You must have heard the recent news this past weekend – 1.1 million RedMart accounts were stolen from e-commerce platform Lazada and sold online in a data breach on Friday, 30 October; and 2.8 million Eatigo accounts were illegally assessed in a data breach on Saturday, 31 October.
Why is this happening? Is this some Halloween scare that hackers want to carry out to scare people from shopping on e-commerce platforms? Are people starting to become careless with their online personal data after the 9.9, 10.10, and soon 11.11 sale?
Whatever it is, the truth of the matter is that such high-profile data breaches have been on the rise whether we like it or not.
So what is the problem here?
The problem is that, Encryption has increasingly been viewed by many as a “bulletproof” technology to protect data from cyberthieves.
Organizations swear by it, and consumers feel overly confident knowing that their recent transactions and personal data are encrypted. But despite the confidence around this “go to” technology, time has shown that encryption is just not enough. In fact, it’s failing us.
The fact is this: most organizations today invest in encryption due to regulatory mandates, and what they ought to do. However, they fail to understand that encryption is not “bulletproof” — rather, it should be viewed as a steel tunnel with two locked doors on either end. The keys for these doors can and will be stolen. It’s a basic defense that protects data while in transit or at rest, but it shouldn’t be the only thing protecting our medical records, credit scores, bank statements and other digital documents that only we — and the vendor we choose and trust — should be allowed to see.
Think of a criminal breaking into a home. A basic lock on the front door alone won’t stop them from accessing what’s inside. Instead, they look for alternative routes — side doors, open windows, garages or even try a skeleton key on the front door. Mistakes are made in not protecting the master keys. And this is the reason why the cybercrime wave of 2020 (and the past weekend) is flourishing due to the misconception that encryption is foolproof.
Unfortunately, we as consumers don’t have much control over the types of security defenses vendors are using. It’s a flawed trust system where we can assume organizations have multi-layered defenses, beyond just encryption, that will keep hackers at bay. One can guess that large, well-known entities have better protection controls (and a higher cybersecurity budget) than smaller vendors, but as we saw with recent breaches, this doesn’t always mean tightened security. In addition, these large corporations are being targeted by elite hackers of the dark web, which marginalizes any proactive security posture.
Therefore, learning how to protect your own personal data from such data breaches is paramount now than ever before! Here are some steps you can take:
- Make it a point to only share sensitive information if it’s a reasonable request — for example, an online retail store shouldn’t be asking you for passport details. If they are, it’s a scam.
- When inputting personal details, ensure the website has “https:” in its web addresses, as the S stands for secure. You also may want to do some homework to ensure the vendor hasn’t had any major security issues as of late and has been recognized for its security
- Rethink sharing personal information online, or limit access to your public social media pages. A thief can use the information to answer security questions (what was your first pet’s name, what is your mother’s maiden name, etc.) on your accounts.
- Use a strong password – passwords should have a mixture of upper case, lower case, numbers and special characters
- Change your home router’s password
- Avoid using public Wi-Fi or Bluetooth – it’s an easy way for fraudsters to gain access to your devices. If you do use public Wi-Fi, consider buying a virtual private network (VPN). VPNs allow you to create a secure connection and protect your browsing history from others on public Wi-Fi.
- Learn how to spot phishing scams. Scams, like phishing emails and spam calls that attempt to trick you into handing over your financial information, are the most common way for hackers to obtain your data.
- Never use your debit card online
- Update all software once a week or whenever an update is available – this includes your mobile apps as well
- Use security software on all devices
- Turn on firewall and use encryption
We live in a world where most transactions are now done online. While we can take best practices to better protect our information and conduct a due diligence with online vendors, it’s ultimately an organization’s responsibility to realize that encryption alone is not the answer. It will eventually fail them, and in turn your digital identity will be victimized.
Want to heighten your company’s IT Security? Check out all our IT Security Services here, or click the green button below to contact us today!
eVantage Technology is a professional and trusted IT solutions provider, dedicated to providing exceptional service to companies in Singapore and across Asia.