Line of Sight

Are you as safe as you think you are online?

“—is feeling excited. Thank goodness for online banking! I didn’t have to leave the house to pay for my plane ticket. #TaiwanSoon ”

[Add screenshot of transaction details and booking confirmation]”

“At the moment: basking under the heat of the golden sun in the turquoise Indian Ocean. Happy birthday to me! #tropicalstateofmind #2weeksvacation #thisisthelife”

[Add photo, add location, set viewing settings to “public” for more media exposure]

Does any of that ring familiar to you? You might have come across those kind of posts in your timeline.

Whether you want to pay your bills, shop for the perfect Christmas gift, check your bank account balances, or simply update your fans about your recent Maldives getaway, it can be done with just a few taps on your mobile phone. In today’s digital age, almost anything is within reach; sometimes it’s already right in your hands.

Unfortunately, so is the risk of having your security jeopardized.

Every time you go online, all our activities and information you post on the internet are being registered and stored: by your browser, Wi-Fi router, Internet Service Provider, search engines, your multiple accounts across websites and in software you use.

Advertising technology or “Adtech” companies, for one, can then gather such information—from harvesting personal data to tracking our online habits via google search history and Facebook likes and shares, to understand what kind of person you are. They then sell these data to advertisers (brands, publishers), who, in turn, supply us with online ads that cater with eerie precision to our specific preferences. (I can attest to that, because I see a lot of dog videos on my timeline more and more each time I click “like” on one). This is probably the reason why Facebook keeps asking us what’s on our mind. Advertises feed on information–and we are more than happy to provide it.

“So they make a living by gathering my information and selling it, and I get targeted ads, what’s the big deal?”

Well you might consider it still fine and dandy when your data propels online commerce and consumption. But enter the hackers and social engineers. Everyone loves social media, including them. And to them, stealing your identity can be a piece of cake—all they have to do is go to your social profile and download images and information profile; they don’t need much, just your email address and birthday will do. Once these people gain access to your account, they can pretend to be you. And you can bid sayonara to your social life as they take over your friends list—betraying your friends’ trust in you, while they further proliferate their evil scheme: taking your friends’ information too, and tricking them into visiting harmful websites that infect their computers with malware, all often coming with a deceptive cute cat images attached.

The reign of terror does not end there. Things can go as far as physical theft. That picture of you on your out-of-town vacation, paired with geolocation, is all that potential thieves require to know that you’re not at home, and won’t be for a while.

Scary, isn’t it? Every day, we expose ourselves to these dangers with each photo we upload, restaurant we check-in online, and even those funny cat videos we like. Someone could even be watching us and we wouldn’t know (yes, laptop and mobile phone cameras can be used to spy on you, if you’re not careful). It can be easy to forget how vulnerable we are being when we think we’re among Facebook friends.

“But why me? I don’t think anyone would ever bother stealing my identity; I’m only an insignificant speck in the vast cosmos.” That may be, but not to hackers. As long as you have personal information they can profit from, you are a prospective victim.

Large influential companies and smaller businesses are no less prone to data breach either—and the latest trend in news speak for it. Case in point: the restaurant app Zomato lately fell victim to information theft when a hacker stole the data of its 17 million users and put them up for sale.

Just this November, the transport company Uber also disclosed it paid hackers $100,000 to keep secret a massive breach last year that exposed personal data from around 57 million accounts. Equifax, one of the America’s three major credit reporting agencies, also announced its catastrophic security breach last September that hackers had accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers, as well as credit card numbers for about 209,000 people.

And who could ever forget the classic ComeLEAK? The largest data breach in Philippine history that affected 55million voters in the Philippines, exposing 228,605 email addresses, 1.3 million passport numbers and expiry dates of overseas Filipino voters, and 15.8 million fingerprint records.

The bottom line: the perils of data privacy attacks spare no one—not you, not large businesses, not even the government. Everyone is at risk.

Does this mean we have to go back living under a rock and update our old school caveman drawings instead to stay safe? Thankfully, no. While the threats to our privacy are constantly evolving, so are the safeguards available.

So how can we protect ourselves?

Infrastructures software are constantly being developed, laws legislated, to combat these threats to personal privacy and put individuals in control of their data and enable them to determine what they want to share with whom for specific purposes.

In 2012, the Congress of the Philippines passed Republic Act No. 10173, also known as the Data Privacy Act (DPA) of 2012. Five years later, the DPA’s Implementing Rules and Regulations was put in effect on September 9, 2016, thus mandating all companies to comply. The law aims to “protect individuals from unauthorized processing of personal information that is (1) private, not publicly available; and (2) identifiable, where the identity of the individual is apparent either through direct attribution or when put together with other available information.”

Organizations are swiftly joining the cause and are coming up with their own activities to educate other companies and the public concerned on the nuances of this law and equip them with adequate knowledge on how to protect their information. P&A Grant Thornton for example, is holding a Data Privacy Act Seminar on January 9, 2018 in their Cebu Office to help spread the word in the Viz-Min region.

In addition, articles, digests and other informative materials on how to stay safe online are also abundant on the internet. “Use strong and unique passwords, do not add anyone as a contact that you do not know personally, don’t click on links from anyone you do not trust and do not click on any links that appear random or out of context with your relationship with the sender, browse with a virtual private network (VPN)”–these are just some of the tips given by online bloggers and writers. What they all boil down to, however, is that people can take up arms by educating ourselves on data privacy. When it comes to keeping our information locked and secured, it seems, staying informed is key.

Meanwhile, perhaps you might want to be more critical of your online posts. Sometimes, a picture alone is worth a thousand words—and worth your safety too!

Ms. de Castro is a tax advisory associate at P&A Grant Thornton, a leading audit, tax, ddvisory, and Outsourcing firm in the Philippines and has offices in Makati, Cavite, Cebu and Davao. For comments on this article, please email charlene.decastro@ph.gt.com  or PAGrantThornton.marketscomm@ph.gt.com.

 

As published in Mindanao Times, dated 27 November 2017