Internet Security

Understand Internet Data Privacy: What Should You Know and Expect

Submitted by James Austin Bynoe, International Cyber\IT Security Expert, Co-founder of the Caribbean Cyber Security Center

internetUsing the Internet responsibly […]and safely is an ever-increasing challenge for many of us, no matter how old, young or techno-savvy you are. For most, the Internet

has woven its way deeply into many aspects of our daily personal and professional lives and continues to grow. However, whether you “understand it or not”, the Internet ever-connectedness we crave has many risks and false expectations associated with its use, particularly with data privacy in mind.

Data privacy (or data protection) is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them. An unfortunate reality in understanding data protection, and the impact of associated failures, is that often data breaches are nameless faceless crimes, as compared to the more tradition crimes. This lack of understanding has made it difficult for many regional public and private sector leaders to grasp its seriousness and the overall impact on regional economic stability and development. In simple terms, as data moves across Internet the responsibility for the protection of that data is shared by various system owners across a wide range of Internet infrastructure, data storage platforms, and connections.

With that said it is simply unrealistic to expect that your data will be always protected — in motion or at rest. They are simply too many technical, management and operational data protection security controls that can fail, do fail or that have never been put in place by system owners. Within your individual control, the primary method of ensuring the protection of your personal data remains “not to share it in the first place” and that includes on social media, as cyber predators often use knowledge of your social media activities to profile and target you for attack.

Many of us in the Caribbean are also simply too quick to provide personal data online without consideration for the legitimacy or security posture of the online requestor. Additionally more of us are using the Internet to perform important business and financial transactions on home or work PC’s with a lack of consideration for whether the Internet device being used has been updated appropriately from the operating system and anti-virus protection perspectives. The irony of this failure to update systems is interesting as often the updates are “free”, and simply need to be installed. As an IT Security Auditor, we routinely come across many systems that have not been updated for months or even years, which plays right into the hands of cyber predators who search “daily” for just such systems to exploit.

Depending on the tools used it can take a hacker minutes to identify weaknesses or vulnerabilities across an entire range of business, organizational or government systems. Likewise for the typical home PC/mobile device, system weaknesses or vulnerabilities can be identified in seconds. Outside of your control, where your personal data is being stored and maintained by businesses, organizations and governments, the expectation of data privacy parallels the cyber\information security maturity of the entity with it. Unfortunately in spite of a significant rise in cyber-crime activity in the Caribbean in the last two years, many public and private sector businesses, organizations and government leaders are failing to proactively invest in the implementation of international best practices and standards for data protection. Many are failing to see the return on investment (RIO) in investing in effective data protection, until a major data breach occurs.

The growing news of global and regional data breaches has simply not been enough to “trigger” many leaders into action due to a “nothing has happened to us yet, so why invest in it “mindset”. This shortsighted mindset in many ways is like shooting themselves in the foot, as it has been proven worldwide that it typically cost 10 times more to recover from a data breach as compared to proactively investing in data privacy controls. In some cases, the reputation damage to a business, organization or government caused by a data breaches are very difficult to recover from if at all.

Interestingly enough much of today’s IT management focus on data protection has been from the Internet facing side of the equation, however if you take a look at a few of the major globally reported data breaches very often they occur as the result of the “insider threat”, where employees with access to sensitive or private data intentionally or unintentionally disclose/misuse it. From the unintentional perspective, ineffective, inadequate, or non-existent roles based IT security awareness training is often one of the main root causes of many data breaches. From the intentional perspective, ineffective personal screening, or assignment of too much system rights and privileges to staff that do not have a “need to know” are often key contributing factors in data breaches. Additionally, as a key data protection security control, many organizations are failing to implement account management processes and procedures for the timely removing or disabling the accounts belonging to former employees. As a result of this account management shortcoming often we see access to sensitive data by former employees remaining active for many months or even years.

Based on what we see as auditors it is clear that the main cyber challenges facing the region is a significant lack of regional cyber/IT security awareness, and adherence to international best practices and standards.  To make matter worse the region is also still lagging behind in the passing of a comprehensive set of cyber security laws and legislation, which in many ways is needed to force the hands of many public and private sector leaders to get their cyber security houses in order.  Additionally it is important that the region begin to play an active role in participating in international fora related to industry best practices and standards with key industries like tourism in mind, and regional capacity building. 

