A new year is always a good time to reflect on the future and make resolutions to improve our lives. We have asked 6 experts of the SECURITYMADEIN.LU team to share and explain their very personal resolutions for 2019. Some are quite ambitious…
“Be aware of the risks of our hyper connected behaviour”
Bertrand Lathoud (C3 Manager)
“I am very motivated to make my relatives and acquaintances aware of the risks inherent to their hyper connected behavior… Very often, my friends and family are totally unaware of the fact that they put their privacy, and even sometimes other people’s privacy, at risk by posting all kinds of personal information or photos on social networks or inside community oriented mobile apps. If you act without awareness on these networks, hundreds of small details become scattered all over the net, which may seem insignificant if you take them separately. But when all of this data has been collected, it allows to build an extremely accurate portrait which can then be used either to implement various social engineering attacks, or to expose intimate choices that we would have preferred to stay private… “, considers Bertrand who believes that cybersecurity is an issue on par with public health: “We need to improve what health specialists call “herd immunity”. By doing so, we could reduce the likelihood of success for massively automated and distributed attacks, which can be seen as large disease outbreaks!”
“I want to draw attention to poorly secured connected objects”
Matthieu Farcot (Legal Advisor)
In 2019, I will seek to disconnect as much connected objects as I can. The Internet of things is getting omnipresent around us. This represents a potential danger far beyond privacy issues because the security of these objects is not a primary factor especially in relation to the necessary web service which will operate them. Stationary connected objects (such as a TV, radio, printer, home automation system, or gadget of any kind) tend to be permanently connected to the network. Like any connected machine, if they are not updated as soon as security issues arise with the software that is operating them, they expose the user to a risk.
Sometimes, one does not have a choice. But when one does, exposition to connected objects should be reduced as much as possible. This downgrades the exposure to threats of the individual user owning the material. And moreover, this reduces global IT threats of us all, as infected connected devices can be used as relays for wider attacks on the global network.
“Clean up and update passwords”
Yolande Roller (Press Relations)
Me, I will clean up my passwords vault and erase those that I no longer use. I will also change those which are too weak or the ones that I use for multiple access …
Quality passwords are the foundation of our security. If we are not careful, we will increase the risk that our information will be compromised.
Above all, avoid using the same password for all of our online accounts. “Sensitive” accounts such as access to e-mails, Facebook or business information systems must not be protected with the same passwords. Because if an online application is attacked, and the hackers manage to get their hands on our passwords, they will then immediately test them on accounts which are more sensitive or more interesting for them. When an online service issues an alert about a possible leak of certain data, it is better to change our password for this application without delay, even if it has not been established that the criminals gained access to the password.
“Acting sparingly with software: ‘Do I really need it?’“
Alexandre Dulaunoy (CIRCL Manager)
Use less software to reduce one’s exposure to attack … “Sometimes we tend to install too much software to accomplish simple things. Or we test some products and then forget to uninstall them later… So, it is better to act sparingly and to ask yourself the following questions before installing anything: “Do I really need it? Could I not do the same thing with a tool that I already have?… “. We should adopt the same habit when we have to update the software which is already running on our laptop or smartphone. Most users tend to keep old software on their computer without thinking that it could become an open gate for attacks and adversaries.
Each software contains flaws and each additional element installed on our devices mathematically increases our exposure to attack. A word to the wise…
“Review forgotten connections found in applications”
Juan Rocha (CASES Cybersecurity Consultant)
After the holidays, new devices will land in my pockets. Others will be stored in a drawer or will be repurposed to make children happy.
Application consumption is increasing every year. After the arrival of a new “smart companion” I will install my favorite social networks, office applications, didactic applications, and those that are there but may never be used! It’s amazing how quickly access to my information multiplies and scatters without any control on my part. Today, I wonder about all these sessions that remain open on my old smart phones, tablets, computers, etc.
The resolution for 2019; obviously at the top of the list a review of forgotten connections found in applications that store my personal data. To accomplish this, I first go to the settings of the application in question and then check the identity of the current equipment. I then disconnect from the other devices or, even better, I discard the devices that I no longer use so that they can benefit someone else.
