Many cyber attacks are aimed at robbing personal data. Perhaps you think your data doesn´t matter to anyone, but you’re mistaken. In fact, that belief often causes us to lower our guard and not make an effort to protect our personal data as we should.
Security is a constant challenge for any Internet user. Although we may not be technical experts in this field, we should learn to protect our personal data in digital environments.
Put yourself in the place of a thief who had to rob a house. Which house would you choose?
- The one with an alarm, exterior lighting, a dog, fences and armored doors.
- The one that has none of the above.
In the online world, exactly the same thing happens. There are entire organizations looking for unprotected identities that don´t pose any difficulty, or for users susceptible to taking the bait that these groups throw into the web. This is how they survive and thrive.
Why do they want my data?
In the majority of cases, data is stolen to be sold on the black market, where it is bought by companies with dubious reputations, either for commercial research or to send advertising. But in other cases, data theft can cause considerable damage to a person.
In the latter case, your personal data could be valuable if it is used to supplant your identity and carry out transactions in your name, or to commit fraud. It´s not your data itself that matters, but what they can do with it.
Our customer, Ramona, has been in and out of court for the last three years, because an usurper obtained her DNI (Spanish National Identity Document) and used it to swindle numerous victims on the Internet. The impostor even tried to open an account at the BBVA office in Zamora, using Ramona´s DNI. The employee who attended Ramona, upon seeing that she already had an account en Zaragoza with the same DNI number, was surprised that she wanted to open another one, so far from her home. To be sure, the employee called the Zaragoza office, where they didn´t take long to uncover the ruse. This is what is known as identity theft.
IMPERFECT JUSTICE “They robbed my identity and now I’m on tranquilizers: I’m not a delinquent.” For three years, Ramona María Timaru has faced a string of court cases because, she says, a swindler has stolen her identity via Internet - el país
How it’s done
There are different ways to obtain personal data, ranging from very rudimentary techniques to sophisticated social engineering strategies; none of them should be underestimated.
Among the principal ways of obtaining information are the following:
- Dumpster diving: finding discarded paper files in wastepaper baskets, dumpsters, CDs, USBs, hard drives, etc.
- Phishing: fraudulent emails that supplant the identity of well-known institutions to deceive the user and rob his or her data.
- Social engineering: obtaining the confidence of the victim and deceiving them to extract personal data, whether by telephone, online, via postal or electronic mail.
- Surfing: some pages can download malware to extract information or take control of a computer, including its webcam.
- Free software: this is a classic in data theft. Remember, when something is free, the product is you.
Things you can do to protect your personal data
The following advice can help you to protect your data. Start defending it today.
1. In the physical world:
- Remember to completely destroy and make illegible all documentation and supports that contain personal data, such as bank statements, photocopies of ID cards, invoices, etc.
- Always cover the webcam when you’re not using it. Your images could be exposed if someone manages to get control of your computer.
- Be careful when someone solicits your personal data. Never provide information that is especially sensitive by phone.
2. On your devices:
- Always use an antivirus in your devices and keep it updated.
- Make sure that the operating system and all of its applications are also updated.
3. When you surf the Internet:
- Always use https pages, which have encrypted connections, to carry out your transactions in a secure fashion.
- Review the privacy configuration of your search engine and periodically erase the history and the cookies.
- In public or shared computers, remember to use the incognito mode when surfing and to close the session when you´re done.
- Don’t enter your personal data when using public Wi-Fi systems.
4. Safe habits:
- Learn to detect phishing websites and emails: check out the links, don´t open emails from unsolicited senders, or unknown addresses, and don´t provide sensitive information via email.
- Don´t download or execute attachments from dubious sources. You could be opening the door to an attacker. Also, take special care if you are going to open an email from the spam folder.
- Always use strong passwords and different ones in each of your services; remember that if anyone manages to obtain a password, they will try to use it in all the other services.
- Whenever you can, use the double authentication factor to obtain an extra layer of security.