It is a cyber\IT security fact that there is no such thing as a perfectly secure system, as even firewalls can be compromised with the right time, effort, tools, motivation and skills. Likewise since there is no such thing as a perfectly secure system, by extension there is no such thing as perfectly secure data. It is also important to note that even hackers and cyber criminals have data privacy concerns, however judging from the fact that less than 2% of them are every caught or prosecuted for cybercrimes, they clearly are much better at it than the rest of us. So to protect your data, I am not suggesting some form of Internet technology retreat or fear of an Internet planet. What I am suggesting with regard to data processed by businesses, organizations or governments that are out of your control, you are well within your rights to demand that investments in “protecting it” are made in a proactive and sustainable manner.

Likewise from the individual data protection perspective, I suggest more responsible use of the internet (at home, work or play), and that you treat your personal data like you treat your purse or wallet: (1) don’t let people you don’t know have it, (2) always know where it is, (3) only share it with trusted sources, (4) and if it get gets a hole in it repair it (i.e. system update) or get a new one.

Tags: ,

14 Comments on “Understand Internet Data Privacy: What Should You Know and Expect”

  1. David September 3, 2015 at 5:09 AM #

    Agree with the thrust of your comment James. The use of the Internet has become so ubiquitous yet we pay little attention to managing online security at the individual, company and government level. However, we focus on security on the traditional front. Also, we believe it will not touch us why worry about it. As you know government Internet presence has been compromised of late on several occasions and has been costing taxpayers hundreds of thousands of dollars to fix. We will pay for our ignorance.

    Like

  2. pieceuhderockyeahright September 3, 2015 at 6:10 AM #

    @ Mr. Bynoe.

    This article like many other articles submitted by “professionals” places you and your organization in a very peculiar stage light – that of “Defender of the Faith”

    I will explain what that is and ask a question.

    1) Kammie Holder of Future Centre Trust – As one of the Protagonists contra Cahill he has come to BU and stated his case clearly and over the course of his submission given clear alternatives

    2) Dr. Georgie Porgie – A the BU Rumshop Doctor in Residence he has come to BU and submitted articles on many a health issue and in like manner given solutions or suggested precautions for diabetes, prostate cancer, and many if not all of the ailments that he has provided his expertise here on

    3) Walter Blackman – Economist in the Echelon of Nation Builder – has come and given his take on national issues ranging from Economy to tangential national resources of people and a global niche exploration programme and many other issues

    4) Mr. Caswell Franklyn – National Union Protagonist – Champion of the Rights of the Underdog and the Workers – the ones that the so called “unions” tek dem union dues and betray at their respective union tables, will come here and give fully as to what is the nature of the problem and what is the solution that can be had

    My point is that they DO NOT USE BU AS AN ADVERTISING VENUE where they come and repeat the obvious and then, because they are in the business of the substantive subject being discussed, conveniently neglect to give any of the readers of said articles existing solutions that we old Rum Shopians can implement at the Flick of a button.

    You see sir you have done the BU household a serious injustice by speaking to an issue that while many of us dont know what a cuntputer is and use it as a glorified typewriter, you have posted a sensationalist article which may be found previously printed on http://www.caribbeancsc.com/#!keeping-business-safe-online/c224d

    I therefore put it to you that your article from Caribbean Cyber Security Centre has insulted the collective environment which Rum-shopians attend here at BU to be informed and to be prepared and I would call on the Blogmaster to remove your insulting advertisement since you bring nothing to the mix and contravene with extreme prejudice “For the cause that lacks assistance, the wrong that needs resistance, for the future in the distance, and the good that [BU] can do …..”

    If one were to go to any blog site where any IT Security Advisor were to comment in an article they not only give the nature of the problem as you have but they also give “the best solutions” that are available out there free, at time of writing, NOTWITHSTANDING that at the end of said article, their name, a brier bio, who they work for etc is appended to that technical submission.

    I think that wunna fellows failing to understand what BU is

    All uh wunna including de politicians does come here searching for ideas and outlets and in your case free advertising and FAIL ABSOLUTELY TO UNDERSTAND what the Venerable Blogmaster has created.

