Have you been procrastinating and putting off decisions about how & where to store and manage your online personal & business data in 2021? Maybe you’ve started down this road but found all the details confusing?

Or perhaps, like some, you’ve never really thought about it!

It shouldn’t be surprising then, that: human error accounts for 95% of cybersecurity breaches, according to research from Varonis.

The latest high-level cyberattack on the Colonial Pipeline is waking the world up to the scope and impact of cyber terrorism - or, put more simply - how even high level infrastructure is vulnerable.

I’m going to provide you with 5 compelling - and little known - reasons why you need to act fast & act now with your online data to prevent future harm to you, your reputation, and your relationships (and if you have a business, harm to it and all your team).

And at the end, I’ve summarized critical steps you can take immediately.

Your Online Data is at Risk - and that means YOU are too.  

Here are a few big concerns always hitting the news headlines:

• Personal identity theft

• Online credit card fraud

• Cyberterrorism and intellectual property theft

• Hackers and Phishing attacks to gain access to bank accounts

These are all well known data privacy risks.  While they’re still occurring today, more than ever before, all these threats are “OLD SCHOOL.”  

Nowadays there are even bigger data risks that you’ve likely never even heard of

Advances in technology are happening at such a rapid pace that the average person is simply unable to keep up.

It’s natural in any field, of course.  For example, you couldn’t physically keep up with a champion athlete with whom you were once in high school gym class.  You wouldn’t be able to keep up with stocks like a stockbroker, or math like a professional mathematician.

Similarly, you wouldn’t be able to keep up with a Chief Information Officer, a Chief Privacy Officer, a Cybersecurity Specialist, or win any prizes at The Cyberlympics.

Yes, the Cyberlympics… it’s a worldwide International Hacking Competition.

And that’s the biggest problem.  Unless you’re competing at those levels, it's very hard to even understand what data privacy is, and why it matters!

I’m Offering You An Inside Look

As the owner and lead investigator of a Private Investigation firm, I’m asked by clients all the time to investigate people’s online profiles, and I’m never surprised at how easy it is to attain “private” information - if you know where to look!

What I bring to the table, which is different from many others who discuss this topic, is an insider’s perspective on how a private civilian can attain information online.  I’ve seen firsthand how exposed and vulnerable most people are to having their business and personal data stolen and exploited. 

To be very clear - licensed private investigators operate under the law as private citizens.  We don’t have the same “special powers” as the police or RCMP.  And we definitely don’t have access to the same technology as CSIS (Canadian Security Intelligence Service) - kind of like the Canadian version of the CIA if you’re unfamiliar with them).

Despite the lack of special powers, private investigation agencies offer highly valuable OSINT (open source intelligence) services to investigate persons online.

And we can find a LOT more online than you might think.

When you think no one is watching you - they really are.

I’m sure you’ve heard by now of Edward Snowden, the United States NSA CIA contractor who blew the lid of the PRISM Surveillance Program, and told the world how uncomfortably close the government was watching it’s own citizens.

If you’re a business owner, or keep up with the news, I’m sure you’ve heard over and over again the rising threat of cybersecurity.

Maybe you even installed Norton Anti-Virus on your home computer!  Or still have to renew that free version you downloaded… a few years ago…

But how much of a concern is it really?

To those that say “it’s not that much of a concern,” or “I have nothing to hide,” let’s consider some 2021 research statistics and facts from Veronis, a world leader in cybersecurity:

• Worldwide cybercrime costs will hit $6 TRILLION annually by 2021. 

• In 2020, a Twitter breach targeted 130 accounts, including those of past presidents and Elon Musk, resulted in attackers swindling $121,000 in Bitcoin through nearly 300 transactions. 

• In 2020, Marriott had security breach impact data of over 5.2 MILLION hotel guests.

• In 2016, Uber reported that hackers stole the information of over 57 million riders and drivers.  Uber tried to keep it quiet by paying off hackers to delete the stolen data.

• In 2017, 147.9 million consumers were affected by the Equifax Breach. The Equifax breach cost the company over $4 BILLION in total. That’s right, one of the primary agencies responsible for assessing the credit scores and financial health of almost everyone in the United States.

Corporations are getting more data about you than ever before. 

Often, this means your PERSONAL FINANCIAL DATA.  

Ask Adobe, who had to deal with the massive security breach in which 38 MILLION CUSTOMERS had their credit card information compromised (we’ll talk more about that later, when we deal with encryption).

Dan Kennedy, world renowned copywriter and marketing guru, has flat out said that the aim of professional markers and business is to “psychologically manipulate” people into purchasing products.  With the aid of all the publicly available data about you, and the data you willingly give to corporations, this manipulation becomes more and more effective.