Pascal Steichen (CEO)
By default, my New Year’s resolution is to go through all of the passwords for the different services I use and then change them. In 2019 there’s one which I would like to take special care of, my Facebook password, I will #delete it.
With all the scandals about abuse[^1], manipulation[^2] and leakage[^3] of data that we users of Facebook trusted them to take care of[^4], and that were spurned[^5] and trampled[^6] on without remorse[^7], it is time to react and quit Facebook! As well as all of its related services like WhatsApp[^8], Instagram[^9], Messenger and the Oculus VR gear.
Mine, and your, whereabouts and doings in the world of Facebook, have generated on average $3.2 billion[^10] in revenue from advertising, for Mark Zuckerberg and his fellas. And as Senator Hatch[^11] cleverly highlighted, Facebook is not a “tech company”, but a news & advertising portal and should therefore align itself with the rules and laws related to news and ads companies. Facebook should be subject to the same standards of fairness, decency and accuracy of information for the information it publishes.
As we all know this is clearly not the case. Even worse, our data is being used against us, against our beliefs and decisions, against our democracies, and all of this knowingly allowed by Facebook’s leaders [^12].
Therefore allow me to invite you to my Quit Facebook! article series which will be published in the next few weeks. Time has come to give the web back to the users! Join me in promoting responsible usage of data and privacy-aware behavior among your peers and entourage. In my humble opinion Facebook is not the only data monster that we, society, will have to deal with in the coming years.
[^1]: Sri Lanka blocked Facebook and WhatsApp for three days in response to posts calling for attacks on Muslims in the country. The move was a last resort after Facebook ignored calls from both the Sri Lankan government and NGOs to control ethno-nationalist accounts spreading hate speech that contributed to deadly anti-Muslim riots in the country - https://www.reuters.com/article/us-sri-lanka-clashes-socialmedia/sri-lanka-lifts-ban-on-facebook-imposed-after-spasm-of-communal-violence-idUSKCN1GR31R
[^2]: Facebook / Cambridge Analytica Data Scandal- https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal
[^3]: Facebook Security Breach Exposes Accounts of 50 Million Users - https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html
[^4]: “You have control over who sees what you share on Facebook.” - https://www.facebook.com/about/basics
[^5]: Number of special data-sharing relationships that existed between Facebook and companies like Spotify, Netflix, and Microsoft unbeknownst to many users - https://www.nytimes.com/2018/12/18/technology/facebook-privacy.html
[^6]: “Maybe someone dies in a terrorist attack coordinated on our tools… And still we connect people.” - https://www.buzzfeednews.com/article/ryanmac/growth-at-any-cost-top-facebook-executive-defended-data
[^7]: Zuckerberg ‘avoided questions’ at European parliament - https://www.theguardian.com/technology/2018/may/22/no-repeat-of-data-scandal-vows-mark-zuckerberg-in-brussels-facebook
[^8]: WhatsApp founder plans to leave after broad clashes with parent Facebook - https://www.washingtonpost.com/business/economy/whatsapp-founder-plans-to-leave-after-broad-clashes-with-parent-facebook/2018/04/30/49448dd2-4ca9-11e8-84a0-458a1aa9ac0a_story.html
[^9]: Instagram’s Cofounders Abruptly Resigned - https://www.buzzfeednews.com/article/katienotopoulos/instagrams-co-founders-just-resigned
[^10]: Facebook annual report 2017 (cf page 37) - https://s21.q4cdn.com/399680738/files/doc_financials/annual_reports/FB_AR_2017_FINAL.pdf
[^11]: Utah Sen. Orrin Hatch calls foul on media coverage of Zuckerberg hearing - https://www.deseretnews.com/article/900015713/utah-sen-orrin-hatch-calls-foul-on-media-coverage-of-zuckerberg-hearing.html
[^12]: The latest the DC lawsuit alleging that Facebook knew personal data on 70mm users was harvested by GSR and sold to Cambridge Analytica then chose not to inform public for 2 1/2 years - https://assets.documentcloud.org/documents/5637377/Facebook-Complaint.pdf