    This is the cyber pen that makes politicians fear, this is the voice of the people, and you, with the responsibility that your organisation is tasked with, sat down and said, “this is another good avenue for us to extend our readership, let us put up a reprint of our “About Us” text there and see how much business we get”

    PISS POOR!!

    Like

  3. pieceuhderockyeahright September 3, 2015 at 6:11 AM #

    Oh de ole man forget he question but you gine answer anyways isnt you?

    Like

  4. David September 3, 2015 at 6:23 AM #

    @PUDRYR

    You too harsh lol.

    James et al are the founders of the Cyberspace website and he had posted many times to BU.

    Like

  5. Artaxerxes September 3, 2015 at 6:41 AM #

    pieceuhderockyeahright September 3, 2015 at 6:10 AM #

    “My point is that they DO NOT USE BU AS AN ADVERTISING VENUE where they come and repeat the obvious and then, because they are in the business of the substantive subject being discussed, conveniently neglect to give any of the readers of said articles existing solutions that we old Rum Shopians can implement at the Flick of a button.”

    PUDRYR, although your comments are “brutally frank,” I have to agree with your perspective on the issue.

    There was a friend of mine who was into the business of selling and installing security and monitoring equipment. When engaging in general conversation, he would cite worse case scenarios and use scare tactics as his “advertising strategy” and as a means of trying to encourage those in the discussion to purchase and install security equipment in their homes or businesses.

    But, I will also admit that the article is very informative.

    Like

  6. Bush Tea September 3, 2015 at 6:44 AM #

    Shiite man Piece…
    That lawnmower of yours just mek Bushie’s whacker look like a powder fluff…

    Like

  7. David September 3, 2015 at 6:48 AM #

    Here is a BU search to pull other James Bynoe articles. Nothing wrong with advertising himself if the BU family gets some learning from it. A win win.

    https://barbadosunderground.wordpress.com/?s=James+Bynoe&submit=Search

    Like

  8. pieceuhderockyeahright September 3, 2015 at 9:17 AM #

    @ Venerable Blogmaster

    You specifically, even though I do not know you personally, have made the ole man have a hope that in the face of such widespread corruption and anarchy, YOU STAND TALL and give a voice to Linneas Banks’ statement, in word and in deed.

    THIS is indeed “the last bastion” and for 7 years you have given service, yeoman service to “the cause that lacks assistance, the wrong that needs resistance…”

    De ole man is not going to stroke your doggie, i sorry I homophobic, in fact de ole man is a lesbian, I like woman too bad (cant say dat for de madam to hear she dont like it and I cant say dat in de church but heah in de rum shop welll, i gine apologise to Donna, Simple Simon, Gabriel, IslandGirl246 who I used to court before my Brother in Arms Bush Tea, Sweet Chocolate and my verbal Assassin Sexy Suznne)

    I went through every single one of those articles that Bynoe and company posted regarding the issues of Cyber space crime and barring a link to their “Think, Click and Surf” website THERE IS NOT ONE REFERENCE or GIVEAWAY.

    Say what you will about Dr. Georgie Porgie even though he loved his CAPS, THE MAN ALWAYS GAVE A FELLOW SOMETHING!!!

    BU is about “the future in the distance,” and the present that these PHVCKERS messing up royally and if a poster of such regional calls cannot post under the non-economic reward “and the good that [THEY] can do” then stan’ out de phreaking kitchen OR RUN FOR POLITICS UNDER THE BLP OR DLP BANNER!!

    I sorry to be getting on like I mek meself and as a fellow in de departure lounge you would feel dat I should be behaving bettah BUT DAT IS DE POINT de res uh de fellows is not behaving good and I ent going let a fellow get no free passes…

    Aftah a while I expect dat I ent gine be able to post heah causing I gine be dead or I may get ban like *******y and the 1st letter and the ** letter should get bann LOL but fuh de time being all de free passes get recall and we got really got to look at ways where we either “Change the direction that we are going in as a Nation or We Die”

    Like

  9. pieceuhderockyeahright September 3, 2015 at 9:19 AM #

    ** regional calibre…

    Like

  10. James Bynoe September 3, 2015 at 9:27 AM #

    My love for barbados runs deep … It is because of that i will continue to offer our nation the best I can. My life journey has put me in a position to be a contributor to a better barbados and that will never change. Not once in my article did I suggest you leverage the knowledge and experience of my organization. Not once … If I can help I will that’s the value of the education we emphasize as a nation. I will continue to share my knowledge on the topic God has blessed me knowledge in. I have spent my owe resources to help raise the bar on cyber awareness in schools and businesses, so to paint the article as some opportunist thing is wrong.