“Surveillance is now the business model of the Internet”

- Bruce Schneier, Privacy and Security Expert, 2015

To illustrate this point, in an article written for NBC News, Bob Sullivan warns, “Internet privacy is a murky, complicated issue full of conflicting interests, misinformation, innuendo and technology snafus. On the face of it, e-commerce companies and privacy advocates are locked in stalemate. Web sites want to know all they can about you; consumers generally want to share as little as possible.  Complicating matters further are criminals who break into Web sites, steal the information and use it for personal gain.”

Does this sound familiar?  Now it may surprise you to hear this, but that article was written in the year 2000!  

Not much has changed, has it?  It’s gotten worse, with MORE data available than ever

Moreover, the ongoing battle between governments & law enforcement vs their “enemy nations” and the international criminal element have successfully advanced intelligence gathering technology to levels unimaginable for most people.

Some examples include massive AI-driven analytics to predict consumer behaviour based on personality metrics, psychometric credit scoring that adjusts your credit score based on your online activity, mass surveillance capabilities to monitor citizens everywhere they go, and so, so much more.

Blind to the Incredible Complexity of the Online World

When you are completely unaware of a threat - the risks it poses, the dangers it presents - you don’t do anything at all to stop it.  

It might even appear as a “wolf in sheep’s clothing.” To you, it looks harmless, like a sheep.  But deep down, it’s a wolf, ready to attack and exploit your weak naivety. 

Akin to a child innocently trusting strangers and not knowing the realities of the world, it’s so easy for us to live, seemingly unaffected, completely blind to the dangerous realities of the digital age.

Clearly, pretending you’re an ostrich and shoving your head in the sand is not a legitimate solution!

It’s Time to Take Control of Your Data

What follows are 5 critical insights you need to know.  You’ll be equipped with the knowledge to understand where the biggest risks lie, and what you can do immediately to mitigate them. If you want to skip to a particular insight, use the links below.

Enjoy the read, and I ask that you please share this article with anyone you think would be interested in better protecting themselves online.

Reason #1: The Transformative Power of the Five Eyes Pact

Reason #2: Cybercrime - “The Bad Guys” Keep Pace with “The Good Guys”

Reason #3: International Expansion of the Five Eyes

Reason #4: Encryption at Rest vs Encryption in Transit

Reason #5: Working from Home equals Massive Data Risks

Reason #1:  The Transformative Power of the Five Eyes Pact

Post the horrific World War 2, a formal deal was made between the US and UK governments to better protect their nations. The two countries agreed to share “secret intelligence” to intercept communications, break codes, and keep each other alert of possible threats.

This alliance expanded to include Canada, Australia, and New Zealand with its founding countries of the US & UK.

It is currently known as the "Five Eyes" pact.

Secret Intelligence Services in 2021

Now, what kind of “secret intelligence service” would you be in 2021 if you weren’t clandestinely accessing online communication methods?  

This includes “hacking” into private personal and business emails, text messages, Facebook Messenger chats, Instagram DMs, in addition to traditional methods such as scanning snail mail and phone wiretaps. 

Former NSA contractor Edward Snowden revealed to the world the extent to which the two allies had built a vast capability to intercept global communications with almost no public awareness and little oversight.  This is augmented by the constant “tracking and mass surveillance device” that we keep with us at all times, even while we sleep… and it keeps working, even when it’s turned off!

With the expansion of the internet and now the “internet-of-things,” our intelligence services haven’t been slow to catch up.  Instead, the opposite is true!

Intelligence agencies been leading the charge and have access to so much data it would make your head spin.

Let’s not forget the intelligence services of other, less-democratically-friendly, nations such as China and Russia.  You see constant reminders of this on the news, with headlines such as “Chinese hackers did this,” and “Russian hackers did that.”  

But the truth is, in the modern day, EVERYBODY is hacking EVERYBODY.

“But I’ve done nothing wrong and I have nothing to hide from our government,” you might be thinking.  And while might be right, the development of international super-intelligence agencies leads us to the more concerning Reason #2.

Reason #2 : Cybercrime - “The Bad Guys” Keep Pace with “The Good Guys”

As the “Good Guys” get better, who improves along with them?  That’s right, the “Bad Guys.”

Military technology inevitably trickles down to the private sector.

As the world’s technological capability increases, so does the capability of the criminal element, from the organized crime of the underworld, to the low-level crime of everyday “crooks.”

According to Varonis, a cyber attack occurs every 39 seconds with a total average cost of $3.86 MILLION USD.

