According to the criteria of
Learn moreOrdering a pizza or making a payment has become very easy thanks to digital applications. In a few steps, what used to cost us a lot of time, now we can do it from our cell phone. And, with the momentum of the pandemic, more and more people are using these services in Peru and the world.
However, we rarely think about how our sensitive personal data such as credit card number and password, our biometric data or address are handled. Sometimes, we provide access to sensitive information without knowing if the companies that own the applications or web pages will handle our data well or if a cybercriminal is behind it.
Thus, being careless in the digital world can have serious consequences, since whoever has access to our key information can impersonate us, keep our money, even blackmail us.
For this reason, it is important to know how to take care of our personal information and acquire security habits. El Comercio spoke with Diana Robles, IBM Security leader for Colombia, Peru, Ecuador, Venezuela and the Caribbean Region, about this and other issues regarding the World Data Protection Day, which is celebrated every January.
“If we take into account that 8 out of 10 Peruvians reuse passwordss, the leak of one of our records on a website may cause the loss of information and/or access to other sites” warns the specialist.
- What are the personal data most at risk in the digital world?
On the one hand, we have “personal information”, which is any information related to an identified or identifiable natural person; that is, it includes the name, age, home address, zip code, among others. This data, when combined, can allow us to identify an individual, to know exactly who they are. On the other hand, there is “sensitive personal information”, which, if lost, compromised or disclosed, could harm, embarrass, inconvenience or result in unfair treatment of a person financially, at work or socially. Some of this data is the following: credit information, biometric data, date of birth, health information, as well as our rpersonal records before the government such as driver's license, identity documentation, birth certificate, etc.
According to the Cost of Data Security Breach 2021 study by the Ponemon Institute and IBM Security, theft of credentials (usernames and passwords) is the most common method used as an entry point by cybercriminals. From there, nearly half (45%) of the breaches analyzed exposed personal customer data such as name, email, password, or even medical data, representing the most common type of leaked record in the report.
In turn, one of the main factors that puts personal data at risk is the reuse of passwords, caused by password fatigue due to account overload. This is a very dangerous trend and, according to the study on digital behavior of consumers during the pandemic, el 85% of Peruvians surveyed stated that they reuse their passwords.
- Many times digital applications and services request access permissions on our devices. What permissions granted to apps (access to camera, contacts, etc.) put our personal data at greater risk?
The Internet of Things (IoT) in its simplest and most basic conception, is nothing more than the connection between an object to the Internet network, whatever its dimension or function. As an example, we have surveillance cameras, televisions, cars, thermostats, valves, locks, telephones, etc. Any “gadget” that connects to the internet is considered an IoT device. Many of those devices come with their own apps.
Applications usually ask us for permissions to access different parts of our devices, such as geolocation, for example. Here, the key lies in understanding what this application really needs to have access to to provide me with the service it offers, since many times the apps request access to everything [on our cell phone], even what they don't need For example, a video game usually doesn't need access to photos. This is bad practice in app development, but it is something that is commonly seen.
What is a good digital hygiene practice is to periodically examine these applications and take care (according to the case of each device), in order to implement appropriate restrictions. It is important to take inventory of the apps. Delete the ones you don't use and consider whether you need to accept certain permissions to use them.
It has an actual game engine for Android. It also comes with tutorials. https://t.co/QDhgTYmGJR5. React Native… https://t.co/b7pKD67zjQ
— Chill Developer Tue Aug 25 08:50:04 +0000 2020
- How can the personal data handled by companies be used by cyber attackers after a breach?
When a company suffers a data breach, its information passes into other hands that seek that data to harm both users/customers and organizations. That data is exposed and can be used by attackers to extort money from users and access other online platforms and services that people use. Let's think about this, another finding from the study on digital behaviors I mentioned earlier: More than a third (37%) of millennial respondents were found to prefer placing an order through a potentially unsafe app or website rather than calling or visiting a store. place in person. These sites often ask for credit card information to make the payment. If this data is stolen and leaked, all our information is exposed and, if we take into account that 8 out of 10 Peruvians reuse passwords, the leak of one of our records on a website can cause the loss of information and/or access on other sites.
In addition, data breaches expose people to phishing problems, cybercrime, and even the sale of private victim information on the Dark Web. Identity theft, for example, is used to make financial transactions through accounts in someone else's name, including anything from making purchases using a credit card number to taking out a car loan. Less commonly, it is used to obtain health insurance, file fraudulent tax returns, impersonate someone else during an arrest, open phone or wireless service, or even attempt blackmail.
- Do individuals and companies understand how important it is to protect personal data?
Steps are being taken to reduce leaks and exposure of personal data, but attackers keep advancing, increasingly improving their techniques and also leveraging new technologies to create more sophisticated attacks, from ransomware to data theft. So there is still a long way to go.
In today's digital society, data privacy is key and organizations must take steps to ensure that their information is protected, stored securely and used responsibly. Without a doubt, responsible and secure data management should be the same, it cannot vary according to where someone lives or from where they access the Internet. Added to this is the responsibility of each one of us as users, both to maintain correct digital hygiene and make it difficult for attackers, but we must also be active in understanding, deciding and monitoring how our data is being used.
- What should be the good practices of companies in order not to put users' personal data at risk in leaks, for example?
Businesses have become increasingly reliant on digital interaction with consumers, and this has accelerated as a result of the pandemic, so they need to consider the impact this has on their cybersecurity risk profiles. In light of changing consumer behaviors and preferences around digital convenience, IBM Security suggests organizations consider the following security recommendations:
Zero trust approach: Given the increased risks, enterprises should consider moving to a “zero trust” security approach, which operates on the assumption that an authenticated identity, or the network itself, may already be compromised and, therefore, the connection conditions between users, data and resources must be continuously validated to determine authorization and the need to access the information. This approach requires enterprises to unify their security data and approach, with the goal of immersively encompassing the security context around every user, device, and interaction.
Modernizing Consumer Identity and Access Management: For businesses that want to continue leveraging digital channels to engage with the consumer, providing a continuous authentication process is important. Investing in a modernized Consumer Identity and Access Management (CIAM) strategy can help organizations increase digital engagement, deliver a frictionless user experience across different digital platforms, and use behavioral analytics to help reduce the risk of fraudulent use of accounts.
Data protection and privacy: More digital users means companies will also have more sensitive consumer data to protect. Organizations must implement strong data security controls to protect against unauthorized access, from monitoring data for suspicious activity, to encrypting sensitive data wherever it travels (technologies, borders, etc.). Companies must also implement appropriate privacy policies across their on-premises and cloud infrastructure to help them maintain consumer trust.
Put security to the test: With the use of and reliance on digital platforms changing rapidly, organizations should consider dedicated testing to verify that security strategies and technologies that were previously they hoped will continue to be valid in this new scenario. Reassessing the effectiveness of incident response plans and testing applications for security vulnerabilities are important components of this process.
- What measures should people take to protect their personal data in the digital environment?
Computer securityInfogram