What happens when lack of privacy hits hard?
|WARNING: This blog contains adult themes. It contains topics which some may find shocking, unpleasant and contains sexual references. If you’re of a delicate nature, you might want to look away now.
We’re all Adults. Aren’t we?
Reading the above, some may have decided to close this blog post. But let’s be honest, human curiosity usually kicks in and want’s to see/know more. After all, it’s a blog about cyber security and data protection, so how ‘shocking’ can it be? Well let’s see…
If you’ve seen the latest ads from Apple you’ll see their focus isn’t on features, like camera or storage etc. It’s on privacy. “Privacy Matters”, the ad exclaims after showing a variety of situations where people are doing their best to protect their security in the physical world. The message is clear: if your privacy matters in the real world then it should in the virtual too.
But are people listening?
As the infamous Vicky Pollard put it: “Yes. But. No. But…” People are indeed listening, but I’m not talking about the ones with the device. Because they’re sat on planes and trains with their devices, writing confidential reports in clear view of other passengers. Many are having open conversations on phones and with colleagues about private matters, or client dealings and even staff issues. All within listening distance of fellow passengers. So are people listening? Yes… but not the ones who need to be listening to this message. Privacy matters, so why don’t people act like it?
I believe there is a touch of cognitive dissonance going on here, which is the state of having inconsistent thoughts, beliefs, or attitudes (like a smoker who knows it’s bad for their health, but continues anyway). Are you a sufferer?
Does Privacy Matter?
Ask yourself the above question and you’ll most likely say “Yes of course.” So can I ask you…
· Have you separate passwords for sensitive things like email? Banking? Shopping?
· Do you have a Privacy Screen on your laptop?
· Have you configured home/smart devices so they’re more secure?
· Do you use a Webcam cover?
· Do you refrain from having meetings on trains (phone or in person)? (If you’re discussing clients/work – you’re in a meeting!)
If the answer to any of the above is No. Then the answer to “Does privacy matter?” is … No, not really.
Home and Away
Of course we all like to think that privacy matters, just like we know health is important. But we make bad choices… “What’s the harm in doing X? What’s the worst that can happen?” Good question, and there is so much more to this topic than I have the energy to write and you’d have the will to read.
But privacy matters at home and away because we’re leaking data everywhere, and as more data is created about us, the more exposed and vulnerable we become. Please allow me to illustrate by taking you to a new risk which surprised even me.
Almost every day in cyber security there seems to be something new we have to learn (which is why I love this topic). And this week I heard a term I hadn’t come across before: “screwdriving”. So I read a little further on the topic, and was surprised to hear it’s a new take on ‘Wardriving’. For those unsure of what that is, in simple terms it’s the act of driving down a street looking for devices that are unprotected in the neighbourhood. Once discovered, they can be hacked (if they are vulnerable and open). Think of electronic garage doors which can be opened by hackers driving down the street. Scary right? Hold that thought…
So what of ‘screwdriving’? Well it’s the same method of attack (driving down the street looking for unsecure devices) but rather than target garage doors, they target sex toys. Sex toys like dolls, vibrators, butt plugs and other such devices. Researchers have shown that they can take over these devices and turn them on (no pun intended) whenever they choose, and set them to full power. But even if they couldn’t go that far, simply knowing these devices are in someone’s home is enough. Which brings us to another new term: “kink-shaming”.
I’ve often said that data leads to information, information leads to knowledge and knowledge leads to wisdom. In this case all we need is a little information about the devices in order to target you. Imagine receiving an email stating that “We know you use X device. If you don’t pay X by Y, we’ll tell all your family, friends and work colleagues what you’re up to.” Sound far-fetched? Sorry… it’s already happening. Welcome to kink-shaming.
What consenting adults get up to in the privacy of their bedrooms should remain private. It would be a terrible invasion of privacy to think that someone knows something about you, which you would prefer to keep private. Privacy clearly matters.
What worries me is that if we’re not thinking about the privacy or the risks associated with the devices we’re putting in our homes (and in our bodies), then can we really expect people to think about our security when they’re sat in the workplace, or on trains? This is the problem we’re up against. Cognitive dissonance is pervasive – from the C-Suite to the shop floor.
Privacy and security start at home. I used to say “Privacy is from the bedroom to the boardroom.” Because people take their mobile devices to bed with them, and if we’re not protecting the most private of devices or thinking about the risks associated to them, then we have to ask where do we start?
I believe we have to start with the people creating these devices – they need to think about Privacy by Design and Default, which is outlined in Article 25 of the GDPR and is a long-standing principle of good design practice. We need to have honest and open conversations about the devices we’re using and how to protect them, both in the home and in the work place.
Finally, I believe we have to lead by example. Start looking at the devices in your home and ask if they’re as secure as you’d like them to be. What information are they leaking? What can they disclose about you? Does their mere existence in your home put you at risk? How are they secured? Then think about your own conduct on planes and trains and ask “Am I really being secure? Does privacy really matter?” If the answer is “yes” to that last question, then please, let’s start acting like it.
Agenci Information Security is responsible for protecting businesses from cyber threats, cyber-attack, internal threats and business outages. Agenci Information Security ensures clients systems are secure and provide peace of mind through a range of proven specialist information security solutions.