    Like

  11. pieceuhderockyeahright September 3, 2015 at 5:57 PM #

    I glad dat you say so Mr. Boyce and doan tek offence from whu de ole man say earlier bout Cyber Space Crime Centre’s proactive contributions to the BU community.

    I is jes a ole man who believe in the Biblical Words “by their works ye shall know them” so I may have spoken too harshly.

    You see de reason de ole man does speak about being proactive so much is becausing uh two reasons

    1) de ole man ent got too much time pun de calendar of life heah left
    2) In me youth I did waste alot uh time and
    3) judging from de imminent implosion that is happening as we speak in this Barbados that we both love, it is my humble contention dat peeples need to do tings differently

    I did say two right? See I so much ent got time pun me hands dem dat I cyan go bac and change dat number

    We gots to come out from behind de curtains and leh peeple see dat we fuh real.

    As man you does post ggod articles en ting but effing you look back at dem articles dat de blogmaster put up heah bout you contributions you going see a pattern of playing it safe and we cyan afford dat no mo.

    Looka de ole man ent say dat fellows like wunna ent gots tuh put up evahting bout whu you learn pun de cybersecurity Developer Course Learn about the top 10 web app/website related hacking techniques, IT security essentials or sending BU a .zip package containing source codes or examples of important hacking techniques.

    De ole man fel dat wunna should at least tell a man bout (me grandson tell me dis heah) Private Firewall or AntiNetCut 3 tings dat a man/woman cud use tuh gi dem a lil bit mo’ security

    Looka has Caswell cum heah pun BU and tell people bout whu dem rights is and whu de law is and tings like dat and looka how all de Customs men dem gone to he Unity ting

    Tuh whichin dat only mean dat Caswell ent gine be running fuh BU nuh more

    But you is a bright fellow wunna sharp IT fellahs should be talking bout whu sorta programme we heah in Barbados should be implementing at schools fuh de 6 and 7 year ole gran chilrun (who are is readin well) to be using.

    Wunna shud got a list uh free sites like http://www.khanacademy.org and places whey de chilrun can go fuh free.

    Wunna should be talking bout Arduino programs whey wunna get the European Union to give $50K Euros so dat every young chile in Bulbados at primary schoold should have a PI Raspberry cuntputer!

    You get my drift Bynoe?

    Wunna should be driving the pace fuh Scratch programming and should be advocating free wifi bubbles all ovah barbados fuh de school childrun are is learning well, ya feeling me?

    I dun…

    Like

  12. David September 3, 2015 at 6:59 PM #

    @Piece

    How about some Animation programs targeting the children.

    Like

  13. TheObserver September 3, 2015 at 7:39 PM #

    A very interesting response from PURDYR.
    I concur.

    Like

  14. pieceuhderockyeahright September 3, 2015 at 9:06 PM #

    Leh me tell wunna fellows whu me likkle gran chilrun doing nowadays at dem school***

    De two uh dem using Storyboardthat!!

    Imagine that, dem likkle chilrun 5 and 6, is using tools dat, from whu my son telling me, dat software is jes befo’ animation!!

    De pint dat de ole man is mekking is dat we can, if you really is a serious fellow bout our cvntry, suggest a number of tools and software and programs and curriculum that will mek de chilrun are is reading well.

    We jes got to be innovative and use we big brains and mek a diffrunce

    All this lotta long talk bout how much I love my cvntry and I is a big up man at the European Union where I know whu funds available for ICT fur Edykashun and not a ting ent happening fuh we childrun is a moot exercise and smack of waste foopism.

    Forgive de ole man french but wunna feeling me?

    I get dat from one uh de american grans, I trying to be wid it in me ole age, befo me get call home ….

    Like

Join in the discussion, you never know how expressing your view may make a difference.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: