By OPEC Staff
Your privacy and more is at risk when using social media and geo-location enabled wearable technology, the Chief Information Security Officer for CDCR’s Enterprise Information System (EIS) warns.
”There are some relatively easy steps you can take to increase your protection,” said Vitaliy Panych, CDCR Information Security Officer.
“You should be careful with any technology, including smart devices, digital assistants, home automation equipment, and fitness trackers that integrate with social media feeds,” he said. “In some cases, you may be sharing information about your private life.”
Panych recommended you monitor and limit your digital footprint by evaluating any privacy settings on devices and social sites to turn off or opt-out of features which may overly expose your private information.
Online social media and data brokers mine people’s digital footprints for information they can sell to a wide range of customers, some legitimate, some not. Some may expose your private data without your intent or knowledge.
“The sheer volume of information transmitted digitally makes gathering this information lucrative. Research shows there are more than 1.6 billion active Facebook users and more than 7,200 tweets sent every second,” according to Panych.
“Home address, age, phone number, social media and e-mail accounts, and geo-location fitness paths are easily accessible. Sometimes people are targeted because they work in government,” Panych said. Their personal information may be posted publicly with malicious intent in a process known as “doxing.”
The exposure of personal information may even be extended to family members.
In a practice known as “blended attacks,” the employees, friends and families may be harassed or exploited.
Even social media sites that don’t currently share your information, may changes their terms of service, exposing a lot of information that you might not want made public.
He recommended following these steps:
- Use strict privacy settings
- Opt-out of location sharing when not necessary
- Maintain strong passwords or passphrases (such as a sentence put together and used for a password)
- Enable two-factor or multi-factor authentication. This is an increased level of authentication where you get sent a one-time pin via text message or email and may be prompted to use a “mobile authenticator” app on your smartphone.
- Select secure networks rather than open networks
- Leverage Virtual Private Network (VPN) where available
Opting out may require sending letters and making calls, and it will require vigilance to make sure the information you want kept private is removed, but Panych said, the result is worth the trouble.
You should also use the privacy setting many social media platforms offer. At a basic level, most platforms allow you to restrict who can view your information.
Another step to protect yourself is to install approved apps from a store connected to the device’s maker exclusively. Loading unapproved apps brings the danger of infecting your device with malware and unwanted surveillance.
Mobile devices, including wearable fitness devices may allow outside parties to gain access to your personal information when privacy settings are too loose. Your contacts, messages and photos could be at risk.
Simple security steps should be followed, Panych said.
- Secure home Wi-Fi (use encryption such as WPA2 with a difficult to guess pre-shared passphrase)
- Use two-factor or multiple factor authentication where available
- Allow auto-updates for apps and software
- Connect to secure networks (not the open networks offered at hotels, restaurants, or coffee shops).
Even the basic step of turning off a device or a feature (GPS, Wifi, Bluetooth) when not in use may offer protection.
For mobile devices, he recommended:
- Protect passwords with biometrics or a strong password
- Enable lost device or remote tracking/wiping
- Allow automatic app and software updates
- Watch out for “shoulder surfing” by strangers
Also physically make sure mobile storage devices are secure or use encryption.
Panych said you should also contact your department’s Information Security Office for help. You can reach them via email at:
CDCR ISO: ISO@cdcr.ca.gov