level, just about anybody has the means to take that data, crunch it, analyze it, and get some interesting picture of what’s going on.
People are perfectly at liberty to not care any of this is going on if you’re dealing with your own personal data – if you want to be a wide open book to the Internet, that’s your business – but that’s not so easy to say when you’re handling somebody else’s data, like an employer’s.
It’s for this reason you want to take steps that stop unnecessary data flow right at the beginning. What does that mean? It means keeping devices off when you don’t need them. It means shutting down your Bluetooth, Wi-Fi, and NFC radios when you’re not using them. It means limiting third-party services wherever possible or at least getting some super agreements that will protect your data in some meaningful way (and that usually means you have to pay for your lunch).
Can taking these extra steps be a pain and inconvenience at times? Yes, they can. But these steps can also save you a world of hurt in the future.
Remember, not all cyberspace actors – good or bad – have the same intent, but many of them are happy to take your data, whether it’s to improve their AI algorithms or whether it’s to rob you blind. That’s why they are giving thanks to you.
Small behavioral steps can make a huge difference. It’s just a matter of a little personal training. And that little training can go such a long way that you may even give thanks for this small blog piece.
By George Platsis, SDI Cyber Risk Practice
November 6, 2018