Here are some additional, startling statistics:

• Only 5% of companies’ folders are properly protected.

• 36 BILLION records were exposed to data breaches in only the first half of 2020.

On the level of sophisticated crime, if you ask most modern business leaders what are the biggest threats facing companies in 2021, the majority will give the same short, concise, answer: cyber security.

Whether it’s called “hacking,” or “cyber terrorism,” it’s a REAL problem, a BIG problem, which is only getting WORSE.

With so many people now working from home… your data is now on far less secure personal networks instead of battle-hardened IT-professional built secure networks with in house data servers.  

This is a goldmine for the criminal element. With cybercrime affecting businesses at a level of sophistication never before seen, companies must do their utmost to protect against IP thef and other cybersecurity breaches.

If your organization has been the victim of intellectual property theft, click here to find out how we can help as part of our Corporate Services.

Reason #3: The Six Eyes?... Nine Eyes? Eleven Eyes? When does it Stop?

Japan might be joining the Five Eyes.  There are talks about Japan playing a more significant role in protecting the interests of the Five Eyes alliance, especially as Japan’s national interests have grown since World War 2 into greater alignment with those of the democratic Five Eyes nations.

As threats from China & Russia continue to increase, there are talks of additional nations in Asia joining the Five Eyes alliance beyond only Japan.

The Nine Eyes is an existing intelligence sharing agreement between the Five Eyes nations and Denmark, France, the Netherlands, and Norway.

Going further, the Fourteen Eyes (also known as SIGINT Seniors Europe), includes the above plus Germany, Belgium, Italy, Spain, and Sweden. 

When will it end?  

How many nations do you want being able to read your private messages?  

How many nations do you want being able to access EVERY data point your government has on you - from social insurance to taxes to driver’s license to credit history?

Do you trust the interests of these nations?  After all - you don’t get a say in electing their leaders...  

Another  example of how this might apply would be a Canadian corporation storing its data on servers based in the USA. American intelligence services and law enforcement agencies, through the virtue of the Patriot Act, are entitled to access all data stored within its physical boundaries, regardless of whether the data is personal information on Canadian citizens with no connections to the USA. 

Whether or not data is shared between intelligence agencies, if your data is stored on a server within the physical boundaries of another nation, it is subject to that nation’s data access laws.

REASON #4: Encryption at Rest vs Encryption in Transit

Time to get technical, but we’ll keep it simple. 

The understanding of data encryption is slowly entering the domain of public knowledge.

What is encryption?

Encryption basically means disguising data to make it unreadable for anyone that doesn’t have the “secret code.”

Imagine writing a letter to a friend in a secret language that only you two can understand.  If a cyber attacker attains your data, encryption jumbles it up.  The attacker will then need to crack the code (the “secret language”) to understand it. 

A very common example is paying for an item on a website using your credit card. The credit card information you provide can be captured and used by an attacker, unless the data is adequately encrypted.

Is “encrypted” good enough? 

No, not all encryption is equal.  If you’re a user of Adobe software, you may have heard about the massive security breach at Adobe in which 38 MILLION CUSTOMERS had their personal data breached!  Credit card data was stolen and passwords were reset.  It was a major hit, and raised some serious issues of corporate data protection.  Data was encrypted, but not adequately enough.

You can look for companies compliant with industry and government regulations such as HIPAA, PCI, and FedRAMP, which all provide specific safeguards on data protection and encryption requirements.

Encryption at Rest

Encrypted at rest is for protecting data that is physically stored.

Data can be stored and encrypted in any digital form, for example, data on hard drives, flash drives, cloud storage devices, file hosting services, databases, data warehouses, and mobile devices.

This data is inactive, and not moving from device to device.  

Encryption at rest is valuable if the physical storage device is stolen or accessed remotely. 

For example, let’s imagine a company employee, motivated by bribery, blackmail, or simply in an effort to profit from criminal enterprise, obtains the physical hardware - ie. a hard drive - on which your private data is stored.  Imagine this employee then sells it or provides it to others.

The purpose of encryption at rest is to prevent the attacker from easily accessing your data on the drive.  The attacker will now need to defeat the information security measures to decrypt the data contained in it. 

Many corporations, banks, etc, require their data to be stored on servers in Canada and the USA.  However, many servers are not encrypted at rest, and therefore information on these servers is vulnerable. 

Your data on these servers can easily be accessed and exploited by both domestic and foreign intelligence agencies and cybercriminals alike.

Here’s where it gets a little bit more complicated.  Keys to DECRYPT data should ALSO be encrypted! You don’t want criminals getting access to the secret so easily!

Check if the company or app specifically outlines the algorithms and cipher modes they use to encrypt data. 

Look for strong encryption methods such as AES and RSA.  

If the company even makes mention of these, chances are it does care about encryption and data security.

Encryption in Transit

Data in transit is in the process of moving from one location to another. 

It might be travelling across the internet or through a private network, or from local storage to cloud storage. 

Data is often considered less secure while in motion, therefore encrypting this data is crucial.

For example, when you upload a picture from your mobile phone to your social media account, this data is in motion.  Or, when you access a website, data from your local computer is moving through your network to another network (hence, the inter-net, or global interconnected computer network). 

HTTPS is a form of "encryption in transit" vs HTTP which is NOT encrypted. 

If you’re ever considering making a credit card transaction online, ensure the website address contains that “S” - which indicates a secure and encrypted connection.  Do NOT make a transaction over a website with only HTTP (no “S”) as this leaves your data open to exploitation. 

Network security solutions such as firewalls and powerful anti-virus software can help secure your networks against malware attacks.

Reason #5:  Working From Home equals Massive Data Risk

Working from home has its upsides, true. 

But there is one downside that has been downPLAYED: the scope of the tremendous personal privacy risks we’ve been unwillingly exposed to as a result of the COVID-19 Pandemic.

Mandating employees to work from home has subjected our personal and business data to increased risks in being accessed over these employees’ PERSONAL devices over their PERSONAL networks.

These personal devices could be full of malware, spyware, viruses, etc. These personal networks are far less secure than business / corporate networks.

At home, there aren’t any mandatory “Norton Antivirus updates” from background-checked IT professionals.  Instead we now have easily hacked, personal wireless data exposing HIGHLY confidential and sensitive personal data.  Data which was once routed through big servers, but is now going through “some guy’s router.”

Your financial security is at risk when you have bank managers working on accounts from their personal laptops at home.  Many top professionals often have less computer knowledge than their teenage kids!

In fact, this might even describe you!  If it is, please talk with your employer regarding assistance with protecting your home network from cyber security risks, and ensure you’re using only company devices and not personal where possible.

While we all need to do the best we can to get through the pandemic, we must also weigh the immediate risks vs the long term risks.  

IN SUMMARY:  What you can do right now to take control of your online data

1. Encryption in all data forms is essential.  Ask and inquire with any software or app provider, in-house or cloud-based server how data is stored and transmitted.  Ask questions such as “WHO has access to my data?  HOW is it backed up?  WHEN is it deleted?”

2. Don’t use anything that does not secure data at rest. Ask about how the data is encrypted, and seek companies compliant with industry and government regulations such as HIPAA, PCI and FedRAMP. Check if the company or app specifically outlines the algorithms and cipher modes they use to encrypt data.  Look for strong encryption methods such as AES and RSA.  

3. Don’t rely on username and password as the only form of authentication.  Look for apps that use multi-factor authentication, where you’ll need to login using a username, password, and confirm a text to a mobile device or enter a security PIN.  

4. If you operate a business, ensure you have systematic policies for categorizing & classifying all data your company creates or obtains. Sensitive data should be audited on a scheduled basis and deleted where appropriate.  Store only the minimum amount of sensitive data possible.  

5. Refuse cookies on unknown websites.  Don’t let unknown companies and entities have access to your personal information.

6. Always look for the HTTPS sign when making an online purchase. At a MINIMUM a website should secure data in transit.

7. Turn on privacy settings on your social media, and inquire about data sharing with other organizations. Minimize your use (or the depth of your use) of these social media apps, and even consider deleting some of them altogether if you’re unhappy with their data practices.  

8. Install a powerful anti-virus software with anti-spyware and anti-malware.  Pay the yearly subscription fee and keep it updated and running at all times - it’s worth it.

“Vote with your Money” on Big Data Solutions

When we recognize the potential for major changes in societal norms that come with big data, we instinctively talk with others about our beliefs, sparking useful dialogue and sharpening understanding.

Consider completely avoiding some activities altogether online.  You may be seen as a black sheep, but remember that “money talks - and you vote with your money.”  Companies ultimately have to profit to survive, and if enough people are pushing for it, companies do change their practices to match consumer desires (ie. the organic food movement).

If you start using alternative services with better data management practices, those services will grow, and the original companies will either adapt or shrink their base.

Have you been the victim of Online Data or IP Theft?

If you think your business has been the victim of trademark or intellectual property theft, or you’d like to inquire about your susceptibility to online data theft, feel free to contact us. 

We’re happy to help you navigate your way through the digital age.